alldigital/PSA
2
0
Fork 0
Code Issues Pull Requests Actions 15 Packages Projects Releases Wiki Activity
PSA/ee/docs/plans/2026-03-10-talos-image-factory-scaffolding-design.md
Hermes 284313f908
Some checks are pending
Bidi Control Character Guard / bidi-control-guard (push) Waiting to run
Details
Circular Dependency Check / Check for new circular dependencies (push) Waiting to run
Details
Citus Migration Smoke / Combined migrations on single-node Citus (push) Waiting to run
Details
E2E Fresh Install Tests / fresh-install-e2e (push) Waiting to run
Details
ext-v2 guardrails / Run ext-v2 guard and ESLint (push) Waiting to run
Details
Integration Tests / Check for relevant changes (push) Waiting to run
Details
Integration Tests / ${{ (github.event_name == 'schedule' || github.event.inputs.suite == 'full') && 'Full integration suite' || 'Tier-1 integration subset' }} (push) Blocked by required conditions
Details
Mobile checks / Mobile lint + typecheck (push) Waiting to run
Details
Mobile checks / Mobile unit tests (push) Waiting to run
Details
Mobile checks / Mobile dependency audit (report) (push) Waiting to run
Details
Mobile checks / Mobile reproducibility checks (push) Waiting to run
Details
Secrets guard (env backups) / Ensure no tracked env backup files (push) Waiting to run
Details
Temporal Readiness / fast-readiness (push) Waiting to run
Details
Temporal Readiness / docker-parity (push) Waiting to run
Details
TypeScript Type Check / Nx affected typecheck (push) Waiting to run
Details
Unit Tests / Skipped-test budget (push) Waiting to run
Details
Unit Tests / Nx affected unit tests (push) Waiting to run
Details
Unit Tests / Server unit coverage (informational) (push) Waiting to run
Details
Validate Tenant Management Schema / Check for relevant changes (push) Waiting to run
Details
Validate Tenant Management Schema / Validate Tenant Management Schema (push) Blocked by required conditions
Details
EE Workflows Build Guard / ee-workflows-build-guard (push) Waiting to run
Details
Initial import of AlgaPSA codebase from PSA server 
Excluded: .git, node_modules, secrets/, compose.env, assemblyscript tgz

Source: /opt/alga-psa on psa.joliet.tech
2026-06-22 16:12:17 -05:00

2.9 KiB
Raw Blame History

Talos Image Factory Scaffolding Design

  • Date: 2026-03-10
  • Status: Approved

Summary

Add real Talos v1.12 image scaffolding to the repository using SideroLabs Image Factory instead of the placeholder appliance image builder. The first pass should generate two deterministic artifacts for the metal-amd64 platform:

  1. a Talos ISO boot asset
  2. the matching Talos installer image reference

The repository should own the schematic, release metadata, and artifact-resolution scripts. It should not yet own local VM launch helpers or first-boot cluster bootstrap changes.

Architecture

ee/appliance/ should own Talos image intent and release metadata. The current Flux deployment profile remains in place, but image generation moves to a new schematic-driven path:

  • ee/appliance/schematics/metal-amd64.yaml
  • historical removed image-build script
  • historical local release metadata (removed)
  • historical local release metadata (removed)schema.json
  • historical local channel metadata (removed)

The script flow is:

  1. Load the in-repo Talos schematic YAML.
  2. Submit the schematic to https://factory.talos.dev/schematics.
  3. Read the returned schematic ID.
  4. Construct the ISO URL for metal-amd64.iso using the schematic ID and Talos version.
  5. Construct the matching installer image reference using the same schematic ID and Talos version.
  6. Download the ISO, compute its SHA-256 digest locally, and write a release manifest that records the exact artifact pair.

Artifact Contract

The release manifest should record real, consumable Talos artifacts rather than simulated files. Recommended fields:

  • releaseVersion
  • generatedAt
  • talos.version
  • talos.schematicId
  • talos.schematicPath
  • kubernetes.version
  • os.platform
  • os.architecture
  • os.iso.url
  • os.iso.localPath
  • os.iso.sha256
  • os.installer.image
  • os.installer.digest when it can be resolved
  • app.version
  • app.valuesProfile
  • channel

Behavior:

  • fail if the schematic file is missing
  • fail if schematic resolution does not return an ID
  • fail if the ISO download fails
  • fail if the ISO checksum cannot be computed
  • fail if the installer image reference cannot be derived from the same schematic/version pair

Implementation Boundary

This pass should:

  • add the in-repo schematic file
  • add a real Image Factory-backed historical removed image-build script
  • add release schema and release channel scaffolding
  • add docs/tests for the new image build path

This pass should not:

  • launch a VM from the ISO
  • apply machine configs
  • bootstrap Flux
  • deploy Alga workloads

Validation

Required validation for this pass:

  • script help and preflight behavior work locally
  • dry-run mode renders the expected Image Factory URLs and installer image reference
  • release schema validates the generated manifest shape
  • the repository contains the approved scaffolding files and they are internally consistent