Major refactor of the tool

.dockerignore

@@ -5,6 +5,7 @@
 *
 !cmd
 !internal
+!pkg
 !go.mod
 !go.sum
 !.golangci.yml

.github/renovate.json

@@ -1,31 +1,36 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "description": "THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.",
+    "prHeader": "Update Request | Renovate Bot",
     "extends": [
         ":dependencyDashboard",
         ":gitSignOff",
         ":semanticCommitScopeDisabled",
         "schedule:earlyMondays"
     ],
-    "prHeader": "Update Request | Renovate Bot",
     "packageRules": [
         {
-            "matchPackagePatterns": [
-                "*"
-            ],
-            "matchDatasources": [
-                "docker"
-            ],
-            "groupName": "container images"
+            "groupName": "dependencies",
+            "matchUpdateTypes": [
+                "major",
+                "minor",
+                "patch",
+                "pin",
+                "digest"
+            ]
         },
         {
-            "matchPackagePatterns": [
-                "*"
-            ],
-            "matchDatasources": [
-                "go",
-                "golang-version"
-            ],
-            "groupName": "go packages"
+            "enabled": false,
+            "matchFileNames": [
+                "Dockerfile"
+            ]
+        },
+        {
+            "enabled": false,
+            "matchFileNames": [
+                ".github/workflows/*.yaml"
+            ]
         }
-    ]
+    ],
+    "separateMajorMinor": false
 }

.github/workflows/slack-notify.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-03-28T12:14:24Z by kres 88d1199.
+# Generated on 2025-02-10T19:53:43Z by kres 5e9dc91.
 
 name: slack-notify
 "on":
@@ -24,11 +24,12 @@ jobs:
         run: |
           echo pull_request_number=$(gh pr view -R ${{ github.repository }} ${{ github.event.workflow_run.head_repository.owner.login }}:${{ github.event.workflow_run.head_branch }} --json number --jq .number) >> $GITHUB_OUTPUT
       - name: Slack Notify
-        uses: slackapi/slack-github-action@v1
+        uses: slackapi/slack-github-action@v2
         with:
-          channel-id: proj-talos-maintainers
+          method: chat.postMessage
           payload: |
             {
+                "channel": "proj-talos-maintainers",
                 "attachments": [
                     {
                         "color": "${{ github.event.workflow_run.conclusion == 'success' && '#2EB886' || github.event.workflow_run.conclusion == 'failure' && '#A30002' || '#FFCC00' }}",
@@ -88,5 +89,4 @@ jobs:
                     }
                 ]
             }
-        env:
-          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+          token: ${{ secrets.SLACK_BOT_TOKEN }}

.golangci.yml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-30T11:32:20Z by kres faf91e3.
+# Generated on 2025-02-10T19:53:43Z by kres 5e9dc91.
 
 # options for analysis running
 run:
@@ -17,7 +17,6 @@ output:
       path: stdout
   print-issued-lines: true
   print-linter-name: true
-  uniq-by-line: true
   path-prefix: ""
 
 # all available settings of specific linters
@@ -116,7 +115,6 @@ linters:
     - gochecknoglobals
     - gochecknoinits
     - godox
-    - gomnd
     - gomoddirectives
     - gosec
     - inamedparam
@@ -135,6 +133,7 @@ linters:
     - perfsprint # complains about us using fmt.Sprintf in non-performance critical code, updating just kres took too long
     - goimports # same as gci
     - musttag # seems to be broken - goes into imported libraries and reports issues there
+    - exportloopref # WARN The linter 'exportloopref' is deprecated (since v1.60.2) due to: Since Go1.22 (loopvar) this linter is no longer relevant. Replaced by copyloopvar.
 
 issues:
   exclude: [ ]
@@ -144,6 +143,7 @@ issues:
   max-issues-per-linter: 10
   max-same-issues: 3
   new: false
+  uniq-by-line: true
 
 severity:
   default-severity: error

.kres.yaml

@@ -21,6 +21,8 @@ spec:
   copyFrom:
     - stage: extension
   entrypoint: /rootfs/usr/local/lib/containers/talos-vmtoolsd/talos-vmtoolsd
+  entrypointArgs:
+    - vmtoolsd
 ---
 kind: auto.CustomSteps
 spec:

.license-header.go.txt

@@ -1,3 +1,2 @@
-// This Source Code Form is subject to the terms of the Mozilla Public
-// License, v. 2.0. If a copy of the MPL was not distributed with this
-// file, You can obtain one at http://mozilla.org/MPL/2.0/.
+// SPDX-FileCopyrightText: Copyright (c) 2020 Oliver Kuckertz, Siderolabs and Equinix
+// SPDX-License-Identifier: Apache-2.0

Dockerfile

@@ -1,8 +1,8 @@
-# syntax = docker/dockerfile-upstream:1.9.0-labs
+# syntax = docker/dockerfile-upstream:1.12.1-labs
 
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-30T11:32:20Z by kres faf91e3.
+# Generated on 2025-02-10T19:53:43Z by kres 5e9dc91.
 
 ARG TOOLCHAIN
 
@@ -12,12 +12,12 @@ COPY manifest.yaml /
 COPY talos-vmtoolsd.yaml /rootfs/usr/local/etc/containers/talos-vmtoolsd.yaml
 
 # runs markdownlint
-FROM docker.io/oven/bun:1.1.20-alpine AS lint-markdown
+FROM docker.io/oven/bun:1.1.43-alpine AS lint-markdown
 WORKDIR /src
-RUN bun i markdownlint-cli@0.41.0 sentences-per-line@0.2.1
+RUN bun i markdownlint-cli@0.43.0 sentences-per-line@0.3.0
 COPY .markdownlint.json .
 COPY ./README.md ./README.md
-RUN bunx markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules node_modules/sentences-per-line/index.js .
+RUN bunx markdownlint --ignore "CHANGELOG.md" --ignore "**/node_modules/**" --ignore '**/hack/chglog/**' --rules sentences-per-line .
 
 # base toolchain image
 FROM --platform=${BUILDPLATFORM} ${TOOLCHAIN} AS toolchain
@@ -55,6 +55,7 @@ RUN --mount=type=cache,target=/go/pkg go mod download
 RUN --mount=type=cache,target=/go/pkg go mod verify
 COPY ./cmd ./cmd
 COPY ./internal ./internal
+COPY ./pkg ./pkg
 RUN --mount=type=cache,target=/go/pkg go list -mod=readonly all >/dev/null
 
 FROM tools AS embed-generate
@@ -132,5 +133,5 @@ ARG TARGETARCH
 COPY --from=talos-vmtoolsd talos-vmtoolsd-linux-${TARGETARCH} /rootfs/usr/local/lib/containers/talos-vmtoolsd/talos-vmtoolsd
 COPY --from=extension / /
 LABEL org.opencontainers.image.source=https://github.com/siderolabs/talos-vmtoolsd
-ENTRYPOINT ["/rootfs/usr/local/lib/containers/talos-vmtoolsd/talos-vmtoolsd"]
+ENTRYPOINT ["/rootfs/usr/local/lib/containers/talos-vmtoolsd/talos-vmtoolsd","vmtoolsd"]
 

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-07-30T11:32:20Z by kres faf91e3.
+# Generated on 2025-02-10T19:53:43Z by kres 5e9dc91.
 
 # common variables
 
@@ -17,15 +17,15 @@ WITH_RACE ?= false
 REGISTRY ?= ghcr.io
 USERNAME ?= siderolabs
 REGISTRY_AND_USERNAME ?= $(REGISTRY)/$(USERNAME)
-PROTOBUF_GO_VERSION ?= 1.34.2
-GRPC_GO_VERSION ?= 1.4.0
-GRPC_GATEWAY_VERSION ?= 2.20.0
+PROTOBUF_GO_VERSION ?= 1.36.2
+GRPC_GO_VERSION ?= 1.5.1
+GRPC_GATEWAY_VERSION ?= 2.25.1
 VTPROTOBUF_VERSION ?= 0.6.0
-GOIMPORTS_VERSION ?= 0.23.0
+GOIMPORTS_VERSION ?= 0.29.0
 DEEPCOPY_VERSION ?= v0.5.6
-GOLANGCILINT_VERSION ?= v1.59.1
-GOFUMPT_VERSION ?= v0.6.0
-GO_VERSION ?= 1.22.5
+GOLANGCILINT_VERSION ?= v1.63.4
+GOFUMPT_VERSION ?= v0.7.0
+GO_VERSION ?= 1.23.6
 GO_BUILDFLAGS ?=
 GO_LDFLAGS ?=
 CGO_ENABLED ?= 0
@@ -41,10 +41,12 @@ PLATFORM ?= linux/amd64
 PROGRESS ?= auto
 PUSH ?= false
 CI_ARGS ?=
+BUILDKIT_MULTI_PLATFORM ?=
 COMMON_ARGS = --file=Dockerfile
 COMMON_ARGS += --provenance=false
 COMMON_ARGS += --progress=$(PROGRESS)
 COMMON_ARGS += --platform=$(PLATFORM)
+COMMON_ARGS += --build-arg=BUILDKIT_MULTI_PLATFORM=$(BUILDKIT_MULTI_PLATFORM)
 COMMON_ARGS += --push=$(PUSH)
 COMMON_ARGS += --build-arg=ARTIFACTS="$(ARTIFACTS)"
 COMMON_ARGS += --build-arg=SHA="$(SHA)"
@@ -67,7 +69,7 @@ COMMON_ARGS += --build-arg=DEEPCOPY_VERSION="$(DEEPCOPY_VERSION)"
 COMMON_ARGS += --build-arg=GOLANGCILINT_VERSION="$(GOLANGCILINT_VERSION)"
 COMMON_ARGS += --build-arg=GOFUMPT_VERSION="$(GOFUMPT_VERSION)"
 COMMON_ARGS += --build-arg=TESTPKGS="$(TESTPKGS)"
-TOOLCHAIN ?= docker.io/golang:1.22-alpine
+TOOLCHAIN ?= docker.io/golang:1.23-alpine
 
 # help menu
 
@@ -143,8 +145,20 @@ clean:  ## Cleans up all artifacts.
 target-%:  ## Builds the specified target defined in the Dockerfile. The build result will only remain in the build cache.
 	@$(BUILD) --target=$* $(COMMON_ARGS) $(TARGET_ARGS) $(CI_ARGS) .
 
+registry-%:  ## Builds the specified target defined in the Dockerfile and the output is an image. The image is pushed to the registry if PUSH=true.
+	@$(MAKE) target-$* TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/$(IMAGE_NAME):$(IMAGE_TAG)" BUILDKIT_MULTI_PLATFORM=1
+
 local-%:  ## Builds the specified target defined in the Dockerfile using the local output type. The build result will be output to the specified local destination.
 	@$(MAKE) target-$* TARGET_ARGS="--output=type=local,dest=$(DEST) $(TARGET_ARGS)"
+	@PLATFORM=$(PLATFORM) DEST=$(DEST) bash -c '\
+	  for platform in $$(tr "," "\n" <<< "$$PLATFORM"); do \
+	    directory="$${platform//\//_}"; \
+	    if [[ -d "$$DEST/$$directory" ]]; then \
+		  echo $$platform; \
+	      mv -f "$$DEST/$$directory/"* $$DEST; \
+	      rmdir "$$DEST/$$directory/"; \
+	    fi; \
+	  done'
 
 generate:  ## Generate .proto definitions.
 	@$(MAKE) local-$@ DEST=./
@@ -197,7 +211,7 @@ lint: lint-golangci-lint lint-gofumpt lint-govulncheck lint-markdown  ## Run all
 
 .PHONY: image-talos-vmtoolsd
 image-talos-vmtoolsd:  ## Builds image for talos-vmtoolsd.
-	@$(MAKE) target-$@ TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/talos-vmtoolsd:$(IMAGE_TAG)"
+	@$(MAKE) registry-$@ IMAGE_NAME="talos-vmtoolsd"
 
 .PHONY: rekres
 rekres:

README.md

@@ -48,20 +48,40 @@ kubectl --namespace kube-system \
 rm vmtoolsd-secret.yaml
 ```
 
+If you craft your own manifests, please remember the note about `GRPC_ENFORCE_ALPN_ENABLED=false` below.
+
 Install or upgrade `talos-vmtoolsd`:
 
 ```bash
 kubectl apply --filename https://raw.githubusercontent.com/siderolabs/talos-vmtoolsd/master/deploy/latest.yaml
 ```
 
+Remember
+
 ## Talos Compatibility Matrix
 
-| ⬇️ Tools \ Talos ➡️ | 0.7 - 0.10 | 0.11 - 0.13 | 0.14 - 1.4 | 1.4 | 1.5 | 1.6+ |
-| ----------------- | ---------- | ----------- | ---------- | --- | --- | ---- |
-| **0.5** (current) | ❌          | ❌           | ❌          | ✅   | ✅   | ✅    |
-| **0.4**           | ❌          | ❌           | ❌          | ✅   | ✅   | ✅    |
-| **0.3**           | ❌          | ✅           | ✅          | ✅   | ❌   | ❌    |
-| **0.2**           | ✅          | ✅           | ❌          | ❌   | ❌   | ❌    |
+Please find an [older version of this matrix](https://github.com/siderolabs/talos-vmtoolsd/blob/0.4.0/README.md)
+for compatibility with older Talos and vmtoolsd-verions.
+
+| ⬇️ Tools \ Talos ➡️ |  1.5 | 1.6 | 1.7 | 1.8 | 1.9 |
+| ------------------ | --- | ----| --- | ---- | --- |
+| **1.0** (current)  |  ⚠️   |  ⚠️  |  ⚠️  |  ⚠️  | ✅  |
+| **0.6**            |  ✅  | ✅  | ✅  | ✅  | ⚠️  |
+| **0.5**            |  ✅  | ✅  |     |     |    |
+
+Talos 1.8+ carries gRPC >= 1.67, which [has issues with older gRPC](https://github.com/siderolabs/talos/issues/9463),
+and causes gRPC errors like these:
+
+```text
+rpc error: code = Unavailable desc = connection error: desc = \"transport: authentication handshake failed: credentials: cannot check peer: missing selected ALPN property\"
+```
+
+There are two workarounds:
+
+1. use older (< 0.7) `talos-vmtoolsd` on older (< 1.9) Talos versions
+2. set `GRPC_ENFORCE_ALPN_ENABLED=false` and everything will be fine
+
+The latter option is used in the system extention and example manifests.
 
 ## Roadmap
 
@@ -93,6 +113,7 @@ It simply translates between both interfaces and thereby seamlessly integrates t
 
 ## Attribution
 
+This tool was originally written by Oliver Kuckertz, and was adopted by Equinix and Siderolabs.
 Talos-vmtoolsd is based on VMware's custom VIC toolbox of the govmomi project.
 I have reduced the toolbox's functionality to the bare minimum required by vSphere.
 Its main service has been refactored for plugin support.