diff --git a/client/go.mod b/client/go.mod index c16fdcf2..2a80339d 100644 --- a/client/go.mod +++ b/client/go.mod @@ -24,13 +24,14 @@ require ( github.com/hexops/gotextdiff v1.0.3 github.com/klauspost/compress v1.17.9 github.com/mattn/go-isatty v0.0.20 - github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 + github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587 github.com/sergi/go-diff v1.3.1 github.com/siderolabs/gen v0.5.0 github.com/siderolabs/go-api-signature v0.3.6 github.com/siderolabs/go-kubeconfig v0.1.0 github.com/siderolabs/go-pointer v1.0.0 github.com/siderolabs/image-factory v0.5.0 + github.com/siderolabs/proto-codec v0.1.1 github.com/siderolabs/talos/pkg/machinery v1.8.0 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 @@ -38,7 +39,7 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/sync v0.8.0 golang.org/x/term v0.23.0 - google.golang.org/grpc v1.66.0 + google.golang.org/grpc v1.67.0 google.golang.org/protobuf v1.34.2 gopkg.in/yaml.v3 v3.0.1 k8s.io/client-go v0.31.0 @@ -95,7 +96,7 @@ require ( golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect - golang.org/x/sys v0.24.0 // indirect + golang.org/x/sys v0.25.0 // indirect golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.6.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect diff --git a/client/go.sum b/client/go.sum index a67e5475..ad374e83 100644 --- a/client/go.sum +++ b/client/go.sum @@ -145,8 +145,8 @@ github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmd github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= +github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587 h1:xzZOeCMQLA/W198ZkdVdt4EKFKJtS26B773zNU377ZY= +github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -180,6 +180,8 @@ github.com/siderolabs/image-factory v0.5.0 h1:v1FXZLCcV6xu+6QpgvhDEICxVF7o2VxMjf github.com/siderolabs/image-factory v0.5.0/go.mod h1:npJwHOBsI+h+gKdezCyrs7ZHDmkgRnrAK2Cjk1nzv8A= github.com/siderolabs/net v0.4.0 h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I= github.com/siderolabs/net v0.4.0/go.mod h1:/ibG+Hm9HU27agp5r9Q3eZicEfjquzNzQNux5uEk0kM= +github.com/siderolabs/proto-codec v0.1.1 h1:4jiUwW/vaXTZ+YNgZDs37B4aj/1mzV/erIkzUUCRY9g= +github.com/siderolabs/proto-codec v0.1.1/go.mod h1:rIvmhKJG8+JwSCGPX+cQljpOMDmuHhLKPkt6KaFwEaU= github.com/siderolabs/protoenc v0.2.1 h1:BqxEmeWQeMpNP3R6WrPqDatX8sM/r4t97OP8mFmg6GA= github.com/siderolabs/protoenc v0.2.1/go.mod h1:StTHxjet1g11GpNAWiATgc8K0HMKiFSEVVFOa/H0otc= github.com/siderolabs/talos/pkg/machinery v1.8.0 h1:azhBj+Nm9oTgaFgcNaHU8TPS9Oi5OdV1ELNgFAVder8= @@ -267,8 +269,8 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -302,8 +304,8 @@ google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1: google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= +google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/client/pkg/client/client.go b/client/pkg/client/client.go index 39018c13..447b1d21 100644 --- a/client/pkg/client/client.go +++ b/client/pkg/client/client.go @@ -13,6 +13,7 @@ import ( "slices" "github.com/siderolabs/go-api-signature/pkg/client/auth" + _ "github.com/siderolabs/proto-codec/codec" // for encoding.CodecV2 "google.golang.org/grpc" "google.golang.org/grpc/credentials" "google.golang.org/grpc/credentials/insecure" diff --git a/client/pkg/client/encoding.go b/client/pkg/client/encoding.go deleted file mode 100644 index 03729ac7..00000000 --- a/client/pkg/client/encoding.go +++ /dev/null @@ -1,54 +0,0 @@ -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this -// file, You can obtain one at http://mozilla.org/MPL/2.0/. - -package client - -import ( - "fmt" - - "google.golang.org/grpc/encoding" - _ "google.golang.org/grpc/encoding/proto" // Register the proto codec before we replace it with ours. - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/protoadapt" -) - -// Name is the name registered for the proto compressor. -const Name = "proto" - -type vtprotoCodec struct{} - -func (vtprotoCodec) Marshal(v any) ([]byte, error) { - switch v := v.(type) { - case vtprotoMessage: - return v.MarshalVT() - case proto.Message: - return proto.Marshal(v) - case protoadapt.MessageV1: - return proto.Marshal(protoadapt.MessageV2Of(v)) - default: - return nil, fmt.Errorf("failed to marshal, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1 ", v) - } -} - -func (vtprotoCodec) Unmarshal(data []byte, v any) error { - switch v := v.(type) { - case vtprotoMessage: - return v.UnmarshalVT(data) - case proto.Message: - return proto.Unmarshal(data, v) - case protoadapt.MessageV1: - return proto.Unmarshal(data, protoadapt.MessageV2Of(v)) - default: - return fmt.Errorf("failed to unmarshal, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1", v) - } -} - -func (vtprotoCodec) Name() string { return Name } - -type vtprotoMessage interface { - MarshalVT() ([]byte, error) - UnmarshalVT([]byte) error -} - -func init() { encoding.RegisterCodec(vtprotoCodec{}) } diff --git a/cmd/acompat/acompat.go b/cmd/acompat/acompat.go new file mode 100644 index 00000000..dc536b1a --- /dev/null +++ b/cmd/acompat/acompat.go @@ -0,0 +1,16 @@ +// Copyright (c) 2024 Sidero Labs, Inc. +// +// Use of this software is governed by the Business Source License +// included in the LICENSE file. + +// Package acompat ensures that we have GRPC_ENFORCE_ALPN_ENABLED set to false. +// **Important**: This package should be lexically first in the main package. +package acompat + +import "os" + +func init() { + if err := os.Setenv("GRPC_ENFORCE_ALPN_ENABLED", "false"); err != nil { + panic(err) + } +} diff --git a/cmd/integration-test/main.go b/cmd/integration-test/main.go index d5d7d00e..564b51e6 100644 --- a/cmd/integration-test/main.go +++ b/cmd/integration-test/main.go @@ -6,10 +6,15 @@ // Package main provides the entrypoint for the omni-integration-test binary. package main -import "os" +import ( + "os" + + _ "github.com/siderolabs/omni/cmd/acompat" // this package should always be imported first for init->set env to work + "github.com/siderolabs/omni/cmd/integration-test/pkg" +) func main() { - if err := rootCmd.Execute(); err != nil { + if err := pkg.RootCmd().Execute(); err != nil { os.Exit(1) } } diff --git a/cmd/integration-test/root.go b/cmd/integration-test/pkg/root.go similarity index 96% rename from cmd/integration-test/root.go rename to cmd/integration-test/pkg/root.go index fbdb6f16..1b6f1324 100644 --- a/cmd/integration-test/root.go +++ b/cmd/integration-test/pkg/root.go @@ -3,7 +3,8 @@ // Use of this software is governed by the Business Source License // included in the LICENSE file. -package main +// Package pkg provides the root command for the omni-integration-test binary. +package pkg import ( "context" @@ -14,6 +15,7 @@ import ( "os/exec" "os/signal" "strconv" + "sync" "time" "github.com/mattn/go-shellwords" @@ -140,7 +142,10 @@ var rootCmdFlags struct { machineOptions tests.MachineOptions } -func init() { +// RootCmd returns the root command. +func RootCmd() *cobra.Command { return onceInit() } + +var onceInit = sync.OnceValue(func() *cobra.Command { rootCmd.PersistentFlags().StringVar(&rootCmdFlags.endpoint, "endpoint", "grpc://127.0.0.1:8080", "The endpoint of the Omni API.") rootCmd.Flags().StringVar(&rootCmdFlags.runTestPattern, "test.run", "", "tests to run (regular expression)") rootCmd.Flags().IntVar(&rootCmdFlags.expectedMachines, "expected-machines", 4, "minimum number of machines expected") @@ -167,7 +172,9 @@ func init() { rootCmd.Flags().IntVar(&rootCmdFlags.provisionMachinesCount, "provision-machines", 0, "provisions machines through the infrastructure provider") rootCmd.Flags().StringVar(&rootCmdFlags.infraProvider, "infra-provider", "talemu", "use infra provider with the specified ID when provisioning the machines") rootCmd.Flags().StringVar(&rootCmdFlags.providerData, "provider-data", "{}", "the infra provider machine template data to use") -} + + return rootCmd +}) // withContext wraps with CLI context. func withContext(f func(ctx context.Context) error) error { diff --git a/cmd/omni/cmd/cmd.go b/cmd/omni/cmd/cmd.go new file mode 100644 index 00000000..567179c4 --- /dev/null +++ b/cmd/omni/cmd/cmd.go @@ -0,0 +1,569 @@ +// Copyright (c) 2024 Sidero Labs, Inc. +// +// Use of this software is governed by the Business Source License +// included in the LICENSE file. + +// Package cmd represents the base command. +package cmd + +import ( + "context" + "errors" + "fmt" + "os" + "os/signal" + "strings" + "sync" + "syscall" + + "github.com/cosi-project/runtime/pkg/state" + "github.com/go-logr/zapr" + "github.com/prometheus/client_golang/prometheus" + "github.com/siderolabs/gen/ensure" + "github.com/siderolabs/go-debug" + "github.com/siderolabs/talos/pkg/machinery/config/generate" + "github.com/spf13/cobra" + "go.uber.org/zap" + "go.uber.org/zap/zapcore" + "k8s.io/klog/v2" + + "github.com/siderolabs/omni/client/pkg/compression" + "github.com/siderolabs/omni/client/pkg/constants" + authres "github.com/siderolabs/omni/client/pkg/omni/resources/auth" + omnires "github.com/siderolabs/omni/client/pkg/omni/resources/omni" + "github.com/siderolabs/omni/client/pkg/panichandler" + "github.com/siderolabs/omni/internal/backend" + "github.com/siderolabs/omni/internal/backend/discovery" + "github.com/siderolabs/omni/internal/backend/dns" + "github.com/siderolabs/omni/internal/backend/imagefactory" + "github.com/siderolabs/omni/internal/backend/logging" + "github.com/siderolabs/omni/internal/backend/resourcelogger" + "github.com/siderolabs/omni/internal/backend/runtime/omni" + "github.com/siderolabs/omni/internal/backend/runtime/omni/virtual" + "github.com/siderolabs/omni/internal/backend/runtime/talos" + "github.com/siderolabs/omni/internal/backend/workloadproxy" + "github.com/siderolabs/omni/internal/pkg/auth" + "github.com/siderolabs/omni/internal/pkg/auth/actor" + "github.com/siderolabs/omni/internal/pkg/auth/user" + "github.com/siderolabs/omni/internal/pkg/config" + "github.com/siderolabs/omni/internal/pkg/ctxstore" + "github.com/siderolabs/omni/internal/pkg/features" + "github.com/siderolabs/omni/internal/pkg/siderolink" + "github.com/siderolabs/omni/internal/version" +) + +func runDebugServer(ctx context.Context, logger *zap.Logger) { + const debugAddr = ":9980" + + debugLogFunc := func(msg string) { + logger.Info(msg) + } + + if err := debug.ListenAndServe(ctx, debugAddr, debugLogFunc); err != nil { + logger.Panic("failed to start debug server", zap.Error(err)) + } +} + +// rootCmd represents the base command when called without any subcommands. +var rootCmd = &cobra.Command{ + Use: "omni", + Short: "Talos and Sidero frontend", + Long: ``, + SilenceUsage: true, + Version: version.Tag, + RunE: func(*cobra.Command, []string) error { + if config.Config.Auth.SAML.URL != "" && config.Config.Auth.SAML.Metadata != "" { + return errors.New("flags --auth-saml-url and --auth-saml-metadata are mutually exclusive") + } + + var loggerConfig zap.Config + + if constants.IsDebugBuild { + loggerConfig = zap.NewDevelopmentConfig() + loggerConfig.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder + } else { + loggerConfig = zap.NewProductionConfig() + } + + if !rootCmdArgs.debug { + loggerConfig.Level.SetLevel(zap.InfoLevel) + } else { + loggerConfig.Level.SetLevel(zap.DebugLevel) + } + + logger, err := loggerConfig.Build( + zap.AddStacktrace(zapcore.FatalLevel), // only print stack traces for fatal errors + ) + if err != nil { + return fmt.Errorf("failed to set up logging: %w", err) + } + + if err = compression.InitConfig(config.Config.ConfigDataCompression.Enabled); err != nil { + return err + } + + logger.Info("initialized resource compression config", zap.Bool("enabled", config.Config.ConfigDataCompression.Enabled)) + + // set kubernetes logger to use warn log level and use zap + klog.SetLogger(zapr.NewLogger(logger.WithOptions(zap.IncreaseLevel(zapcore.WarnLevel)).With(logging.Component("kubernetes")))) + + if constants.IsDebugBuild { + logger.Warn("running debug build") + } + + for _, registryMirror := range rootCmdArgs.registryMirrors { + hostname, endpoint, ok := strings.Cut(registryMirror, "=") + if !ok { + return fmt.Errorf("invalid registry mirror spec: %q", registryMirror) + } + + config.Config.DefaultConfigGenOptions = append(config.Config.DefaultConfigGenOptions, generate.WithRegistryMirror(hostname, endpoint)) + } + + logger.Info("starting Omni", zap.String("version", version.Tag)) + + logger.Debug("using config", zap.Any("config", config.Config)) + + signals := make(chan os.Signal, 1) + + signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM) + + ctx, cancel := context.WithCancel(context.Background()) + defer cancel() + + // do not use signal.NotifyContext as it doesn't support any ways to log the received signal + panichandler.Go(func() { + s := <-signals + + logger.Warn("signal received, stopping Omni", zap.String("signal", s.String())) + + cancel() + }, logger) + + panichandler.Go(func() { + runDebugServer(ctx, logger) + }, logger) + + // this global context propagates into all controllers and any other background activities + ctx = actor.MarkContextAsInternalActor(ctx) + + err = omni.NewState(ctx, config.Config, logger, prometheus.DefaultRegisterer, runWithState(logger)) + if err != nil { + return fmt.Errorf("failed to run Omni: %w", err) + } + + return nil + }, +} + +//nolint:gocognit +func runWithState(logger *zap.Logger) func(context.Context, state.State, *virtual.State) error { + return func(ctx context.Context, resourceState state.State, virtualState *virtual.State) error { + auditWrap, auditErr := omni.NewAuditWrap(resourceState, config.Config, logger) + if auditErr != nil { + return auditErr + } + + resourceState = auditWrap.WrapState(resourceState) + + talosClientFactory := talos.NewClientFactory(resourceState, logger) + prometheus.MustRegister(talosClientFactory) + + dnsService := dns.NewService(resourceState, logger) + workloadProxyReconciler := workloadproxy.NewReconciler(logger.With(logging.Component("workload_proxy_reconciler")), zapcore.DebugLevel) + + var resourceLogger *resourcelogger.Logger + + if len(config.Config.LogResourceUpdatesTypes) > 0 { + var err error + + resourceLogger, err = resourcelogger.New(ctx, resourceState, logger.With(logging.Component("resourcelogger")), + config.Config.LogResourceUpdatesLogLevel, config.Config.LogResourceUpdatesTypes...) + if err != nil { + return fmt.Errorf("failed to set up resource logger: %w", err) + } + } + + imageFactoryClient, err := imagefactory.NewClient(resourceState, config.Config.ImageFactoryBaseURL) + if err != nil { + return fmt.Errorf("failed to set up image factory client: %w", err) + } + + linkCounterDeltaCh := make(chan siderolink.LinkCounterDeltas) + siderolinkEventsCh := make(chan *omnires.MachineStatusSnapshot) + + defaultDiscoveryClient, err := discovery.NewClient(discovery.Options{ + UseEmbeddedDiscoveryService: false, + }) + if err != nil { + return fmt.Errorf("failed to create default discovery client: %w", err) + } + + var embeddedDiscoveryClient *discovery.Client + + if config.Config.EmbeddedDiscoveryService.Enabled { + if embeddedDiscoveryClient, err = discovery.NewClient(discovery.Options{ + UseEmbeddedDiscoveryService: true, + EmbeddedDiscoveryServicePort: config.Config.EmbeddedDiscoveryService.Port, + }); err != nil { + return fmt.Errorf("failed to create embedded discovery client: %w", err) + } + } + + defer func() { + if closeErr := defaultDiscoveryClient.Close(); closeErr != nil { + logger.Error("failed to close discovery client", zap.Error(closeErr)) + } + }() + + omniRuntime, err := omni.New(talosClientFactory, dnsService, workloadProxyReconciler, resourceLogger, + imageFactoryClient, linkCounterDeltaCh, siderolinkEventsCh, resourceState, virtualState, + prometheus.DefaultRegisterer, defaultDiscoveryClient, embeddedDiscoveryClient, logger.With(logging.Component("omni_runtime"))) + if err != nil { + return fmt.Errorf("failed to set up the controller runtime: %w", err) + } + + machineMap := siderolink.NewMachineMap(siderolink.NewStateStorage(omniRuntime.State())) + + logHandler, err := siderolink.NewLogHandler( + machineMap, + resourceState, + &config.Config.MachineLogConfig, + logger.With(logging.Component("siderolink_log_handler")), + ) + if err != nil { + return fmt.Errorf("failed to set up log handler: %w", err) + } + + talosRuntime := talos.New(talosClientFactory, logger) + + err = user.EnsureInitialResources(ctx, omniRuntime.State(), logger, config.Config.InitialUsers) + if err != nil { + return fmt.Errorf("failed to write initial user resources to state: %w", err) + } + + authConfig, err := auth.EnsureAuthConfigResource(ctx, omniRuntime.State(), logger, config.Config.Auth) + if err != nil { + return fmt.Errorf("failed to write Auth0 parameters to state: %w", err) + } + + if err = features.UpdateResources(ctx, omniRuntime.State(), logger); err != nil { + return fmt.Errorf("failed to update features config resources: %w", err) + } + + ctx = ctxstore.WithValue(ctx, auth.EnabledAuthContextKey{Enabled: authres.Enabled(authConfig)}) + + handler, err := backend.NewFrontendHandler(rootCmdArgs.frontendDst, logger) + if err != nil { + return fmt.Errorf("failed to set up frontend handler: %w", err) + } + + server, err := backend.NewServer( + rootCmdArgs.bindAddress, + rootCmdArgs.metricsBindAddress, + rootCmdArgs.k8sProxyBindAddress, + rootCmdArgs.pprofBindAddress, + dnsService, + workloadProxyReconciler, + imageFactoryClient, + linkCounterDeltaCh, + siderolinkEventsCh, + omniRuntime, + talosRuntime, + logHandler, + authConfig, + rootCmdArgs.keyFile, + rootCmdArgs.certFile, + backend.NewProxyServer(rootCmdArgs.frontendBind, handler, rootCmdArgs.keyFile, rootCmdArgs.certFile), + auditWrap, + logger, + ) + if err != nil { + return fmt.Errorf("failed to create server: %w", err) + } + + if err := server.Run(ctx); err != nil { + return fmt.Errorf("failed to run server: %w", err) + } + + return nil + } +} + +var rootCmdArgs struct { + bindAddress string + frontendBind string + frontendDst string + k8sProxyBindAddress string + metricsBindAddress string + pprofBindAddress string + keyFile string + certFile string + registryMirrors []string + + debug bool +} + +// RootCmd returns the root command. +func RootCmd() *cobra.Command { return initOnce() } + +var initOnce = sync.OnceValue(func() *cobra.Command { + rootCmd.Flags().BoolVar(&rootCmdArgs.debug, "debug", false, "enable debug logs.") + rootCmd.Flags().StringVar(&rootCmdArgs.bindAddress, "bind-addr", "0.0.0.0:8080", "start HTTP server on the defined address.") + rootCmd.Flags().StringVar(&rootCmdArgs.frontendDst, "frontend-dst", "", "destination address non API requests from proxy server.") + rootCmd.Flags().StringVar(&rootCmdArgs.frontendBind, "frontend-bind", "", "proxy server which will redirect all non API requests to the definied frontend server.") + rootCmd.Flags().StringVar(&rootCmdArgs.metricsBindAddress, "metrics-bind-addr", "0.0.0.0:2122", "start Prometheus HTTP server on the defined address.") + rootCmd.Flags().StringVar(&rootCmdArgs.pprofBindAddress, "pprof-bind-addr", "", "start pprof HTTP server on the defined address (\"\" if disabled).") + rootCmd.Flags().StringVar(&rootCmdArgs.k8sProxyBindAddress, "k8s-proxy-bind-addr", "0.0.0.0:8095", "start Kubernetes workload proxy on the defined address.") + rootCmd.Flags().StringSliceVar(&rootCmdArgs.registryMirrors, "registry-mirror", []string{}, "list of registry mirrors to use in format: =") + + rootCmd.Flags().StringVar(&config.Config.AccountID, "account-id", config.Config.AccountID, "instance account ID, should never be changed.") + rootCmd.Flags().StringVar(&config.Config.Name, "name", config.Config.Name, "instance user-facing name.") + rootCmd.Flags().StringVar(&config.Config.APIURL, "advertised-api-url", config.Config.APIURL, "advertised API frontend URL.") + rootCmd.Flags().StringVar(&config.Config.KubernetesProxyURL, "advertised-kubernetes-proxy-url", config.Config.KubernetesProxyURL, "advertised Kubernetes proxy URL.") + rootCmd.Flags().BoolVar(&config.Config.SiderolinkDisableLastEndpoint, "siderolink-disable-last-endpoint", false, "do not populate last known peer endpoint for the WireGuard peers") + rootCmd.Flags().StringVar( + &config.Config.SiderolinkWireguardAdvertisedAddress, + "siderolink-wireguard-advertised-addr", + config.Config.SiderolinkWireguardAdvertisedAddress, + "advertised wireguard address which is passed down to the nodes.") + rootCmd.Flags().StringVar(&config.Config.SiderolinkWireguardBindAddress, "siderolink-wireguard-bind-addr", config.Config.SiderolinkWireguardBindAddress, "SideroLink WireGuard bind address.") + rootCmd.Flags().BoolVar(&config.Config.SiderolinkUseGRPCTunnel, "siderolink-use-grpc-tunnel", false, "use gRPC tunnel to wrap WireGuard traffic instead of UDP") + + rootCmd.Flags().StringVar(&config.Config.MachineAPIBindAddress, "siderolink-api-bind-addr", config.Config.MachineAPIBindAddress, "SideroLink provision bind address.") + rootCmd.Flags().StringVar(&config.Config.MachineAPICertFile, "siderolink-api-cert", config.Config.MachineAPICertFile, "SideroLink TLS cert file path.") + rootCmd.Flags().StringVar(&config.Config.MachineAPIKeyFile, "siderolink-api-key", config.Config.MachineAPIKeyFile, "SideroLink TLS key file path.") + + rootCmd.Flags().MarkDeprecated("siderolink-api-bind-addr", "--deprecated, use --machine-api-bind-addr") //nolint:errcheck + rootCmd.Flags().MarkDeprecated("siderolink-api-cert", "deprecated, use --machine-api-cert") //nolint:errcheck + rootCmd.Flags().MarkDeprecated("siderolink-api-key", "deprecated, use --machine-api-key") //nolint:errcheck + + rootCmd.Flags().StringVar(&config.Config.MachineAPIBindAddress, "machine-api-bind-addr", config.Config.MachineAPIBindAddress, "machine API bind address.") + rootCmd.Flags().StringVar(&config.Config.MachineAPICertFile, "machine-api-cert", config.Config.MachineAPICertFile, "machine API TLS cert file path.") + rootCmd.Flags().StringVar(&config.Config.MachineAPIKeyFile, "machine-api-key", config.Config.MachineAPIKeyFile, "machine API TLS key file path.") + + rootCmd.Flags().IntVar(&config.Config.EventSinkPort, "event-sink-port", config.Config.EventSinkPort, "event sink bind port.") + rootCmd.Flags().StringVar(&config.Config.SideroLinkAPIURL, "siderolink-api-advertised-url", config.Config.SideroLinkAPIURL, "SideroLink advertised API URL.") + rootCmd.Flags().IntVar(&config.Config.LoadBalancer.MinPort, "lb-min-port", config.Config.LoadBalancer.MinPort, "cluster load balancer port range min value.") + rootCmd.Flags().IntVar(&config.Config.LoadBalancer.MaxPort, "lb-max-port", config.Config.LoadBalancer.MaxPort, "cluster load balancer port range max value.") + rootCmd.Flags().IntVar(&config.Config.LogServerPort, "log-server-port", config.Config.LogServerPort, "port for TCP log server") + + rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferInitialCapacity, "machine-log-buffer-capacity", + config.Config.MachineLogConfig.BufferInitialCapacity, "initial buffer capacity for machine logs in bytes") + rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferMaxCapacity, "machine-log-buffer-max-capacity", + config.Config.MachineLogConfig.BufferMaxCapacity, "max buffer capacity for machine logs in bytes") + rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferSafetyGap, "machine-log-buffer-safe-gap", + config.Config.MachineLogConfig.BufferSafetyGap, "safety gap for machine log buffer in bytes") + rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.NumCompressedChunks, "machine-log-num-compressed-chunks", + config.Config.MachineLogConfig.NumCompressedChunks, "number of compressed log chunks to keep") + rootCmd.Flags().BoolVar(&config.Config.MachineLogConfig.StorageEnabled, "machine-log-storage-enabled", + config.Config.MachineLogConfig.StorageEnabled, "enable machine log storage") + rootCmd.Flags().StringVar(&config.Config.MachineLogConfig.StoragePath, "machine-log-storage-path", + config.Config.MachineLogConfig.StoragePath, "path of the directory for storing machine logs") + rootCmd.Flags().DurationVar(&config.Config.MachineLogConfig.StorageFlushPeriod, "machine-log-storage-flush-period", + config.Config.MachineLogConfig.StorageFlushPeriod, "period for flushing machine logs to disk") + rootCmd.Flags().Float64Var(&config.Config.MachineLogConfig.StorageFlushJitter, "machine-log-storage-flush-jitter", + config.Config.MachineLogConfig.StorageFlushJitter, "jitter for the machine log storage flush period") + + // keep the old flags for backwards-compatibility + { + rootCmd.Flags().BoolVar(&config.Config.MachineLogConfig.StorageEnabled, "log-storage-enabled", config.Config.MachineLogConfig.StorageEnabled, "enable machine log storage") + rootCmd.Flags().StringVar(&config.Config.MachineLogConfig.StoragePath, "log-storage-path", config.Config.MachineLogConfig.StoragePath, + "path of the directory for storing machine logs") + rootCmd.Flags().DurationVar(&config.Config.MachineLogConfig.StorageFlushPeriod, "log-storage-flush-period", config.Config.MachineLogConfig.StorageFlushPeriod, + "period for flushing machine logs to disk") + + rootCmd.Flags().MarkDeprecated("log-storage-enabled", "use --machine-log-storage-enabled") //nolint:errcheck + rootCmd.Flags().MarkDeprecated("log-storage-path", "use --machine-log-storage-path") //nolint:errcheck + rootCmd.Flags().MarkDeprecated("log-storage-flush-period", "use --machine-log-storage-flush-period") //nolint:errcheck + } + + rootCmd.Flags().BoolVar(&config.Config.Auth.Auth0.Enabled, "auth-auth0-enabled", config.Config.Auth.Auth0.Enabled, + "enable Auth0 authentication. Once set to true, it cannot be set back to false.") + rootCmd.Flags().StringVar(&config.Config.Auth.Auth0.ClientID, "auth-auth0-client-id", config.Config.Auth.Auth0.ClientID, "Auth0 application client ID.") + rootCmd.Flags().StringVar(&config.Config.Auth.Auth0.Domain, "auth-auth0-domain", config.Config.Auth.Auth0.Domain, "Auth0 application domain.") + rootCmd.Flags().BoolVar(&config.Config.Auth.Auth0.UseFormData, "auth-auth0-use-form-data", config.Config.Auth.Auth0.UseFormData, + "When true, data to the token endpoint is transmitted as x-www-form-urlencoded data instead of JSON. The default is false") + + rootCmd.Flags().BoolVar(&config.Config.Auth.WebAuthn.Enabled, "auth-webauthn-enabled", config.Config.Auth.WebAuthn.Enabled, + "enable WebAuthn authentication. Once set to true, it cannot be set back to false.") + rootCmd.Flags().BoolVar(&config.Config.Auth.WebAuthn.Required, "auth-webauthn-required", config.Config.Auth.WebAuthn.Required, + "require WebAuthn authentication. Once set to true, it cannot be set back to false.") + + rootCmd.Flags().BoolVar(&config.Config.Auth.SAML.Enabled, "auth-saml-enabled", config.Config.Auth.SAML.Enabled, + "enabled SAML authentication.", + ) + rootCmd.Flags().StringVar(&config.Config.Auth.SAML.URL, "auth-saml-url", config.Config.Auth.SAML.URL, "SAML identity provider metadata URL (mutually exclusive with --auth-saml-metadata") + rootCmd.Flags().StringVar(&config.Config.Auth.SAML.Metadata, "auth-saml-metadata", config.Config.Auth.SAML.Metadata, + "SAML identity provider metadata file path (mutually exclusive with --auth-saml-url).", + ) + rootCmd.Flags().Var(&config.Config.Auth.SAML.LabelRules, "auth-saml-label-rules", "defines mapping of SAML assertion attributes into Omni identity labels") + + rootCmd.Flags().StringSliceVar(&config.Config.InitialUsers, "initial-users", config.Config.InitialUsers, "initial set of user emails. these users will be created on startup.") + + rootCmd.Flags().StringVar(&config.Config.Storage.Kind, "storage-kind", config.Config.Storage.Kind, "storage type: etcd|boltdb.") + rootCmd.Flags().BoolVar(&config.Config.Storage.Etcd.Embedded, "etcd-embedded", config.Config.Storage.Etcd.Embedded, "use embedded etcd server.") + rootCmd.Flags().BoolVar(&config.Config.Storage.Etcd.EmbeddedUnsafeFsync, "etcd-embedded-unsafe-fsync", config.Config.Storage.Etcd.EmbeddedUnsafeFsync, + "disable fsync in the embedded etcd server (dangerous).") + rootCmd.Flags().StringSliceVar(&config.Config.Storage.Etcd.Endpoints, "etcd-endpoints", config.Config.Storage.Etcd.Endpoints, "external etcd endpoints.") + rootCmd.Flags().DurationVar(&config.Config.Storage.Etcd.DialKeepAliveTime, + "etcd-dial-keepalive-time", config.Config.Storage.Etcd.DialKeepAliveTime, "external etcd client keep-alive time (interval).") + rootCmd.Flags().DurationVar(&config.Config.Storage.Etcd.DialKeepAliveTimeout, + "etcd-dial-keepalive-timeout", config.Config.Storage.Etcd.DialKeepAliveTimeout, "external etcd client keep-alive timeout.") + rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.CAPath, "etcd-ca-path", config.Config.Storage.Etcd.CAPath, "external etcd CA path.") + rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.CertPath, "etcd-client-cert-path", config.Config.Storage.Etcd.CertPath, "external etcd client cert path.") + rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.KeyPath, "etcd-client-key-path", config.Config.Storage.Etcd.KeyPath, "external etcd client key path.") + + rootCmd.Flags().StringVar(&config.Config.SecondaryStorage.Path, "secondary-storage-path", config.Config.SecondaryStorage.Path, + "path of the file for boltdb-backed secondary storage for frequently updated data.") + + rootCmd.Flags().StringVar(&config.Config.TalosRegistry, "talos-installer-registry", config.Config.TalosRegistry, "Talos installer image registry.") + rootCmd.Flags().StringVar(&config.Config.KubernetesRegistry, "kubernetes-registry", config.Config.KubernetesRegistry, "Kubernetes container registry.") + rootCmd.Flags().StringVar(&config.Config.ImageFactoryBaseURL, "image-factory-address", config.Config.ImageFactoryBaseURL, "Image factory base URL to use.") + rootCmd.Flags().StringVar(&config.Config.ImageFactoryPXEBaseURL, "image-factory-pxe-address", config.Config.ImageFactoryPXEBaseURL, "Image factory pxe base URL to use.") + + rootCmd.Flags().StringVar( + &config.Config.Storage.Etcd.PrivateKeySource, + "private-key-source", + config.Config.Storage.Etcd.PrivateKeySource, + "file containing private key to use for decrypting master key slot.", + ) + rootCmd.Flags().StringSliceVar( + &config.Config.Storage.Etcd.PublicKeyFiles, + "public-key-files", + config.Config.Storage.Etcd.PublicKeyFiles, + "list of paths to files containing public keys to use for encrypting keys slots.", + ) + + rootCmd.Flags().DurationVar( + &config.Config.KeyPruner.Interval, + "public-key-pruning-interval", + config.Config.KeyPruner.Interval, + "interval between public key pruning runs.", + ) + + rootCmd.Flags().BoolVar(&config.Config.Auth.Suspended, "suspended", config.Config.Auth.Suspended, "start omni in suspended (read-only) mode.") + + rootCmd.Flags().BoolVar(&config.Config.EnableTalosPreReleaseVersions, "enable-talos-pre-release-versions", config.Config.EnableTalosPreReleaseVersions, + "make Omni version discovery controler include Talos pre-release versions.") + + rootCmd.Flags().BoolVar(&config.Config.WorkloadProxying.Enabled, "workload-proxying-enabled", config.Config.WorkloadProxying.Enabled, "enable workload proxying feature.") + rootCmd.Flags().StringVar(&config.Config.WorkloadProxying.Subdomain, "workload-proxying-subdomain", config.Config.WorkloadProxying.Subdomain, "workload proxying subdomain.") + + rootCmd.Flags().BoolVar(&config.Config.ConfigDataCompression.Enabled, "config-data-compression-enabled", config.Config.ConfigDataCompression.Enabled, "enable config data compression.") + + rootCmd.Flags().IntVar(&config.Config.LocalResourceServerPort, "local-resource-server-port", config.Config.LocalResourceServerPort, "port for local read-only public resource server.") + + ensure.NoError(rootCmd.MarkFlagRequired("private-key-source")) + ensure.NoError(rootCmd.Flags().MarkHidden("etcd-embedded-unsafe-fsync")) + + rootCmd.Flags().StringVar(&rootCmdArgs.keyFile, "key", "", "TLS key file") + rootCmd.Flags().StringVar(&rootCmdArgs.certFile, "cert", "", "TLS cert file") + + rootCmd.Flags().BoolVar( + &config.Config.EtcdBackup.S3Enabled, + "etcd-backup-s3", + config.Config.EtcdBackup.S3Enabled, + "S3 will be used for cluster etcd backups", + ) + + rootCmd.Flags().StringVar( + &config.Config.EtcdBackup.LocalPath, + "etcd-backup-local-path", + config.Config.EtcdBackup.LocalPath, + "path to local directory for cluster etcd backups", + ) + + rootCmd.MarkFlagsMutuallyExclusive("etcd-backup-s3", "etcd-backup-local-path") + + rootCmd.Flags().DurationVar( + &config.Config.EtcdBackup.TickInterval, + "etcd-backup-tick-interval", + config.Config.EtcdBackup.TickInterval, + "interval between etcd backups ticks (controller events to check if any cluster needs to be backed up)", + ) + + rootCmd.Flags().DurationVar( + &config.Config.EtcdBackup.MinInterval, + "etcd-backup-min-interval", + config.Config.EtcdBackup.MinInterval, + "minimal interval between etcd backups", + ) + + rootCmd.Flags().DurationVar( + &config.Config.EtcdBackup.MaxInterval, + "etcd-backup-max-interval", + config.Config.EtcdBackup.MaxInterval, + "maximal interval between etcd backups", + ) + + rootCmd.Flags().StringSliceVar(&config.Config.LogResourceUpdatesTypes, + "log-resource-updates-types", + config.Config.LogResourceUpdatesTypes, + "list of resource types whose updates should be logged", + ) + rootCmd.Flags().StringVar(&config.Config.LogResourceUpdatesLogLevel, + "log-resource-updates-log-level", + config.Config.LogResourceUpdatesLogLevel, + "log level for resource updates", + ) + + rootCmd.Flags().BoolVar(&config.Config.DisableControllerRuntimeCache, + "disable-controller-runtime-cache", + config.Config.DisableControllerRuntimeCache, + "disable watch-based cache for controller-runtime (affects performance)", + ) + + rootCmd.Flags().BoolVar( + &config.Config.EmbeddedDiscoveryService.Enabled, + "embedded-discovery-service-enabled", + config.Config.EmbeddedDiscoveryService.Enabled, + "enable embedded discovery service, binds only to the SideroLink WireGuard address", + ) + rootCmd.Flags().IntVar( + &config.Config.EmbeddedDiscoveryService.Port, + "embedded-discovery-service-endpoint", + config.Config.EmbeddedDiscoveryService.Port, + "embedded discovery service port to listen on", + ) + rootCmd.Flags().BoolVar( + &config.Config.EmbeddedDiscoveryService.SnapshotsEnabled, + "embedded-discovery-service-snapshots-enabled", + config.Config.EmbeddedDiscoveryService.SnapshotsEnabled, + "enable snapshots for the embedded discovery service", + ) + rootCmd.Flags().StringVar( + &config.Config.EmbeddedDiscoveryService.SnapshotPath, + "embedded-discovery-service-snapshot-path", + config.Config.EmbeddedDiscoveryService.SnapshotPath, + "path to the file for storing the embedded discovery service state", + ) + rootCmd.Flags().DurationVar( + &config.Config.EmbeddedDiscoveryService.SnapshotInterval, + "embedded-discovery-service-snapshot-interval", + config.Config.EmbeddedDiscoveryService.SnapshotInterval, + "interval for saving the embedded discovery service state", + ) + rootCmd.Flags().StringVar( + &config.Config.EmbeddedDiscoveryService.LogLevel, + "embedded-discovery-service-log-level", + config.Config.EmbeddedDiscoveryService.LogLevel, + "log level for the embedded discovery service - it has no effect if it is lower (more verbose) than the main log level", + ) + + rootCmd.Flags().BoolVar( + &config.Config.EnableBreakGlassConfigs, + "enable-break-glass-configs", + config.Config.EnableBreakGlassConfigs, + "Allows downloading admin Talos and Kubernetes configs.", + ) + + rootCmd.Flags().StringVar( + &config.Config.AuditLogDir, + "audit-log-dir", + config.Config.AuditLogDir, + "Directory for audit log storage", + ) + + return rootCmd +}) diff --git a/cmd/omni/main.go b/cmd/omni/main.go index 54e6f862..fbf9fd35 100644 --- a/cmd/omni/main.go +++ b/cmd/omni/main.go @@ -3,568 +3,18 @@ // Use of this software is governed by the Business Source License // included in the LICENSE file. -// Package main ... +// Package main provides the entrypoint for the omni binary. package main import ( - "context" - "errors" - "fmt" "os" - "os/signal" - "strings" - "syscall" - "github.com/cosi-project/runtime/pkg/state" - "github.com/go-logr/zapr" - "github.com/prometheus/client_golang/prometheus" - "github.com/siderolabs/gen/ensure" - "github.com/siderolabs/go-debug" - "github.com/siderolabs/talos/pkg/machinery/config/generate" - "github.com/spf13/cobra" - "go.uber.org/zap" - "go.uber.org/zap/zapcore" - "k8s.io/klog/v2" - - "github.com/siderolabs/omni/client/pkg/compression" - "github.com/siderolabs/omni/client/pkg/constants" - authres "github.com/siderolabs/omni/client/pkg/omni/resources/auth" - omnires "github.com/siderolabs/omni/client/pkg/omni/resources/omni" - "github.com/siderolabs/omni/client/pkg/panichandler" - "github.com/siderolabs/omni/internal/backend" - "github.com/siderolabs/omni/internal/backend/discovery" - "github.com/siderolabs/omni/internal/backend/dns" - "github.com/siderolabs/omni/internal/backend/imagefactory" - "github.com/siderolabs/omni/internal/backend/logging" - "github.com/siderolabs/omni/internal/backend/resourcelogger" - "github.com/siderolabs/omni/internal/backend/runtime/omni" - "github.com/siderolabs/omni/internal/backend/runtime/omni/virtual" - "github.com/siderolabs/omni/internal/backend/runtime/talos" - "github.com/siderolabs/omni/internal/backend/workloadproxy" - "github.com/siderolabs/omni/internal/pkg/auth" - "github.com/siderolabs/omni/internal/pkg/auth/actor" - "github.com/siderolabs/omni/internal/pkg/auth/user" - "github.com/siderolabs/omni/internal/pkg/config" - "github.com/siderolabs/omni/internal/pkg/ctxstore" - "github.com/siderolabs/omni/internal/pkg/features" - "github.com/siderolabs/omni/internal/pkg/siderolink" - "github.com/siderolabs/omni/internal/version" + _ "github.com/siderolabs/omni/cmd/acompat" // this package should always be imported first for init->set env to work + "github.com/siderolabs/omni/cmd/omni/cmd" ) -func runDebugServer(ctx context.Context, logger *zap.Logger) { - const debugAddr = ":9980" - - debugLogFunc := func(msg string) { - logger.Info(msg) - } - - if err := debug.ListenAndServe(ctx, debugAddr, debugLogFunc); err != nil { - logger.Panic("failed to start debug server", zap.Error(err)) - } -} - -// rootCmd represents the base command when called without any subcommands. -var rootCmd = &cobra.Command{ - Use: "omni", - Short: "Talos and Sidero frontend", - Long: ``, - SilenceUsage: true, - Version: version.Tag, - RunE: func(*cobra.Command, []string) error { - if config.Config.Auth.SAML.URL != "" && config.Config.Auth.SAML.Metadata != "" { - return errors.New("flags --auth-saml-url and --auth-saml-metadata are mutually exclusive") - } - - var loggerConfig zap.Config - - if constants.IsDebugBuild { - loggerConfig = zap.NewDevelopmentConfig() - loggerConfig.EncoderConfig.EncodeLevel = zapcore.CapitalColorLevelEncoder - } else { - loggerConfig = zap.NewProductionConfig() - } - - if !rootCmdArgs.debug { - loggerConfig.Level.SetLevel(zap.InfoLevel) - } else { - loggerConfig.Level.SetLevel(zap.DebugLevel) - } - - logger, err := loggerConfig.Build( - zap.AddStacktrace(zapcore.FatalLevel), // only print stack traces for fatal errors - ) - if err != nil { - return fmt.Errorf("failed to set up logging: %w", err) - } - - if err = compression.InitConfig(config.Config.ConfigDataCompression.Enabled); err != nil { - return err - } - - logger.Info("initialized resource compression config", zap.Bool("enabled", config.Config.ConfigDataCompression.Enabled)) - - // set kubernetes logger to use warn log level and use zap - klog.SetLogger(zapr.NewLogger(logger.WithOptions(zap.IncreaseLevel(zapcore.WarnLevel)).With(logging.Component("kubernetes")))) - - if constants.IsDebugBuild { - logger.Warn("running debug build") - } - - for _, registryMirror := range rootCmdArgs.registryMirrors { - hostname, endpoint, ok := strings.Cut(registryMirror, "=") - if !ok { - return fmt.Errorf("invalid registry mirror spec: %q", registryMirror) - } - - config.Config.DefaultConfigGenOptions = append(config.Config.DefaultConfigGenOptions, generate.WithRegistryMirror(hostname, endpoint)) - } - - logger.Info("starting Omni", zap.String("version", version.Tag)) - - logger.Debug("using config", zap.Any("config", config.Config)) - - signals := make(chan os.Signal, 1) - - signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM) - - ctx, cancel := context.WithCancel(context.Background()) - defer cancel() - - // do not use signal.NotifyContext as it doesn't support any ways to log the received signal - panichandler.Go(func() { - s := <-signals - - logger.Warn("signal received, stopping Omni", zap.String("signal", s.String())) - - cancel() - }, logger) - - panichandler.Go(func() { - runDebugServer(ctx, logger) - }, logger) - - // this global context propagates into all controllers and any other background activities - ctx = actor.MarkContextAsInternalActor(ctx) - - err = omni.NewState(ctx, config.Config, logger, prometheus.DefaultRegisterer, runWithState(logger)) - if err != nil { - return fmt.Errorf("failed to run Omni: %w", err) - } - - return nil - }, -} - -//nolint:gocognit -func runWithState(logger *zap.Logger) func(context.Context, state.State, *virtual.State) error { - return func(ctx context.Context, resourceState state.State, virtualState *virtual.State) error { - auditWrap, auditErr := omni.NewAuditWrap(resourceState, config.Config, logger) - if auditErr != nil { - return auditErr - } - - resourceState = auditWrap.WrapState(resourceState) - - talosClientFactory := talos.NewClientFactory(resourceState, logger) - prometheus.MustRegister(talosClientFactory) - - dnsService := dns.NewService(resourceState, logger) - workloadProxyReconciler := workloadproxy.NewReconciler(logger.With(logging.Component("workload_proxy_reconciler")), zapcore.DebugLevel) - - var resourceLogger *resourcelogger.Logger - - if len(config.Config.LogResourceUpdatesTypes) > 0 { - var err error - - resourceLogger, err = resourcelogger.New(ctx, resourceState, logger.With(logging.Component("resourcelogger")), - config.Config.LogResourceUpdatesLogLevel, config.Config.LogResourceUpdatesTypes...) - if err != nil { - return fmt.Errorf("failed to set up resource logger: %w", err) - } - } - - imageFactoryClient, err := imagefactory.NewClient(resourceState, config.Config.ImageFactoryBaseURL) - if err != nil { - return fmt.Errorf("failed to set up image factory client: %w", err) - } - - linkCounterDeltaCh := make(chan siderolink.LinkCounterDeltas) - siderolinkEventsCh := make(chan *omnires.MachineStatusSnapshot) - - defaultDiscoveryClient, err := discovery.NewClient(discovery.Options{ - UseEmbeddedDiscoveryService: false, - }) - if err != nil { - return fmt.Errorf("failed to create default discovery client: %w", err) - } - - var embeddedDiscoveryClient *discovery.Client - - if config.Config.EmbeddedDiscoveryService.Enabled { - if embeddedDiscoveryClient, err = discovery.NewClient(discovery.Options{ - UseEmbeddedDiscoveryService: true, - EmbeddedDiscoveryServicePort: config.Config.EmbeddedDiscoveryService.Port, - }); err != nil { - return fmt.Errorf("failed to create embedded discovery client: %w", err) - } - } - - defer func() { - if closeErr := defaultDiscoveryClient.Close(); closeErr != nil { - logger.Error("failed to close discovery client", zap.Error(closeErr)) - } - }() - - omniRuntime, err := omni.New(talosClientFactory, dnsService, workloadProxyReconciler, resourceLogger, - imageFactoryClient, linkCounterDeltaCh, siderolinkEventsCh, resourceState, virtualState, - prometheus.DefaultRegisterer, defaultDiscoveryClient, embeddedDiscoveryClient, logger.With(logging.Component("omni_runtime"))) - if err != nil { - return fmt.Errorf("failed to set up the controller runtime: %w", err) - } - - machineMap := siderolink.NewMachineMap(siderolink.NewStateStorage(omniRuntime.State())) - - logHandler, err := siderolink.NewLogHandler( - machineMap, - resourceState, - &config.Config.MachineLogConfig, - logger.With(logging.Component("siderolink_log_handler")), - ) - if err != nil { - return fmt.Errorf("failed to set up log handler: %w", err) - } - - talosRuntime := talos.New(talosClientFactory, logger) - - err = user.EnsureInitialResources(ctx, omniRuntime.State(), logger, config.Config.InitialUsers) - if err != nil { - return fmt.Errorf("failed to write initial user resources to state: %w", err) - } - - authConfig, err := auth.EnsureAuthConfigResource(ctx, omniRuntime.State(), logger, config.Config.Auth) - if err != nil { - return fmt.Errorf("failed to write Auth0 parameters to state: %w", err) - } - - if err = features.UpdateResources(ctx, omniRuntime.State(), logger); err != nil { - return fmt.Errorf("failed to update features config resources: %w", err) - } - - ctx = ctxstore.WithValue(ctx, auth.EnabledAuthContextKey{Enabled: authres.Enabled(authConfig)}) - - handler, err := backend.NewFrontendHandler(rootCmdArgs.frontendDst, logger) - if err != nil { - return fmt.Errorf("failed to set up frontend handler: %w", err) - } - - server, err := backend.NewServer( - rootCmdArgs.bindAddress, - rootCmdArgs.metricsBindAddress, - rootCmdArgs.k8sProxyBindAddress, - rootCmdArgs.pprofBindAddress, - dnsService, - workloadProxyReconciler, - imageFactoryClient, - linkCounterDeltaCh, - siderolinkEventsCh, - omniRuntime, - talosRuntime, - logHandler, - authConfig, - rootCmdArgs.keyFile, - rootCmdArgs.certFile, - backend.NewProxyServer(rootCmdArgs.frontendBind, handler, rootCmdArgs.keyFile, rootCmdArgs.certFile), - auditWrap, - logger, - ) - if err != nil { - return fmt.Errorf("failed to create server: %w", err) - } - - if err := server.Run(ctx); err != nil { - return fmt.Errorf("failed to run server: %w", err) - } - - return nil - } -} - -var rootCmdArgs struct { - bindAddress string - frontendBind string - frontendDst string - k8sProxyBindAddress string - metricsBindAddress string - pprofBindAddress string - keyFile string - certFile string - registryMirrors []string - - debug bool -} - func main() { - if err := rootCmd.Execute(); err != nil { + if err := cmd.RootCmd().Execute(); err != nil { os.Exit(1) } } - -//nolint:maintidx -func init() { - rootCmd.Flags().BoolVar(&rootCmdArgs.debug, "debug", false, "enable debug logs.") - rootCmd.Flags().StringVar(&rootCmdArgs.bindAddress, "bind-addr", "0.0.0.0:8080", "start HTTP server on the defined address.") - rootCmd.Flags().StringVar(&rootCmdArgs.frontendDst, "frontend-dst", "", "destination address non API requests from proxy server.") - rootCmd.Flags().StringVar(&rootCmdArgs.frontendBind, "frontend-bind", "", "proxy server which will redirect all non API requests to the definied frontend server.") - rootCmd.Flags().StringVar(&rootCmdArgs.metricsBindAddress, "metrics-bind-addr", "0.0.0.0:2122", "start Prometheus HTTP server on the defined address.") - rootCmd.Flags().StringVar(&rootCmdArgs.pprofBindAddress, "pprof-bind-addr", "", "start pprof HTTP server on the defined address (\"\" if disabled).") - rootCmd.Flags().StringVar(&rootCmdArgs.k8sProxyBindAddress, "k8s-proxy-bind-addr", "0.0.0.0:8095", "start Kubernetes workload proxy on the defined address.") - rootCmd.Flags().StringSliceVar(&rootCmdArgs.registryMirrors, "registry-mirror", []string{}, "list of registry mirrors to use in format: =") - - rootCmd.Flags().StringVar(&config.Config.AccountID, "account-id", config.Config.AccountID, "instance account ID, should never be changed.") - rootCmd.Flags().StringVar(&config.Config.Name, "name", config.Config.Name, "instance user-facing name.") - rootCmd.Flags().StringVar(&config.Config.APIURL, "advertised-api-url", config.Config.APIURL, "advertised API frontend URL.") - rootCmd.Flags().StringVar(&config.Config.KubernetesProxyURL, "advertised-kubernetes-proxy-url", config.Config.KubernetesProxyURL, "advertised Kubernetes proxy URL.") - rootCmd.Flags().BoolVar(&config.Config.SiderolinkDisableLastEndpoint, "siderolink-disable-last-endpoint", false, "do not populate last known peer endpoint for the WireGuard peers") - rootCmd.Flags().StringVar( - &config.Config.SiderolinkWireguardAdvertisedAddress, - "siderolink-wireguard-advertised-addr", - config.Config.SiderolinkWireguardAdvertisedAddress, - "advertised wireguard address which is passed down to the nodes.") - rootCmd.Flags().StringVar(&config.Config.SiderolinkWireguardBindAddress, "siderolink-wireguard-bind-addr", config.Config.SiderolinkWireguardBindAddress, "SideroLink WireGuard bind address.") - rootCmd.Flags().BoolVar(&config.Config.SiderolinkUseGRPCTunnel, "siderolink-use-grpc-tunnel", false, "use gRPC tunnel to wrap WireGuard traffic instead of UDP") - - rootCmd.Flags().StringVar(&config.Config.MachineAPIBindAddress, "siderolink-api-bind-addr", config.Config.MachineAPIBindAddress, "SideroLink provision bind address.") - rootCmd.Flags().StringVar(&config.Config.MachineAPICertFile, "siderolink-api-cert", config.Config.MachineAPICertFile, "SideroLink TLS cert file path.") - rootCmd.Flags().StringVar(&config.Config.MachineAPIKeyFile, "siderolink-api-key", config.Config.MachineAPIKeyFile, "SideroLink TLS key file path.") - - rootCmd.Flags().MarkDeprecated("siderolink-api-bind-addr", "--deprecated, use --machine-api-bind-addr") //nolint:errcheck - rootCmd.Flags().MarkDeprecated("siderolink-api-cert", "deprecated, use --machine-api-cert") //nolint:errcheck - rootCmd.Flags().MarkDeprecated("siderolink-api-key", "deprecated, use --machine-api-key") //nolint:errcheck - - rootCmd.Flags().StringVar(&config.Config.MachineAPIBindAddress, "machine-api-bind-addr", config.Config.MachineAPIBindAddress, "machine API bind address.") - rootCmd.Flags().StringVar(&config.Config.MachineAPICertFile, "machine-api-cert", config.Config.MachineAPICertFile, "machine API TLS cert file path.") - rootCmd.Flags().StringVar(&config.Config.MachineAPIKeyFile, "machine-api-key", config.Config.MachineAPIKeyFile, "machine API TLS key file path.") - - rootCmd.Flags().IntVar(&config.Config.EventSinkPort, "event-sink-port", config.Config.EventSinkPort, "event sink bind port.") - rootCmd.Flags().StringVar(&config.Config.SideroLinkAPIURL, "siderolink-api-advertised-url", config.Config.SideroLinkAPIURL, "SideroLink advertised API URL.") - rootCmd.Flags().IntVar(&config.Config.LoadBalancer.MinPort, "lb-min-port", config.Config.LoadBalancer.MinPort, "cluster load balancer port range min value.") - rootCmd.Flags().IntVar(&config.Config.LoadBalancer.MaxPort, "lb-max-port", config.Config.LoadBalancer.MaxPort, "cluster load balancer port range max value.") - rootCmd.Flags().IntVar(&config.Config.LogServerPort, "log-server-port", config.Config.LogServerPort, "port for TCP log server") - - rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferInitialCapacity, "machine-log-buffer-capacity", - config.Config.MachineLogConfig.BufferInitialCapacity, "initial buffer capacity for machine logs in bytes") - rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferMaxCapacity, "machine-log-buffer-max-capacity", - config.Config.MachineLogConfig.BufferMaxCapacity, "max buffer capacity for machine logs in bytes") - rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.BufferSafetyGap, "machine-log-buffer-safe-gap", - config.Config.MachineLogConfig.BufferSafetyGap, "safety gap for machine log buffer in bytes") - rootCmd.Flags().IntVar(&config.Config.MachineLogConfig.NumCompressedChunks, "machine-log-num-compressed-chunks", - config.Config.MachineLogConfig.NumCompressedChunks, "number of compressed log chunks to keep") - rootCmd.Flags().BoolVar(&config.Config.MachineLogConfig.StorageEnabled, "machine-log-storage-enabled", - config.Config.MachineLogConfig.StorageEnabled, "enable machine log storage") - rootCmd.Flags().StringVar(&config.Config.MachineLogConfig.StoragePath, "machine-log-storage-path", - config.Config.MachineLogConfig.StoragePath, "path of the directory for storing machine logs") - rootCmd.Flags().DurationVar(&config.Config.MachineLogConfig.StorageFlushPeriod, "machine-log-storage-flush-period", - config.Config.MachineLogConfig.StorageFlushPeriod, "period for flushing machine logs to disk") - rootCmd.Flags().Float64Var(&config.Config.MachineLogConfig.StorageFlushJitter, "machine-log-storage-flush-jitter", - config.Config.MachineLogConfig.StorageFlushJitter, "jitter for the machine log storage flush period") - - // keep the old flags for backwards-compatibility - { - rootCmd.Flags().BoolVar(&config.Config.MachineLogConfig.StorageEnabled, "log-storage-enabled", config.Config.MachineLogConfig.StorageEnabled, "enable machine log storage") - rootCmd.Flags().StringVar(&config.Config.MachineLogConfig.StoragePath, "log-storage-path", config.Config.MachineLogConfig.StoragePath, - "path of the directory for storing machine logs") - rootCmd.Flags().DurationVar(&config.Config.MachineLogConfig.StorageFlushPeriod, "log-storage-flush-period", config.Config.MachineLogConfig.StorageFlushPeriod, - "period for flushing machine logs to disk") - - rootCmd.Flags().MarkDeprecated("log-storage-enabled", "use --machine-log-storage-enabled") //nolint:errcheck - rootCmd.Flags().MarkDeprecated("log-storage-path", "use --machine-log-storage-path") //nolint:errcheck - rootCmd.Flags().MarkDeprecated("log-storage-flush-period", "use --machine-log-storage-flush-period") //nolint:errcheck - } - - rootCmd.Flags().BoolVar(&config.Config.Auth.Auth0.Enabled, "auth-auth0-enabled", config.Config.Auth.Auth0.Enabled, - "enable Auth0 authentication. Once set to true, it cannot be set back to false.") - rootCmd.Flags().StringVar(&config.Config.Auth.Auth0.ClientID, "auth-auth0-client-id", config.Config.Auth.Auth0.ClientID, "Auth0 application client ID.") - rootCmd.Flags().StringVar(&config.Config.Auth.Auth0.Domain, "auth-auth0-domain", config.Config.Auth.Auth0.Domain, "Auth0 application domain.") - rootCmd.Flags().BoolVar(&config.Config.Auth.Auth0.UseFormData, "auth-auth0-use-form-data", config.Config.Auth.Auth0.UseFormData, - "When true, data to the token endpoint is transmitted as x-www-form-urlencoded data instead of JSON. The default is false") - - rootCmd.Flags().BoolVar(&config.Config.Auth.WebAuthn.Enabled, "auth-webauthn-enabled", config.Config.Auth.WebAuthn.Enabled, - "enable WebAuthn authentication. Once set to true, it cannot be set back to false.") - rootCmd.Flags().BoolVar(&config.Config.Auth.WebAuthn.Required, "auth-webauthn-required", config.Config.Auth.WebAuthn.Required, - "require WebAuthn authentication. Once set to true, it cannot be set back to false.") - - rootCmd.Flags().BoolVar(&config.Config.Auth.SAML.Enabled, "auth-saml-enabled", config.Config.Auth.SAML.Enabled, - "enabled SAML authentication.", - ) - rootCmd.Flags().StringVar(&config.Config.Auth.SAML.URL, "auth-saml-url", config.Config.Auth.SAML.URL, "SAML identity provider metadata URL (mutually exclusive with --auth-saml-metadata") - rootCmd.Flags().StringVar(&config.Config.Auth.SAML.Metadata, "auth-saml-metadata", config.Config.Auth.SAML.Metadata, - "SAML identity provider metadata file path (mutually exclusive with --auth-saml-url).", - ) - rootCmd.Flags().Var(&config.Config.Auth.SAML.LabelRules, "auth-saml-label-rules", "defines mapping of SAML assertion attributes into Omni identity labels") - - rootCmd.Flags().StringSliceVar(&config.Config.InitialUsers, "initial-users", config.Config.InitialUsers, "initial set of user emails. these users will be created on startup.") - - rootCmd.Flags().StringVar(&config.Config.Storage.Kind, "storage-kind", config.Config.Storage.Kind, "storage type: etcd|boltdb.") - rootCmd.Flags().BoolVar(&config.Config.Storage.Etcd.Embedded, "etcd-embedded", config.Config.Storage.Etcd.Embedded, "use embedded etcd server.") - rootCmd.Flags().BoolVar(&config.Config.Storage.Etcd.EmbeddedUnsafeFsync, "etcd-embedded-unsafe-fsync", config.Config.Storage.Etcd.EmbeddedUnsafeFsync, - "disable fsync in the embedded etcd server (dangerous).") - rootCmd.Flags().StringSliceVar(&config.Config.Storage.Etcd.Endpoints, "etcd-endpoints", config.Config.Storage.Etcd.Endpoints, "external etcd endpoints.") - rootCmd.Flags().DurationVar(&config.Config.Storage.Etcd.DialKeepAliveTime, - "etcd-dial-keepalive-time", config.Config.Storage.Etcd.DialKeepAliveTime, "external etcd client keep-alive time (interval).") - rootCmd.Flags().DurationVar(&config.Config.Storage.Etcd.DialKeepAliveTimeout, - "etcd-dial-keepalive-timeout", config.Config.Storage.Etcd.DialKeepAliveTimeout, "external etcd client keep-alive timeout.") - rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.CAPath, "etcd-ca-path", config.Config.Storage.Etcd.CAPath, "external etcd CA path.") - rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.CertPath, "etcd-client-cert-path", config.Config.Storage.Etcd.CertPath, "external etcd client cert path.") - rootCmd.Flags().StringVar(&config.Config.Storage.Etcd.KeyPath, "etcd-client-key-path", config.Config.Storage.Etcd.KeyPath, "external etcd client key path.") - - rootCmd.Flags().StringVar(&config.Config.SecondaryStorage.Path, "secondary-storage-path", config.Config.SecondaryStorage.Path, - "path of the file for boltdb-backed secondary storage for frequently updated data.") - - rootCmd.Flags().StringVar(&config.Config.TalosRegistry, "talos-installer-registry", config.Config.TalosRegistry, "Talos installer image registry.") - rootCmd.Flags().StringVar(&config.Config.KubernetesRegistry, "kubernetes-registry", config.Config.KubernetesRegistry, "Kubernetes container registry.") - rootCmd.Flags().StringVar(&config.Config.ImageFactoryBaseURL, "image-factory-address", config.Config.ImageFactoryBaseURL, "Image factory base URL to use.") - rootCmd.Flags().StringVar(&config.Config.ImageFactoryPXEBaseURL, "image-factory-pxe-address", config.Config.ImageFactoryPXEBaseURL, "Image factory pxe base URL to use.") - - rootCmd.Flags().StringVar( - &config.Config.Storage.Etcd.PrivateKeySource, - "private-key-source", - config.Config.Storage.Etcd.PrivateKeySource, - "file containing private key to use for decrypting master key slot.", - ) - rootCmd.Flags().StringSliceVar( - &config.Config.Storage.Etcd.PublicKeyFiles, - "public-key-files", - config.Config.Storage.Etcd.PublicKeyFiles, - "list of paths to files containing public keys to use for encrypting keys slots.", - ) - - rootCmd.Flags().DurationVar( - &config.Config.KeyPruner.Interval, - "public-key-pruning-interval", - config.Config.KeyPruner.Interval, - "interval between public key pruning runs.", - ) - - rootCmd.Flags().BoolVar(&config.Config.Auth.Suspended, "suspended", config.Config.Auth.Suspended, "start omni in suspended (read-only) mode.") - - rootCmd.Flags().BoolVar(&config.Config.EnableTalosPreReleaseVersions, "enable-talos-pre-release-versions", config.Config.EnableTalosPreReleaseVersions, - "make Omni version discovery controler include Talos pre-release versions.") - - rootCmd.Flags().BoolVar(&config.Config.WorkloadProxying.Enabled, "workload-proxying-enabled", config.Config.WorkloadProxying.Enabled, "enable workload proxying feature.") - rootCmd.Flags().StringVar(&config.Config.WorkloadProxying.Subdomain, "workload-proxying-subdomain", config.Config.WorkloadProxying.Subdomain, "workload proxying subdomain.") - - rootCmd.Flags().BoolVar(&config.Config.ConfigDataCompression.Enabled, "config-data-compression-enabled", config.Config.ConfigDataCompression.Enabled, "enable config data compression.") - - rootCmd.Flags().IntVar(&config.Config.LocalResourceServerPort, "local-resource-server-port", config.Config.LocalResourceServerPort, "port for local read-only public resource server.") - - ensure.NoError(rootCmd.MarkFlagRequired("private-key-source")) - ensure.NoError(rootCmd.Flags().MarkHidden("etcd-embedded-unsafe-fsync")) - - rootCmd.Flags().StringVar(&rootCmdArgs.keyFile, "key", "", "TLS key file") - rootCmd.Flags().StringVar(&rootCmdArgs.certFile, "cert", "", "TLS cert file") - - rootCmd.Flags().BoolVar( - &config.Config.EtcdBackup.S3Enabled, - "etcd-backup-s3", - config.Config.EtcdBackup.S3Enabled, - "S3 will be used for cluster etcd backups", - ) - - rootCmd.Flags().StringVar( - &config.Config.EtcdBackup.LocalPath, - "etcd-backup-local-path", - config.Config.EtcdBackup.LocalPath, - "path to local directory for cluster etcd backups", - ) - - rootCmd.MarkFlagsMutuallyExclusive("etcd-backup-s3", "etcd-backup-local-path") - - rootCmd.Flags().DurationVar( - &config.Config.EtcdBackup.TickInterval, - "etcd-backup-tick-interval", - config.Config.EtcdBackup.TickInterval, - "interval between etcd backups ticks (controller events to check if any cluster needs to be backed up)", - ) - - rootCmd.Flags().DurationVar( - &config.Config.EtcdBackup.MinInterval, - "etcd-backup-min-interval", - config.Config.EtcdBackup.MinInterval, - "minimal interval between etcd backups", - ) - - rootCmd.Flags().DurationVar( - &config.Config.EtcdBackup.MaxInterval, - "etcd-backup-max-interval", - config.Config.EtcdBackup.MaxInterval, - "maximal interval between etcd backups", - ) - - rootCmd.Flags().StringSliceVar(&config.Config.LogResourceUpdatesTypes, - "log-resource-updates-types", - config.Config.LogResourceUpdatesTypes, - "list of resource types whose updates should be logged", - ) - rootCmd.Flags().StringVar(&config.Config.LogResourceUpdatesLogLevel, - "log-resource-updates-log-level", - config.Config.LogResourceUpdatesLogLevel, - "log level for resource updates", - ) - - rootCmd.Flags().BoolVar(&config.Config.DisableControllerRuntimeCache, - "disable-controller-runtime-cache", - config.Config.DisableControllerRuntimeCache, - "disable watch-based cache for controller-runtime (affects performance)", - ) - - rootCmd.Flags().BoolVar( - &config.Config.EmbeddedDiscoveryService.Enabled, - "embedded-discovery-service-enabled", - config.Config.EmbeddedDiscoveryService.Enabled, - "enable embedded discovery service, binds only to the SideroLink WireGuard address", - ) - rootCmd.Flags().IntVar( - &config.Config.EmbeddedDiscoveryService.Port, - "embedded-discovery-service-endpoint", - config.Config.EmbeddedDiscoveryService.Port, - "embedded discovery service port to listen on", - ) - rootCmd.Flags().BoolVar( - &config.Config.EmbeddedDiscoveryService.SnapshotsEnabled, - "embedded-discovery-service-snapshots-enabled", - config.Config.EmbeddedDiscoveryService.SnapshotsEnabled, - "enable snapshots for the embedded discovery service", - ) - rootCmd.Flags().StringVar( - &config.Config.EmbeddedDiscoveryService.SnapshotPath, - "embedded-discovery-service-snapshot-path", - config.Config.EmbeddedDiscoveryService.SnapshotPath, - "path to the file for storing the embedded discovery service state", - ) - rootCmd.Flags().DurationVar( - &config.Config.EmbeddedDiscoveryService.SnapshotInterval, - "embedded-discovery-service-snapshot-interval", - config.Config.EmbeddedDiscoveryService.SnapshotInterval, - "interval for saving the embedded discovery service state", - ) - rootCmd.Flags().StringVar( - &config.Config.EmbeddedDiscoveryService.LogLevel, - "embedded-discovery-service-log-level", - config.Config.EmbeddedDiscoveryService.LogLevel, - "log level for the embedded discovery service - it has no effect if it is lower (more verbose) than the main log level", - ) - - rootCmd.Flags().BoolVar( - &config.Config.EnableBreakGlassConfigs, - "enable-break-glass-configs", - config.Config.EnableBreakGlassConfigs, - "Allows downloading admin Talos and Kubernetes configs.", - ) - - rootCmd.Flags().StringVar( - &config.Config.AuditLogDir, - "audit-log-dir", - config.Config.AuditLogDir, - "Directory for audit log storage", - ) -} diff --git a/go.mod b/go.mod index 2b388b0f..0b25e71e 100644 --- a/go.mod +++ b/go.mod @@ -57,7 +57,7 @@ require ( github.com/prometheus/client_golang v1.20.2 github.com/prometheus/common v0.57.0 github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 - github.com/siderolabs/crypto v0.4.4 + github.com/siderolabs/crypto v0.5.0 github.com/siderolabs/discovery-api v0.1.4 github.com/siderolabs/discovery-client v0.1.9 github.com/siderolabs/discovery-service v1.0.3 @@ -72,10 +72,11 @@ require ( github.com/siderolabs/go-retry v0.3.3 github.com/siderolabs/go-tail v0.1.1 github.com/siderolabs/go-talos-support v0.1.1 - github.com/siderolabs/grpc-proxy v0.4.1 + github.com/siderolabs/grpc-proxy v0.5.1 github.com/siderolabs/image-factory v0.5.0 github.com/siderolabs/kms-client v0.1.0 github.com/siderolabs/omni/client v0.39.1 + github.com/siderolabs/proto-codec v0.1.1 github.com/siderolabs/siderolink v0.3.9 github.com/siderolabs/talos/pkg/machinery v1.8.0 github.com/siderolabs/tcpproxy v0.1.0 @@ -90,14 +91,14 @@ require ( go.etcd.io/etcd/server/v3 v3.5.15 go.uber.org/goleak v1.3.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.26.0 - golang.org/x/net v0.28.0 + golang.org/x/crypto v0.28.0 + golang.org/x/net v0.30.0 golang.org/x/sync v0.8.0 golang.org/x/tools v0.24.0 golang.zx2c4.com/wireguard v0.0.0-20231211153847-12269c276173 golang.zx2c4.com/wireguard/wgctrl v0.0.0-20230429144221-925a1e7659e6 - google.golang.org/grpc v1.66.0 - google.golang.org/protobuf v1.34.2 + google.golang.org/grpc v1.67.1 + google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v3 v3.0.3 k8s.io/api v0.31.0 k8s.io/apimachinery v0.31.0 @@ -201,7 +202,7 @@ require ( github.com/opencontainers/runtime-spec v1.2.0 // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect + github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -244,14 +245,14 @@ require ( golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/oauth2 v0.22.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect golang.org/x/time v0.6.0 // indirect golang.zx2c4.com/wintun v0.0.0-20230126152724-0fa3db229ce2 // indirect google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 // indirect gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/natefinch/lumberjack.v2 v2.2.1 // indirect diff --git a/go.sum b/go.sum index b991c61d..ca2c8ecb 100644 --- a/go.sum +++ b/go.sum @@ -362,8 +362,8 @@ github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsK github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= -github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= +github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587 h1:xzZOeCMQLA/W198ZkdVdt4EKFKJtS26B773zNU377ZY= +github.com/planetscale/vtprotobuf v0.6.1-0.20240917153116-6f2963f01587/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -397,8 +397,8 @@ github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500 h1:WnNuhiq+FOY3jNj6JXFT+eLN3CQ/oPIsDPRanvwsmbI= github.com/shabbyrobe/gocovmerge v0.0.0-20190829150210-3e036491d500/go.mod h1:+njLrG5wSeoG4Ds61rFgEzKvenR2UHbjMoDHsczxly0= -github.com/siderolabs/crypto v0.4.4 h1:Q6EDBMR2Ub2oAZW5Xl8lrKB27bM3Sn8Gkfw3rngco5U= -github.com/siderolabs/crypto v0.4.4/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= +github.com/siderolabs/crypto v0.5.0 h1:+Sox0aYLCcD0PAH2cbEcx557zUrONLtuj1Ws+2MFXGc= +github.com/siderolabs/crypto v0.5.0/go.mod h1:hsR3tJ3aaeuhCChsLF4dBd9vlJVPvmhg4vvx2ez4aD4= github.com/siderolabs/discovery-api v0.1.4 h1:2fMEFSMiWaD1zDiBDY5md8VxItvL1rDQRSOfeXNjYKc= github.com/siderolabs/discovery-api v0.1.4/go.mod h1:kaBy+G42v2xd/uAF/NIe383sjNTBE2AhxPTyi9SZI0s= github.com/siderolabs/discovery-client v0.1.9 h1:yDzvts++Nf/2qczdDUfU5GAibkEIgz/eo9RPG/k/rOc= @@ -433,14 +433,16 @@ github.com/siderolabs/go-tail v0.1.1 h1:3XeJgd97OHyFAIE7nQEMcRhOfnv7DvXbu0BRKbtT github.com/siderolabs/go-tail v0.1.1/go.mod h1:IihAL39acadXHfb5fEAOKK2DaDFIrG2+VD3b2H/ziZ0= github.com/siderolabs/go-talos-support v0.1.1 h1:g51J0WQssQAycU/0cDliC2l4uX2H02yUs2+fa5pCvHg= github.com/siderolabs/go-talos-support v0.1.1/go.mod h1:o4woiYS+2J3djCQgyHZRVZQm8XpazQr+XPcTXAZvamo= -github.com/siderolabs/grpc-proxy v0.4.1 h1:UTYviMqb65oKjnH7dy5D+U4zMJ6iCTjAN6x6K/Ss120= -github.com/siderolabs/grpc-proxy v0.4.1/go.mod h1:QwQuLUpJrlN08kpP0m63oO/SEeoz0dEhU9ndlBafc0Y= +github.com/siderolabs/grpc-proxy v0.5.1 h1:WTZYLMPTZPt43BzEJ02LT9kYA9qAfquWwCezc6NPPYE= +github.com/siderolabs/grpc-proxy v0.5.1/go.mod h1:EQwE87LiWxhiIUPBeWmpjJb9DIWxWID8R6ARtdTC+8A= github.com/siderolabs/image-factory v0.5.0 h1:v1FXZLCcV6xu+6QpgvhDEICxVF7o2VxMjfU0MutkFbo= github.com/siderolabs/image-factory v0.5.0/go.mod h1:npJwHOBsI+h+gKdezCyrs7ZHDmkgRnrAK2Cjk1nzv8A= github.com/siderolabs/kms-client v0.1.0 h1:rCDWzcDDsNlp6zdyLngOuuhchVILn+vwUQy3tk6rQps= github.com/siderolabs/kms-client v0.1.0/go.mod h1:4UQkRhuEh3kaK7VhJxez4YyJLv6lPEff7g3Pa6Y9okg= github.com/siderolabs/net v0.4.0 h1:1bOgVay/ijPkJz4qct98nHsiB/ysLQU0KLoBC4qLm7I= github.com/siderolabs/net v0.4.0/go.mod h1:/ibG+Hm9HU27agp5r9Q3eZicEfjquzNzQNux5uEk0kM= +github.com/siderolabs/proto-codec v0.1.1 h1:4jiUwW/vaXTZ+YNgZDs37B4aj/1mzV/erIkzUUCRY9g= +github.com/siderolabs/proto-codec v0.1.1/go.mod h1:rIvmhKJG8+JwSCGPX+cQljpOMDmuHhLKPkt6KaFwEaU= github.com/siderolabs/protoenc v0.2.1 h1:BqxEmeWQeMpNP3R6WrPqDatX8sM/r4t97OP8mFmg6GA= github.com/siderolabs/protoenc v0.2.1/go.mod h1:StTHxjet1g11GpNAWiATgc8K0HMKiFSEVVFOa/H0otc= github.com/siderolabs/siderolink v0.3.9 h1:lvHFCu+CdfUyMk90g1Zt5r7n1Dw3jhXMxyzXmQ0776o= @@ -553,8 +555,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= @@ -588,8 +590,8 @@ golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= @@ -628,8 +630,8 @@ golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -637,8 +639,8 @@ golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -647,8 +649,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -686,18 +688,18 @@ google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kj google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9 h1:QCqS/PdaHTSWGvupk2F/ehwHtGc0/GYkT+3GAcR1CCc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/hack/zstd-dict/go.mod b/hack/zstd-dict/go.mod index 4088a4f8..b211983b 100644 --- a/hack/zstd-dict/go.mod +++ b/hack/zstd-dict/go.mod @@ -6,6 +6,7 @@ require ( github.com/klauspost/compress v1.17.9 github.com/mittwald/go-helm-client v0.12.13 go.uber.org/zap v1.26.0 + gopkg.in/yaml.v3 v3.0.1 helm.sh/helm/v3 v3.15.4 ) @@ -114,21 +115,20 @@ require ( go.opentelemetry.io/otel/trace v1.26.0 // indirect go.starlark.net v0.0.0-20240517230649-3792562d0b7f // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/oauth2 v0.20.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/oauth2 v0.22.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.5.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/grpc v1.64.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/grpc v1.67.1 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/api v0.30.3 // indirect k8s.io/apiextensions-apiserver v0.30.3 // indirect k8s.io/apimachinery v0.30.3 // indirect diff --git a/hack/zstd-dict/go.sum b/hack/zstd-dict/go.sum index f375e202..3450b4b8 100644 --- a/hack/zstd-dict/go.sum +++ b/hack/zstd-dict/go.sum @@ -373,8 +373,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= @@ -387,18 +387,18 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -414,19 +414,19 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -440,12 +440,12 @@ golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8T golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/internal/backend/grpc/router/encoding.go b/internal/backend/grpc/router/encoding.go deleted file mode 100644 index 3d21df01..00000000 --- a/internal/backend/grpc/router/encoding.go +++ /dev/null @@ -1,118 +0,0 @@ -// Copyright (c) 2024 Sidero Labs, Inc. -// -// Use of this software is governed by the Business Source License -// included in the LICENSE file. - -package router - -import ( - "fmt" - - "google.golang.org/grpc/encoding" - _ "google.golang.org/grpc/encoding/proto" // Register the proto codec before we replace it with ours. - "google.golang.org/grpc/mem" - "google.golang.org/protobuf/proto" - "google.golang.org/protobuf/protoadapt" -) - -// Name is the name registered for the proto compressor. -const Name = "proto" - -type vtprotoCodec struct{} - -func (c vtprotoCodec) Marshal(v any) (mem.BufferSlice, error) { - size, err := getSize(v) - if err != nil { - return nil, err - } - - if mem.IsBelowBufferPoolingThreshold(size) { - buf, err := marshal(v) - if err != nil { - return nil, err - } - - return mem.BufferSlice{mem.SliceBuffer(buf)}, nil - } - - pool := mem.DefaultBufferPool() - - buf := pool.Get(size) - if err := marshalAppend((*buf)[:size], v); err != nil { - pool.Put(buf) - - return nil, err - } - - return mem.BufferSlice{mem.NewBuffer(buf, pool)}, nil -} - -func getSize(v any) (int, error) { - switch v := v.(type) { - case vtprotoMessage: - return v.SizeVT(), nil - case proto.Message: - return proto.Size(v), nil - case protoadapt.MessageV1: - return proto.Size(protoadapt.MessageV2Of(v)), nil - default: - return -1, fmt.Errorf("failed to get size, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1 ", v) - } -} - -func marshal(v any) ([]byte, error) { - switch v := v.(type) { - case vtprotoMessage: - return v.MarshalVT() - case proto.Message: - return proto.Marshal(v) - case protoadapt.MessageV1: - return proto.Marshal(protoadapt.MessageV2Of(v)) - default: - return nil, fmt.Errorf("failed to marshal, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1 ", v) - } -} - -func marshalAppend(dst []byte, v any) error { - takeErr := func(_ any, e error) error { return e } - - switch v := v.(type) { - case vtprotoMessage: - return takeErr(v.MarshalToSizedBufferVT(dst)) - case proto.Message: - return takeErr((proto.MarshalOptions{}).MarshalAppend(dst, v)) - case protoadapt.MessageV1: - return takeErr((proto.MarshalOptions{}).MarshalAppend(dst[:0], protoadapt.MessageV2Of(v))) - default: - return fmt.Errorf("failed to marshal-append, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1 ", v) - } -} - -func (c vtprotoCodec) Unmarshal(data mem.BufferSlice, v any) error { - buf := data.MaterializeToBuffer(mem.DefaultBufferPool()) - defer buf.Free() - - switch v := v.(type) { - case vtprotoMessage: - return v.UnmarshalVT(buf.ReadOnlyData()) - case proto.Message: - return proto.Unmarshal(buf.ReadOnlyData(), v) - case protoadapt.MessageV1: - return proto.Unmarshal(buf.ReadOnlyData(), protoadapt.MessageV2Of(v)) - default: - return fmt.Errorf("failed to unmarshal, message is %T, must satisfy the vtprotoMessage, proto.Message or protoadapt.MessageV1", v) - } -} - -func (c vtprotoCodec) Name() string { return Name } - -func (vtprotoCodec) OldName() string { return Name } - -type vtprotoMessage interface { - MarshalToSizedBufferVT([]byte) (int, error) - MarshalVT() ([]byte, error) - UnmarshalVT([]byte) error - SizeVT() int -} - -func init() { encoding.RegisterCodecV2(vtprotoCodec{}) } diff --git a/internal/backend/grpc/router/router.go b/internal/backend/grpc/router/router.go index 341315b4..92eae76e 100644 --- a/internal/backend/grpc/router/router.go +++ b/internal/backend/grpc/router/router.go @@ -93,7 +93,7 @@ func NewRouter( grpc.WithDefaultCallOptions( // we are proxying requests to ourselves, so we don't need to impose a limit grpc.MaxCallRecvMsgSize(math.MaxInt32), - grpc.ForceCodec(proxy.Codec()), + grpc.ForceCodecV2(proxy.Codec()), ), ) if err != nil { @@ -292,7 +292,7 @@ func (r *Router) getConn(ctx context.Context, contextName string) (*grpc.ClientC MinConnectTimeout: 20 * time.Second, }), grpc.WithTransportCredentials(creds), - grpc.WithDefaultCallOptions(grpc.ForceCodec(proxy.Codec())), + grpc.WithDefaultCallOptions(grpc.ForceCodecV2(proxy.Codec())), grpc.WithSharedWriteBuffer(true), } diff --git a/internal/backend/grpc/router/server.go b/internal/backend/grpc/router/server.go index 4c10a527..91e46663 100644 --- a/internal/backend/grpc/router/server.go +++ b/internal/backend/grpc/router/server.go @@ -11,6 +11,7 @@ import ( grpc_zap "github.com/grpc-ecosystem/go-grpc-middleware/logging/zap" grpc_ctxtags "github.com/grpc-ecosystem/go-grpc-middleware/tags" "github.com/siderolabs/grpc-proxy/proxy" + _ "github.com/siderolabs/proto-codec/codec" // for encoding.CodecV2 "go.uber.org/zap" "go.uber.org/zap/zapcore" "google.golang.org/grpc" @@ -28,7 +29,7 @@ type Director interface { func NewServer(router Director, options ...grpc.ServerOption) *grpc.Server { opts := append( []grpc.ServerOption{ - grpc.ForceServerCodec(proxy.Codec()), + grpc.ForceServerCodecV2(proxy.Codec()), grpc.UnknownServiceHandler( proxy.TransparentHandler( router.Director, diff --git a/internal/backend/grpc/router/talos_backend_test.go b/internal/backend/grpc/router/talos_backend_test.go index 8100efdb..82defcd8 100644 --- a/internal/backend/grpc/router/talos_backend_test.go +++ b/internal/backend/grpc/router/talos_backend_test.go @@ -205,7 +205,7 @@ func dial(serverEndpoint string) (*grpc.ClientConn, error) { MinConnectTimeout: 20 * time.Second, }), grpc.WithTransportCredentials(creds), - grpc.WithDefaultCallOptions(grpc.ForceCodec(proxy.Codec())), + grpc.WithDefaultCallOptions(grpc.ForceCodecV2(proxy.Codec())), } return grpc.NewClient(serverEndpoint, opts...)