Finish System Extension

Dockerfile

@@ -1,3 +1,4 @@
+#### Build binary
 FROM golang:1.22.1-alpine AS builder
 WORKDIR /build
 COPY . .
@@ -9,7 +10,15 @@ RUN go test -v ./... && \
     go vet ./... && \
     go build -ldflags="-s -w" -trimpath -o talos-vmtoolsd ./cmd/talos-vmtoolsd
 
+#### Build system extension tree
+FROM alpine:3.19 AS stage
+RUN mkdir -p /stage/rootfs/usr/local/etc/containers
+RUN mkdir -p /stage/rootfs/usr/local/lib/containers/talos-vmtoolsd
+COPY --from=builder /build/talos-vmtoolsd /stage/rootfs/usr/local/lib/containers/talos-vmtoolsd/
+COPY ./manifest.yaml /stage/
+COPY ./talos-vmtoolsd.yaml /stage/rootfs/usr/local/etc/containers/
+
+#### Build final container
 FROM scratch
-WORKDIR /bin
-COPY --from=builder /build/talos-vmtoolsd /bin/talos-vmtoolsd
-ENTRYPOINT ["/bin/talos-vmtoolsd"]
+COPY --from=stage /stage /
+ENTRYPOINT ["/rootfs/usr/local/lib/containers/talos-vmtoolsd/talos-vmtoolsd"]

Makefile

@@ -15,9 +15,6 @@ talos-vmtoolsd:
 	go build -ldflags="-s -w" -trimpath -o $@ ./cmd/$@
 
 docker-build:
-	docker buildx build . --tag $(REGISTRY_AND_USERNAME)/${IMAGE_NAME}:$(IMAGE_TAG) --file Dockerfile
+	docker buildx build . --tag $(REGISTRY_AND_USERNAME)/${IMAGE_NAME}:$(IMAGE_TAG)
 
-docker-build-extension:
-	docker buildx build . --tag $(REGISTRY_AND_USERNAME)/${IMAGE_NAME}-system-extension:$(IMAGE_TAG) --file system-extension/Dockerfile
-
-.PHONY: talos-vmtoolsd docker-build docker-build-extension
+.PHONY: talos-vmtoolsd docker-build

README.md

@@ -6,36 +6,59 @@
 
 Deploying this program on your Talos cluster provides native integration of Talos with vSphere/vCenter.
 
-# Installation
+# Installation as a Talos System Extension
 
-A standard K8s DaemonSet is used for deployment.
+The preferred use is as a [System Extension](https://www.talos.dev/latest/talos-guides/configuration/system-extensions/).
+Please refer to the Talos documentation on how to build [Boot Assets](https://www.talos.dev/latest/talos-guides/install/boot-assets/#imager)
+that include `talos-vmtoolsd`.
 
-Start by providing authorization credentials to enable talos-vmtoolsd to talk with apid. Admin credentials are required in order to issue reboot/shutdown commands.
+Basically, for a node upgrade, it boils down to something like this:
 
 ```
-# create new Talos API credentials
-# (insert a control plane node's IP at $IP)
-talosctl -n $IP config new vmtoolsd-secret.yaml --roles os:admin
+# Generate installer image including `talos-vmtoolsd`
+docker run --rm --tty \
+    --volume $PWD/_out:/out ghcr.io/siderolabs/imager:<talos version> \
+    installer \
+    --system-extension-image ghcr.io/siderolabs/talos-vmtoolsd:<talos vmtoolsd version>
+
+# Push the installer image as a container to your registry
+crane push _out/installer-amd64.tar ghcr.io/<username></username>/talos-installer:<talos version>
+
+# Upgrade node
+talosctl upgrade --nodes <node ip> \
+    --image ghcr.io/<username></username>/talos-installer:<talos version>
+```
+
+# Installation as a DaemonSet
+
+Start by providing authorization credentials to enable talos-vmtoolsd to talk with apid.
+Admin credentials are required in order to issue reboot/shutdown commands.
+
+```
+# Create new Talos API credentials
+talosctl --nodes <node ip> config new vmtoolsd-secret.yaml --roles os:admin
 
-# import API credentials into K8s
-kubectl -n kube-system create secret generic talos-vmtoolsd-config \
-  --from-file=talosconfig=./vmtoolsd-secret.yaml
+# Import API credentials into K8s
+kubectl --namespace kube-system \
+    create secret generic talos-vmtoolsd-config \
+    --from-file=talosconfig=./vmtoolsd-secret.yaml
 
-# delete temporary credentials file
+# Delete temporary credentials file
 rm vmtoolsd-secret.yaml
 ```
 
 Install or upgrade `talos-vmtoolsd`:
 
 ```
-kubectl apply -f https://raw.githubusercontent.com/siderolabs/talos-vmtoolsd/master/deploy/latest.yaml
+kubectl apply --filename https://raw.githubusercontent.com/siderolabs/talos-vmtoolsd/master/deploy/latest.yaml
 ```
 
 # Talos Compatibility Matrix
 
 | ⬇️ Tools \ Talos ➡️ | 0.7 - 0.10 | 0.11 - 0.13 | 0.14 - 1.4 | 1.4 | 1.5 | 1.6+
 | ------------------ | ---------- | ----------- | ---------- | --- | --- | ----
-| **0.4** (current) |  ❌         | ❌           | ❌        | ✅   | ✅    | ✅    |
+| **0.5** (current) |  ❌         | ❌           | ❌        | ✅   | ✅    | ✅    |
+| **0.4**           |  ❌         | ❌           | ❌        | ✅   | ✅    | ✅    |
 | **0.3**           |  ❌         | ✅           | ✅        | ✅   | ❌    | ❌    |
 | **0.2**           |  ✅         | ✅           | ❌        | ❌   | ❌    | ❌    |
 

go.mod

@@ -15,46 +15,46 @@ require (
 )
 
 require (
-	github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
-	github.com/ProtonMail/gopenpgp/v2 v2.7.4 // indirect
+	github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect
 	github.com/adrg/xdg v0.4.0 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/containerd/go-cni v1.1.9 // indirect
 	github.com/containernetworking/cni v1.1.2 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/gertd/go-pluralize v0.2.1 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/josharian/native v1.1.0 // indirect
-	github.com/jsimonetti/rtnetlink v1.4.0 // indirect
+	github.com/jsimonetti/rtnetlink v1.4.1 // indirect
 	github.com/mdlayher/ethtool v0.1.0 // indirect
 	github.com/mdlayher/genetlink v1.3.2 // indirect
 	github.com/mdlayher/netlink v1.7.2 // indirect
-	github.com/mdlayher/socket v0.4.1 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/mdlayher/socket v0.5.1 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
-	github.com/siderolabs/crypto v0.4.1 // indirect
-	github.com/siderolabs/gen v0.4.7 // indirect
-	github.com/siderolabs/go-api-signature v0.3.1 // indirect
+	github.com/siderolabs/crypto v0.4.4 // indirect
+	github.com/siderolabs/gen v0.4.8 // indirect
+	github.com/siderolabs/go-api-signature v0.3.2 // indirect
 	github.com/siderolabs/go-blockdevice v0.4.7 // indirect
 	github.com/siderolabs/go-pointer v1.0.0 // indirect
 	github.com/siderolabs/net v0.4.0 // indirect
 	github.com/siderolabs/protoenc v0.2.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.18.0 // indirect
-	golang.org/x/net v0.20.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.21.0 // indirect
+	golang.org/x/net v0.22.0 // indirect
 	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.16.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240123012728-ef4313101c80 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240123012728-ef4313101c80 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240325203815-454cdb8f5daa // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240325203815-454cdb8f5daa // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )