search

siderolabs / extensions

Talos Linux System Extensions
Mozilla Public License 2.0
123 stars 120 forks source link

How to install extension documentation missing actual instruction on how to install #309

Closed rnasby closed 10 months ago

rnasby commented 10 months ago

The documentation only covers how to determine the right version, but nothing that I see on how to actually instruct the OS to install it.

I am attempting to install an extension (ecr-credential-provider) in a Talos deployment and cannot seem to get the machine config patch right. The doc for 1.6 says machine.install.extensions is deprecated, but there is no mention of the preferred method.

(Using terraform talos_machine_configuration_apply

smira commented 10 months ago

This section describes installation: https://www.talos.dev/v1.6/talos-guides/configuration/system-extensions/#installing-system-extensions

This document describes it in more details with examples: https://www.talos.dev/v1.6/talos-guides/install/boot-assets/

In short: just use the Image Factory to keep it simple.

rnasby commented 10 months ago

Looked at second link and it makes sense to me. I will give it a try. I only got into this rabbit trail, because I wanted to add the ecr-credential-provider extension and saw the error in the kublet log that the bin was not found at the expected location. And I got into that because I wanted to install amazon-vpc-cni-k8s, and that was complaining about not having proper creds to pull from its ecr repository. And I got into that because I am using the aws load balancer controller and I wanted to change the service.beta.kubernetes.io/aws-load-balancer-nlb-target-type from "instance" to "ip" to both speed up networking and allow Karpenter to use AWS instance types that normally cannot be added to an AWS target group. I also was maxing out the 64 rules per security group, due to a lot of ports in the containers I am deploying. Probably should post a question in the community forums, but I would appreciate any advice.

rnasby commented 10 months ago

A related question. I am using the Talos public images that are published to AWS. Why don't they already have the ecr-credential-provider extension installed? Seems really weird to me to be missing.

smira commented 10 months ago

You can pull an AMI from the Image Factory with ecr-credential-provider pre-installed and upload it to your AWS account.