feat: Update talos to version 1.9.1 and add selinux workaround (#90)

Update talos to version 1.9.1 and add selinux workaround
fluencelabs · Jan 15, 2025 · e56a220 · e56a220
1 parent 9436ed8
commit e56a220
Show file tree

Hide file tree

Showing 5 changed files with 46 additions and 4 deletions.
diff --git a/ephemeral/instance.tf b/ephemeral/instance.tf
@@ -12,7 +12,7 @@ resource "digitalocean_ssh_key" "spectrum" {
 }
 
 data "digitalocean_image" "talos" {
-  name = "talos-v1.8.4"
+  name = "talos-v1.9.1"
 }
 
 resource "digitalocean_droplet" "talos" {

diff --git a/flux/components/kubevirt/app/disable-selinux.yml b/flux/components/kubevirt/app/disable-selinux.yml
@@ -0,0 +1,41 @@
+# See:
+# - https://github.com/siderolabs/talos/issues/10083
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: disable-selinux
+  namespace: kube-system
+  labels:
+    app: disable-selinux
+spec:
+  selector:
+    matchLabels:
+      app: disable-selinux
+  template:
+    metadata:
+      labels:
+        app: disable-selinux
+    spec:
+      containers:
+      - command:
+        - sh
+        - -exc
+        - test -f /host/sys/fs/selinux/enforce && mount -t tmpfs tmpfs /host/sys/fs/selinux; sleep infinity
+        image: docker.io/library/alpine
+        name: mount
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - mountPath: /host
+          mountPropagation: Bidirectional
+          name: host-root
+      hostIPC: true
+      hostNetwork: true
+      hostPID: true
+      tolerations:
+      - operator: Exists
+      volumes:
+      - hostPath:
+          path: /
+        name: host-root
diff --git a/flux/components/kubevirt/app/kustomization.yml b/flux/components/kubevirt/app/kustomization.yml
@@ -5,6 +5,7 @@ resources:
   - https://github.com/kubevirt/kubevirt/releases/download/v1.4.0/kubevirt-cr.yaml
   - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-operator.yaml
   - https://github.com/kubevirt/containerized-data-importer/releases/download/v1.60.3/cdi-cr.yaml
+  - disable-selinux.yml
 patches:
   - target:
       kind: Deployment

diff --git a/terraform-modules/talos/talos.tf b/terraform-modules/talos/talos.tf
@@ -1,13 +1,13 @@
 resource "talos_machine_secrets" "this" {
-  talos_version = "v1.8"
+  talos_version = "v1.9"
 }
 
 data "talos_machine_configuration" "this" {
   cluster_name     = var.cluster_name
   machine_type     = "controlplane"
   cluster_endpoint = "https://${var.server_ip}:6443"
   machine_secrets  = talos_machine_secrets.this.machine_secrets
-  talos_version    = "v1.8"
+  talos_version    = "v1.9"
   config_patches = [
     templatefile("${path.module}/templates/controlplane_patch.yml", {})
   ]

diff --git a/terraform-modules/talos/templates/controlplane_patch.yml b/terraform-modules/talos/templates/controlplane_patch.yml
@@ -5,7 +5,7 @@ machine:
   install:
       diskSelector:
         size: '>= 100GB'
-      image: ghcr.io/siderolabs/installer:v1.8.4
+      image: ghcr.io/siderolabs/installer:v1.9.1
       bootloader: true
       wipe: true
   kubelet: