Documentation
¶
Overview ¶
Package cmd implements the entrypoint of the image factory.
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var DefaultOptions = Options{ HTTPListenAddr: ":8080", MinTalosVersion: "1.2.0", ImageRegistry: "ghcr.io", ContainerSignatureSubjectRegExp: `@siderolabs\.com$`, ContainerSignatureIssuerRegExp: "", ContainerSignatureIssuer: "https://accounts.google.com", AssetBuildMaxConcurrency: 6, ExternalURL: "https://localhost/", SchematicServiceRepository: "ghcr.io/siderolabs/image-factory/schematics", InstallerInternalRepository: "ghcr.io/siderolabs", InstallerExternalRepository: "ghcr.io/siderolabs", TalosVersionRecheckInterval: 15 * time.Minute, CacheRepository: "ghcr.io/siderolabs/image-factory/cache", MetricsListenAddr: ":2122", }
DefaultOptions are the default options.
Functions ¶
Types ¶
type Options ¶
type Options struct {
// Listen address for the HTTP frontend.
HTTPListenAddr string
// Asset builder options: minimum supported Talos version.
MinTalosVersion string
// Image registry for source images: imager, extensions, etc..
ImageRegistry string
// Allow insecure connection to the image registry
InsecureImageRegistry bool
// Options to verify container signatures for imager, extensions, etc.
ContainerSignatureSubjectRegExp string
ContainerSignatureIssuerRegExp string
ContainerSignatureIssuer string
// Maximum number of concurrent asset builds.
AssetBuildMaxConcurrency int
// External URL of the image factory HTTP frontend.
ExternalURL string
// External URL of the image factory PXE frontend.
ExternalPXEURL string
// Schematic service OCI registry prefix.
// It stores schematics for the image factory as blobs under that path.
SchematicServiceRepository string
// Allow insecure connection to the schematic service repository.
InsecureSchematicRepository bool
// OCI registry to store installer images has two endpoints:
// - one for the image factory to push images to
// - external one for the redirects
InstallerInternalRepository string
InstallerExternalRepository string
// Allow insecure connection to the internal installer repository
InsecureInstallerInternalRepository bool
// TalosVersionRecheckInterval is the interval for rechecking Talos versions.
TalosVersionRecheckInterval time.Duration
// CacheSigningKeyPath is the path to the signing key for the cache.
//
// Best choice is to use ECDSA key.
CacheSigningKeyPath string
// OCI registry to use to store cached boot assets.
// Only used internally by the image factory.
CacheRepository string
// Allow insecure connection to the cache repository.
InsecureCacheRepository bool
// Bind address for Prometheus metrics.
//
// Leave empty to disable.
MetricsListenAddr string
// SecureBoot settings.
SecureBoot SecureBootOptions
}
Options configures image factory.
type SecureBootOptions ¶ added in v0.2.0
type SecureBootOptions struct {
// Enable SecureBoot asset generation.
Enabled bool
// File-based approach.
SigningKeyPath, SigningCertPath string
PCRKeyPath string
// Azure Key Vault approach.
AzureKeyVaultURL string
AzureCertificateName string
AzureKeyName string
}
SecureBootOptions configures SecureBoot.
Source Files
Click to show internal directories.
Click to hide internal directories.