GO-2022-0995: Talos worker join token can be used to get elevated access level to the Talos API in github.com/talos-systems/talos

talos

module

v0.12.0 Latest Latest Go to latest Published: Aug 31, 2021 License: MPL-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/talos-systems/talos

Links

Open Source Insights

README ¶

Talos

A modern OS for Kubernetes.

Talos is a modern OS designed to be secure, immutable, and minimal. All system management is done via an API, and there is no shell or interactive console. Some of the capabilities and benefits provided by Talos include:

Security: Talos reduces your attack surface by practicing the Principle of Least Privilege (PoLP) and by securing the API with mutual TLS (mTLS) authentication.
Predictability: Talos eliminates unneeded variables and reduces unknown factors in your environment by employing immutable infrastructure ideology.
Evolvability: Talos simplifies your architecture and increases your ability to easily accommodate future changes.

Documentation

For instructions on deploying and managing Talos, see the Documentation.

Community

Slack: Join our slack channel
Support: Questions, bugs, feature requests GitHub Discussions
Forum: community
Twitter: @talossystems
Email: info@talos-systems.com

If you're interested in this project and would like to help in engineering efforts, or have general usage questions, we are happy to have you! We hold a weekly meeting that all audiences are welcome to attend.

We would appreciate your feedback so that we can make Talos even better! To do so, you can take our survey.

Office Hours

When: Mondays at 16:30 UTC.
Where: Google Meet.

You can subscribe to this meeting by joining the community forum above.

Note: You can convert the meeting hours to your local time.

Contributing

Contributions are welcomed and appreciated! See Contributing for our guidelines.

License

Directories ¶

Path	Synopsis
cmd
installer
installer/cmd
installer/pkg
installer/pkg/install
installer/pkg/ova
installer/pkg/qemuimg
talosctl
talosctl/cmd
talosctl/cmd/mgmt
talosctl/cmd/mgmt/cluster Package cluster implements "cluster" subcommands.	Package cluster implements "cluster" subcommands.
talosctl/cmd/mgmt/gen
talosctl/cmd/talos
talosctl/cmd/talos/dashboard Package dashboard implements simple UI for Talos cluster monitoring.	Package dashboard implements simple UI for Talos cluster monitoring.
talosctl/cmd/talos/dashboard/components Package components implements specific widgets for the dashboard.	Package components implements specific widgets for the dashboard.
talosctl/cmd/talos/dashboard/data Package data implements types to handle monitoring data, calculate values from it, etc.	Package data implements types to handle monitoring data, calculate values from it, etc.
talosctl/cmd/talos/output Package output provides writers in different formats.	Package output provides writers in different formats.
talosctl/pkg/mgmt/helpers
talosctl/pkg/talos/helpers
internal
app/apid
app/apid/pkg/backend Package backend implements backends satisfying proxy.Backend interface	Package backend implements backends satisfying proxy.Backend interface
app/apid/pkg/director Package director provides proxy call routing facility	Package director provides proxy call routing facility
app/apid/pkg/provider Package provider provides TLS config for client & server.	Package provider provides TLS config for client & server.
app/init
app/machined
app/machined/internal/install
app/machined/internal/server/v1alpha1
app/machined/pkg/controllers/config Package config provides controllers which manage config resources.	Package config provides controllers which manage config resources.
app/machined/pkg/controllers/files Package files provides controllers which manage file resources.	Package files provides controllers which manage file resources.
app/machined/pkg/controllers/k8s Package k8s provides controllers which manage Kubernetes resources.	Package k8s provides controllers which manage Kubernetes resources.
app/machined/pkg/controllers/network Package network provides controllers which manage network resources.	Package network provides controllers which manage network resources.
app/machined/pkg/controllers/network/operator Package operator implements network operators.	Package operator implements network operators.
app/machined/pkg/controllers/network/operator/vip Package vip contains implementations of specific methods to acquire/release virtual IPs.	Package vip contains implementations of specific methods to acquire/release virtual IPs.
app/machined/pkg/controllers/network/watch Package watch provides netlink watchers via multicast groups.	Package watch provides netlink watchers via multicast groups.
app/machined/pkg/controllers/perf
app/machined/pkg/controllers/runtime
app/machined/pkg/controllers/secrets Package secrets provides controllers which manage secret resources.	Package secrets provides controllers which manage secret resources.
app/machined/pkg/controllers/time Package time contains controllers managing time, synchronization, etc.	Package time contains controllers managing time, synchronization, etc.
app/machined/pkg/controllers/v1alpha1 Package v1alpha1 provides controllers managing v1alpha1 resources.	Package v1alpha1 provides controllers managing v1alpha1 resources.
app/machined/pkg/runtime Package runtime defines interfaces for accessing runtime specific settings, and state.	Package runtime defines interfaces for accessing runtime specific settings, and state.
app/machined/pkg/runtime/disk Package disk contains abstract utility function to filter disks in MachineState.Disk call.	Package disk contains abstract utility function to filter disks in MachineState.Disk call.
app/machined/pkg/runtime/logging Package logging provides implementations of runtime.LoggingManager.	Package logging provides implementations of runtime.LoggingManager.
app/machined/pkg/runtime/v1alpha1 Package v1alpha1 implements a `Runtime`.	Package v1alpha1 implements a `Runtime`.
app/machined/pkg/runtime/v1alpha1/acpi
app/machined/pkg/runtime/v1alpha1/board
app/machined/pkg/runtime/v1alpha1/board/bananapi_m64
app/machined/pkg/runtime/v1alpha1/board/libretech_all_h3_cc_h5
app/machined/pkg/runtime/v1alpha1/board/pine64
app/machined/pkg/runtime/v1alpha1/board/rock64
app/machined/pkg/runtime/v1alpha1/board/rockpi4
app/machined/pkg/runtime/v1alpha1/board/rpi_4
app/machined/pkg/runtime/v1alpha1/bootloader
app/machined/pkg/runtime/v1alpha1/bootloader/adv Package adv provides common interfaces to access ADV data.	Package adv provides common interfaces to access ADV data.
app/machined/pkg/runtime/v1alpha1/bootloader/adv/syslinux Package syslinux provides syslinux-compatible ADV data.	Package syslinux provides syslinux-compatible ADV data.
app/machined/pkg/runtime/v1alpha1/bootloader/adv/talos Package talos implements modern ADV which supports large size for the values and tags.	Package talos implements modern ADV which supports large size for the values and tags.
app/machined/pkg/runtime/v1alpha1/bootloader/grub
app/machined/pkg/runtime/v1alpha1/bootloader/syslinux
app/machined/pkg/runtime/v1alpha1/platform
app/machined/pkg/runtime/v1alpha1/platform/aws
app/machined/pkg/runtime/v1alpha1/platform/azure
app/machined/pkg/runtime/v1alpha1/platform/container
app/machined/pkg/runtime/v1alpha1/platform/digitalocean
app/machined/pkg/runtime/v1alpha1/platform/errors
app/machined/pkg/runtime/v1alpha1/platform/gcp
app/machined/pkg/runtime/v1alpha1/platform/metal
app/machined/pkg/runtime/v1alpha1/platform/openstack
app/machined/pkg/runtime/v1alpha1/platform/packet
app/machined/pkg/runtime/v1alpha1/platform/vmware
app/machined/pkg/runtime/v1alpha2 Package v1alpha2 provides runtime implementation based on os-runtime.	Package v1alpha2 provides runtime implementation based on os-runtime.
app/machined/pkg/system
app/machined/pkg/system/events
app/machined/pkg/system/health
app/machined/pkg/system/runner
app/machined/pkg/system/runner/containerd
app/machined/pkg/system/runner/goroutine
app/machined/pkg/system/runner/process
app/machined/pkg/system/runner/restart
app/machined/pkg/system/services
app/maintenance
app/maintenance/server
app/networkd/pkg/server
app/storaged
app/trustd
app/trustd/internal/reg
pkg/circular Package circular provides a buffer with circular semantics.	Package circular provides a buffer with circular semantics.
pkg/configuration
pkg/containers
pkg/containers/containerd Package containerd implements containers.Inspector via containerd API	Package containerd implements containers.Inspector via containerd API
pkg/containers/cri Package cri implements containers.Inspector via CRI	Package cri implements containers.Inspector via CRI
pkg/containers/cri/containerd Package containerd provides support for containerd CRI plugin	Package containerd provides support for containerd CRI plugin
pkg/containers/image
pkg/cri Package cri provides minimal CRI client.	Package cri provides minimal CRI client.
pkg/encryption Package encryption provides modules for the partition encryption handling.	Package encryption provides modules for the partition encryption handling.
pkg/encryption/keys Package keys contains various encryption KeyHandler implementations.	Package keys contains various encryption KeyHandler implementations.
pkg/etcd
pkg/kubeconfig Package kubeconfig provides Kubernetes config file handling.	Package kubeconfig provides Kubernetes config file handling.
pkg/mount
pkg/mount/switchroot
pkg/ntp Package ntp provides a time sync client via SNTP protocol.	Package ntp provides a time sync client via SNTP protocol.
pkg/partition Package partition provides common utils for system partition format.	Package partition provides common utils for system partition format.
pkg/timex Package timex provides a simple wrapper around adjtimex syscall.	Package timex provides a simple wrapper around adjtimex syscall.
pkg/tui/components
pkg/tui/installer Package installer contains terminal UI based talos interactive installer parts.	Package installer contains terminal UI based talos interactive installer parts.
pkg
archiver Package archiver provides a service to archive part of the filesystem into tar archive.	Package archiver provides a service to archive part of the filesystem into tar archive.
argsbuilder
chunker
chunker/file
chunker/stream
cli Package cli provides utilities for CLI tools.	Package cli provides utilities for CLI tools.
cluster Package cluster provides functions to access, check and inspect Talos clusters.	Package cluster provides functions to access, check and inspect Talos clusters.
cluster/check Package check provides set of checks to verify cluster readiness.	Package check provides set of checks to verify cluster readiness.
cluster/kubernetes Package kubernetes provides cluster-wide kubernetes utilities.	Package kubernetes provides cluster-wide kubernetes utilities.
cluster/sonobuoy Package sonobuoy provides functions to to run Kubernetes e2e tests.	Package sonobuoy provides functions to to run Kubernetes e2e tests.
conditions
copy
download
follow Package follow provides Reader which follows file updates and turns it into a stream.	Package follow provides Reader which follows file updates and turns it into a stream.
grpc/dialer
grpc/factory
grpc/gen
grpc/middleware/auth/basic
grpc/middleware/authz
grpc/middleware/log Package log provides simple grpc logging middleware	Package log provides simple grpc logging middleware
grpc/proxy/backend Package backend implements common proxy backends satisfying proxy.Backend interface	Package backend implements common proxy backends satisfying proxy.Backend interface
images Package images provides some default images.	Package images provides some default images.
kernel
kernel/kspp
kubernetes
kubernetes/kubelet Package kubelet provides minimal client for the kubelet API.	Package kubelet provides minimal client for the kubelet API.
logging Package logging provides logging primitives.	Package logging provides logging primitives.
makefs Package makefs provides function to format and grow filesystems.	Package makefs provides function to format and grow filesystems.
provision Package provision provides abstract definitions for Talos cluster provisioners.	Package provision provides abstract definitions for Talos cluster provisioners.
provision/access Package access provides methods to access provisioned Talos cluster.	Package access provides methods to access provisioned Talos cluster.
provision/internal/cniutils Package cniutils provides helper functions to parse CNI results.	Package cniutils provides helper functions to parse CNI results.
provision/internal/inmemhttp Package inmemhttp implements temporary HTTP server which is based off memory fs.	Package inmemhttp implements temporary HTTP server which is based off memory fs.
provision/internal/vmlinuz Package vmlinuz provides utilities for reading bzImage kernel format.	Package vmlinuz provides utilities for reading bzImage kernel format.
provision/providers
provision/providers/docker Package docker implements Provisioner via docker.	Package docker implements Provisioner via docker.
provision/providers/firecracker Package firecracker implements Provisioner via Firecracker VMs.	Package firecracker implements Provisioner via Firecracker VMs.
provision/providers/qemu
provision/providers/vm Package vm implements common methods for VM provisioners.	Package vm implements common methods for VM provisioners.
resources Package resources provides common Talos resources settings.	Package resources provides common Talos resources settings.
resources/config Package config provides resources which hold Talos node configuration.	Package config provides resources which hold Talos node configuration.
resources/files Package files provides resources which describe files on disk.	Package files provides resources which describe files on disk.
resources/k8s Package k8s provides resources which interface with Kubernetes.	Package k8s provides resources which interface with Kubernetes.
resources/network Package network provides resources which describe networking subsystem state.	Package network provides resources which describe networking subsystem state.
resources/perf
resources/runtime
resources/secrets Package secrets provides resources which store secrets.	Package secrets provides resources which store secrets.
resources/time Package time provides time-related resources.	Package time provides time-related resources.
resources/v1alpha1 Package v1alpha1 provides resources which implement "glue" code from v1alpha1 Talos init system.	Package v1alpha1 provides resources which implement "glue" code from v1alpha1 Talos init system.
safepath
startup Package startup provides utility function for process startup	Package startup provides utility function for process startup
tail
version
machinery Module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL