GO-2022-0995: Talos worker join token can be used to get elevated access level to the Talos API in github.com/talos-systems/talos

talos

module

v0.5.0-alpha.2 Latest Latest Go to latest Published: Apr 28, 2020 License: MPL-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/talos-systems/talos

README ¶

Talos

A modern OS for Kubernetes.

Talos is a modern OS designed to be secure, immutable, and minimal. All system management is done via an API, and there is no shell or interactive console. Some of the capabilities and benefits provided by Talos include:

Security: Talos reduces your attack surface by practicing the Principle of Least Privilege (PoLP) and by securing the API with mutual TLS (mTLS) authentication.
Predictability: Talos eliminates unneeded variables and reduces unknown factors in your environment by employing immutable infrastructure ideology.
Evolvability: Talos simplifies your architecture and increases your ability to easily accommodate future changes.

Documentation

For instructions on deploying and managing Talos, see the Documentation.

Community

Slack: Join our slack channel
Forum: community
Twitter: @talossystems
Email: info@talos-systems.com

If you're interested in this project and would like to help in engineering efforts, or have general usage questions, we are happy to have you! We hold two weekly meetings targeted for different audiences.

Office Hours

When: Mondays at 17:00 UTC.
Where: zoom.

Maintainers and Contributors

When attending this meeting, please add yourself to the meeting notes as an attendee. If you would like to discuss a specific topic, we encourage you to add it to the agenda.

When: Thursdays at 17:00 UTC.
Where: zoom.

You can subscribe to these meetings by joining the community forum above.

Note: You can convert the meeting hours to your local time.

Contributing

Contributions are welcomed and appreciated! See Contributing for our guidelines.

License

[! license](https://github.com/talos-systems/talos/blob/master/LICENSE)

Directories ¶

Path	Synopsis
api
common
health
machine
network
os
security
time
cmd
installer
installer/cmd
installer/pkg
installer/pkg/install
installer/pkg/ova
installer/pkg/qemuimg
talosctl
talosctl/cmd
talosctl/cmd/mgmt
talosctl/cmd/mgmt/cluster Package cluster implements "cluster" subcommands.	Package cluster implements "cluster" subcommands.
talosctl/cmd/talos
talosctl/pkg/mgmt/helpers
talosctl/pkg/talos/helpers
internal
app/apid
app/apid/pkg/backend Package backend implements backends satisfying proxy.Backend interface	Package backend implements backends satisfying proxy.Backend interface
app/apid/pkg/director Package director provides proxy call routing facility	Package director provides proxy call routing facility
app/apid/pkg/provider Package provider provides TLS config for client & server	Package provider provides TLS config for client & server
app/bootkube
app/init
app/machined
app/machined/internal/install
app/machined/internal/server/v1alpha1
app/machined/pkg/runtime Package runtime defines interfaces for accessing runtime specific settings, and state.	Package runtime defines interfaces for accessing runtime specific settings, and state.
app/machined/pkg/runtime/v1alpha1 Package v1alpha1 implements a `Runtime`.	Package v1alpha1 implements a `Runtime`.
app/machined/pkg/runtime/v1alpha1/acpi
app/machined/pkg/runtime/v1alpha1/bootloader
app/machined/pkg/runtime/v1alpha1/bootloader/syslinux
app/machined/pkg/runtime/v1alpha1/platform
app/machined/pkg/runtime/v1alpha1/platform/aws
app/machined/pkg/runtime/v1alpha1/platform/azure
app/machined/pkg/runtime/v1alpha1/platform/container
app/machined/pkg/runtime/v1alpha1/platform/digitalocean
app/machined/pkg/runtime/v1alpha1/platform/gcp
app/machined/pkg/runtime/v1alpha1/platform/metal
app/machined/pkg/runtime/v1alpha1/platform/packet
app/machined/pkg/runtime/v1alpha1/platform/vmware
app/machined/pkg/system
app/machined/pkg/system/events
app/machined/pkg/system/health
app/machined/pkg/system/log
app/machined/pkg/system/runner
app/machined/pkg/system/runner/containerd
app/machined/pkg/system/runner/cri Package cri implements runner via CRI interface	Package cri implements runner via CRI interface
app/machined/pkg/system/runner/goroutine
app/machined/pkg/system/runner/process
app/machined/pkg/system/runner/restart
app/machined/pkg/system/services nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint	nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint nolint: dupl,golint
app/networkd
app/networkd/pkg/address
app/networkd/pkg/networkd Package networkd handles the network interface configuration on a host.	Package networkd handles the network interface configuration on a host.
app/networkd/pkg/nic Package nic provides a way to describe and configure a network interface.	Package nic provides a way to describe and configure a network interface.
app/networkd/pkg/reg Package reg provides the gRPC network service implementation.	Package reg provides the gRPC network service implementation.
app/osd
app/osd/internal/reg
app/routerd
app/routerd/pkg/director Package director provides proxy call routing facility	Package director provides proxy call routing facility
app/timed
app/timed/pkg/ntp
app/timed/pkg/reg
app/trustd
app/trustd/internal/reg
pkg/cis
pkg/cluster Package cluster provides functions to access, check and inspect Talos clusters.	Package cluster provides functions to access, check and inspect Talos clusters.
pkg/cluster/check Package check provides set of checks to verify cluster readiness.	Package check provides set of checks to verify cluster readiness.
pkg/conditions
pkg/containers
pkg/containers/containerd Package containerd implements containers.Inspector via containerd API	Package containerd implements containers.Inspector via containerd API
pkg/containers/cri Package cri implements containers.Inspector via CRI	Package cri implements containers.Inspector via CRI
pkg/containers/cri/containerd Package containerd provides support for containerd CRI plugin	Package containerd provides support for containerd CRI plugin
pkg/containers/image
pkg/cri Package cri provides minimal CRI client	Package cri provides minimal CRI client
pkg/etcd
pkg/kernel/kspp
pkg/kernel/vmlinuz Package vmlinuz provides utilities for reading bzImage kernel format.	Package vmlinuz provides utilities for reading bzImage kernel format.
pkg/kmsg Package kmsg provides access to kernel log.	Package kmsg provides access to kernel log.
pkg/kubeconfig Package kubeconfig provides Kubernetes config file generation from machine config.	Package kubeconfig provides Kubernetes config file generation from machine config.
pkg/loadbalancer Package loadbalancer provides simple TCP loadbalancer.	Package loadbalancer provides simple TCP loadbalancer.
pkg/loadbalancer/upstream Package upstream provides utilities for choosing upstream backends based on score.	Package upstream provides utilities for choosing upstream backends based on score.
pkg/mount
pkg/mount/switchroot
pkg/provision Package provision provides abstract definitions for Talos cluster provisioners.	Package provision provides abstract definitions for Talos cluster provisioners.
pkg/provision/access Package access provides methods to access provisioned Talos cluster.	Package access provides methods to access provisioned Talos cluster.
pkg/provision/providers
pkg/provision/providers/docker Package docker implements Provisioner via docker.	Package docker implements Provisioner via docker.
pkg/provision/providers/firecracker Package firecracker implements Provisioner via Firecracker VMs.	Package firecracker implements Provisioner via Firecracker VMs.
pkg/provision/providers/firecracker/inmemhttp Package inmemhttp implements temporary HTTP server which is based off memory fs.	Package inmemhttp implements temporary HTTP server which is based off memory fs.
pkg/tail
pkg
archiver Package archiver provides a service to archive part of the filesystem into tar archive	Package archiver provides a service to archive part of the filesystem into tar archive
argsbuilder
blockdevice Package blockdevice provides a library for working with block devices.	Package blockdevice provides a library for working with block devices.
blockdevice/blkpg
blockdevice/filesystem
blockdevice/filesystem/iso9660
blockdevice/filesystem/vfat
blockdevice/filesystem/xfs Package xfs provides an interface to xfsprogs.	Package xfs provides an interface to xfsprogs.
blockdevice/lba Package lba provides a library for working with Logical Block Addresses.	Package lba provides a library for working with Logical Block Addresses.
blockdevice/probe
blockdevice/table Package table provides a library for working with block device partition tables.	Package table provides a library for working with block device partition tables.
blockdevice/table/gpt Package gpt provides a library for working with GPT partitions.	Package gpt provides a library for working with GPT partitions.
blockdevice/table/gpt/header Package header provides a library for working with GPT headers.	Package header provides a library for working with GPT headers.
blockdevice/table/gpt/partition Package partition provides a library for working with GPT partitions.	Package partition provides a library for working with GPT partitions.
blockdevice/util
chunker
chunker/file
chunker/stream
cli Package cli provides utilities for CLI tools.	Package cli provides utilities for CLI tools.
client
client/config
cmd
config
config/types/v1alpha1 Package v1alpha1 configuration file contains all the options available for configuring a machine.	Package v1alpha1 configuration file contains all the options available for configuring a machine.
config/types/v1alpha1/generate
constants
crypto/x509
download
grpc/dialer
grpc/factory
grpc/gen
grpc/middleware/auth/basic
grpc/middleware/log Package log provides simple grpc logging middleware	Package log provides simple grpc logging middleware
grpc/proxy/backend Package backend implements common proxy backends satisfying proxy.Backend interface	Package backend implements common proxy backends satisfying proxy.Backend interface
grpc/tls
kubernetes
net
proc/reaper Package reaper implements zombie process reaper with notifications.	Package reaper implements zombie process reaper with notifications.
retry
safepath
serde
startup Package startup provides utility function for process startup	Package startup provides utility function for process startup
sysctl
version
machinery Module

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL