From 997644222994b1c040529c1452cd62930d022552 Mon Sep 17 00:00:00 2001 From: github-actions Date: Sun, 9 Feb 2025 07:05:07 +0000 Subject: [PATCH] Deployed fa05162 to develop with MkDocs 1.4.2 and mike 1.2.0.dev0 --- develop/reference/configuration/index.html | 22 ++++++++++++++++++++++ develop/search/search_index.json | 2 +- 2 files changed, 23 insertions(+), 1 deletion(-) diff --git a/develop/reference/configuration/index.html b/develop/reference/configuration/index.html index 7d05883f..fa1f451e 100644 --- a/develop/reference/configuration/index.html +++ b/develop/reference/configuration/index.html @@ -85,6 +85,8 @@
  • InstallDiskSelector
    • +
  • InlineManifest +
  • MachineDisk
  • MachineFile @@ -320,6 +322,22 @@

    Config

    ❎ +inlineManifests +[]InlineManifest +A list of inline Kubernetes manifests for the cluster.
    Show example +
    inlineManifests:
+  - name: namespace-ci
+    contents: |-
+      apiVersion: v1
+      kind: Namespace
+      metadata:
+        name: ci
+
    +
    +[] +❎ + + controlPlane NodeConfigs Configurations targetted for all controlplane nodes.
    Show example @@ -1036,10 +1054,14 @@

    CNIConfig

    CNIConfig is type of upstream Talos v1alpha1.CNIConfig

    InstallDiskSelector

    InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector.

    +

    InlineManifest

    +

    InlineManifest is type of upstream Talos v1alpha1.ClusterInlineManifest

    +

    In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml)

    MachineDisk

    MachineDisk is type of upstream Talos v1alpha1.MachineDisk

    MachineFile

    MachineFile is type of upstream Talos v1alpha1.MachineFile

    +

    In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml)

    InstallExtensionConfig

    InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig

    Schematic

    diff --git a/develop/search/search_index.json b/develop/search/search_index.json index b9fae726..35ff8cb8 100644 --- a/develop/search/search_index.json +++ b/develop/search/search_index.json @@ -1 +1 @@ -{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Introduction Overview talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . You can say talhelper is like kustomize but for Talos manifest files with SOPS support natively. In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public. Why should I use Talhelper The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section. Alternatives There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider Bug report and feature request If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Introduction"},{"location":"#introduction","text":"","title":"Introduction"},{"location":"#overview","text":"talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . You can say talhelper is like kustomize but for Talos manifest files with SOPS support natively. In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public.","title":"Overview"},{"location":"#why-should-i-use-talhelper","text":"The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section.","title":"Why should I use Talhelper"},{"location":"#alternatives","text":"There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider","title":"Alternatives"},{"location":"#bug-report-and-feature-request","text":"If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Bug report and feature request"},{"location":"contributing/","text":"Contributing Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"contributing/#contributing","text":"Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"getting-started/","text":"Getting Started Before you begin There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation. Scenarios Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started: You already have a Talos cluster running If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration. You are starting from scratch If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"Getting Started"},{"location":"getting-started/#getting-started","text":"","title":"Getting Started"},{"location":"getting-started/#before-you-begin","text":"There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation.","title":"Before you begin"},{"location":"getting-started/#scenarios","text":"Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started:","title":"Scenarios"},{"location":"getting-started/#you-already-have-a-talos-cluster-running","text":"If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"You already have a Talos cluster running"},{"location":"getting-started/#you-are-starting-from-scratch","text":"If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"You are starting from scratch"},{"location":"guides/","text":"Guides Example talconfig.yaml A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference . DRY (Don't Repeat Yourself) in talconfig.yaml A lot of times, you have similar configurations for all your nodes. Instead of writing them multiple times for each node, you can make use of controlPlane and worker fields as \"global configurations\" for all your node group. --- clusterName : my-cluster nodes : - hostname : cp1 controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda - hostname : cp2 controlPlane : true ipAddress : 192.168.200.12 installDisk : /dev/sda controlPlane : schematic : customization : extraKernelArgs : - net.ifnames=0 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" The schematic and patches defined in controlPlane will be applied to both cp1 and cp2 because they're both in the group of controlPlane nodes. Note NodeConfigs you define in controlPlane or worker will be overwritten if you define them per node in nodes[] section. But, for patches and extraManifests they are appended instead because it makes more sense. You can modify the default behavior by adding overridePatches: true and overrideExtraManifests: true inside nodes[] for node you don't want the default behavior. Adding Talos extensions and kernel arguments Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 . Adding Ingress Firewall and extra manifests for each node With the addition of Ingress Firewall in Talos v1.6 and their future plan of multi-document machine configuration, you can now add firewall rules and extra manifests for each node. Let's say you want to strengthen your nodes like described in the recommended rules . You can achieve it like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 clusterSvcNets : - ${CLUSTER_SUBNET} ## Define this in your talenv.yaml file controlPlane : ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : ${CLUSTER_SUBNET} - name : apid-ingress portSelector : ports : - 50000 protocol : tcp ingress : - subnet : 0.0.0.0/0 - subnet : ::/0 - ... nodes : - name : worker1 controlPlane : false ipAddress : 192.168.200.12 extraManifests : - worker1-firewall.yaml You can add ingressFirewall and extraManifests below controlPlane or worker field for node groups that you want to apply. Or you can add them to nodes[] field for specific node you want to apply. Configuring SOPS for Talhelper sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files. Using Doppler instead of SOPS If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Generating talosctl commands for bash scripting Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation . Generate single config file for multiple nodes Thanks to the idea from onedr0p , you can generate a single config file for multiple nodes. This is useful if you have identical hardware for all your nodes and you use DHCP server to manage your node's IP address and hostname. The idea is to set nodes[].ignoreHostname to true and set nodes[].ipAddress to multiple IP addresses separated by comma: --- clusterName : my-cluster nodes : - hostname : controller ipAddress : 192.168.10.11, 192.168.10.12, 192.168.10.13 controlPlane : true ignoreHostname : true - hostname : worker ipAddress : 192.168.10.14, 192.168.10.15, 192.168.10.16 controlPlane : false ignoreHostname : true This will generate my-cluster-controller.yaml and my-cluster-worker.yaml that you can apply with talosctl apply-config command. You can also use talhelper gencommand -n to generate the talosctl commands for your nodes. Selfhosted Image Factory By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs. Templating node labels or annotations for system-upgrade-controller Some configuration fields can use Helm-like templating. These templates have the ability to reference other configuration fields and run Sprig functions . This is useful for passing Talos information to Kubernetes workloads, such as system-upgrade-controller plans. To upgrade Talos on a node, the upgrade controller needs the name of the installer image, which is generated by talhelper. This can be added to node annotations as follows: --- nodes : - hostname : my-node nodeAnnotations : installerImage : '{{ .MachineConfig.MachineInstall.InstallImage }}' This can then be queried at upgrade time to determine what image to use: --- apiVersion : upgrade.cattle.io/v1 kind : Plan metadata : name : talos-upgrade spec : serviceAccountName : system-upgrade-controller version : ${TALOS_VERSION} secrets : - name : talos-credentials path : /var/run/secrets/talos.dev upgrade : image : alpine/k8s:1.31.2 envs : - name : NODE_NAME valueFrom : fieldRef : fieldPath : spec.nodeName command : - bash args : - -c - >- INSTALLER_IMAGE=\"$( kubectl get node \"${NODE_NAME}\" -o yaml | yq 'metadata.annotations[\"installerImage\"]' )\" talosctl -n \"${NODE_NAME}\" -e \"${NODE_NAME}\" upgrade \"--image=${INSTALLER_IMAGE}:${SYSTEM_UPGRADE_PLAN_LATEST_VERSION}\" A full example is available here . Editing talconfig.yaml file If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately. Shell completion Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Guides"},{"location":"guides/#guides","text":"","title":"Guides"},{"location":"guides/#example-talconfigyaml","text":"A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference .","title":"Example talconfig.yaml"},{"location":"guides/#dry-dont-repeat-yourself-in-talconfigyaml","text":"A lot of times, you have similar configurations for all your nodes. Instead of writing them multiple times for each node, you can make use of controlPlane and worker fields as \"global configurations\" for all your node group. --- clusterName : my-cluster nodes : - hostname : cp1 controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda - hostname : cp2 controlPlane : true ipAddress : 192.168.200.12 installDisk : /dev/sda controlPlane : schematic : customization : extraKernelArgs : - net.ifnames=0 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" The schematic and patches defined in controlPlane will be applied to both cp1 and cp2 because they're both in the group of controlPlane nodes. Note NodeConfigs you define in controlPlane or worker will be overwritten if you define them per node in nodes[] section. But, for patches and extraManifests they are appended instead because it makes more sense. You can modify the default behavior by adding overridePatches: true and overrideExtraManifests: true inside nodes[] for node you don't want the default behavior.","title":"DRY (Don't Repeat Yourself) in talconfig.yaml"},{"location":"guides/#adding-talos-extensions-and-kernel-arguments","text":"Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 .","title":"Adding Talos extensions and kernel arguments"},{"location":"guides/#adding-ingress-firewall-and-extra-manifests-for-each-node","text":"With the addition of Ingress Firewall in Talos v1.6 and their future plan of multi-document machine configuration, you can now add firewall rules and extra manifests for each node. Let's say you want to strengthen your nodes like described in the recommended rules . You can achieve it like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 clusterSvcNets : - ${CLUSTER_SUBNET} ## Define this in your talenv.yaml file controlPlane : ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : ${CLUSTER_SUBNET} - name : apid-ingress portSelector : ports : - 50000 protocol : tcp ingress : - subnet : 0.0.0.0/0 - subnet : ::/0 - ... nodes : - name : worker1 controlPlane : false ipAddress : 192.168.200.12 extraManifests : - worker1-firewall.yaml You can add ingressFirewall and extraManifests below controlPlane or worker field for node groups that you want to apply. Or you can add them to nodes[] field for specific node you want to apply.","title":"Adding Ingress Firewall and extra manifests for each node"},{"location":"guides/#configuring-sops-for-talhelper","text":"sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files.","title":"Configuring SOPS for Talhelper"},{"location":"guides/#using-doppler-instead-of-sops","text":"If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig .","title":"Using Doppler instead of SOPS"},{"location":"guides/#generating-talosctl-commands-for-bash-scripting","text":"Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation .","title":"Generating talosctl commands for bash scripting"},{"location":"guides/#generate-single-config-file-for-multiple-nodes","text":"Thanks to the idea from onedr0p , you can generate a single config file for multiple nodes. This is useful if you have identical hardware for all your nodes and you use DHCP server to manage your node's IP address and hostname. The idea is to set nodes[].ignoreHostname to true and set nodes[].ipAddress to multiple IP addresses separated by comma: --- clusterName : my-cluster nodes : - hostname : controller ipAddress : 192.168.10.11, 192.168.10.12, 192.168.10.13 controlPlane : true ignoreHostname : true - hostname : worker ipAddress : 192.168.10.14, 192.168.10.15, 192.168.10.16 controlPlane : false ignoreHostname : true This will generate my-cluster-controller.yaml and my-cluster-worker.yaml that you can apply with talosctl apply-config command. You can also use talhelper gencommand -n to generate the talosctl commands for your nodes.","title":"Generate single config file for multiple nodes"},{"location":"guides/#selfhosted-image-factory","text":"By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs.","title":"Selfhosted Image Factory"},{"location":"guides/#templating-node-labels-or-annotations-for-system-upgrade-controller","text":"Some configuration fields can use Helm-like templating. These templates have the ability to reference other configuration fields and run Sprig functions . This is useful for passing Talos information to Kubernetes workloads, such as system-upgrade-controller plans. To upgrade Talos on a node, the upgrade controller needs the name of the installer image, which is generated by talhelper. This can be added to node annotations as follows: --- nodes : - hostname : my-node nodeAnnotations : installerImage : '{{ .MachineConfig.MachineInstall.InstallImage }}' This can then be queried at upgrade time to determine what image to use: --- apiVersion : upgrade.cattle.io/v1 kind : Plan metadata : name : talos-upgrade spec : serviceAccountName : system-upgrade-controller version : ${TALOS_VERSION} secrets : - name : talos-credentials path : /var/run/secrets/talos.dev upgrade : image : alpine/k8s:1.31.2 envs : - name : NODE_NAME valueFrom : fieldRef : fieldPath : spec.nodeName command : - bash args : - -c - >- INSTALLER_IMAGE=\"$( kubectl get node \"${NODE_NAME}\" -o yaml | yq 'metadata.annotations[\"installerImage\"]' )\" talosctl -n \"${NODE_NAME}\" -e \"${NODE_NAME}\" upgrade \"--image=${INSTALLER_IMAGE}:${SYSTEM_UPGRADE_PLAN_LATEST_VERSION}\" A full example is available here .","title":"Templating node labels or annotations for system-upgrade-controller"},{"location":"guides/#editing-talconfigyaml-file","text":"If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately.","title":"Editing talconfig.yaml file"},{"location":"guides/#shell-completion","text":"Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Shell completion"},{"location":"installation/","text":"Installation There are several ways to install talhelper to your workstation. Using aqua You can get talhelper from the standard registry as budimanjojo/talhelper . Using asdf You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest Using Homebrew You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper Using Nix Flakes You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Additionally we provide a convenient overlay for your nixpkgs { ... pkgs = import nixpkgs { overlays = [ inputs . talhelper . overlays . default ]; }; } # In any of the places you define packages { # Nixos environment . systemPackages = with pkgs ; [ talhelper ]; # Home Manager home . packages = with pkgs ; [ talhelper ]; # Flakes pkgs . mkShell = with pkgs ; [ talhelper ]; } Using Pacman Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper Using AUR You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin Using Scoop You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper Using one liner with jpillora You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash From the release page If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"Installation"},{"location":"installation/#installation","text":"There are several ways to install talhelper to your workstation.","title":"Installation"},{"location":"installation/#using-aqua","text":"You can get talhelper from the standard registry as budimanjojo/talhelper .","title":"Using aqua"},{"location":"installation/#using-asdf","text":"You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest","title":"Using asdf"},{"location":"installation/#using-homebrew","text":"You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper","title":"Using Homebrew"},{"location":"installation/#using-nix-flakes","text":"You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Additionally we provide a convenient overlay for your nixpkgs { ... pkgs = import nixpkgs { overlays = [ inputs . talhelper . overlays . default ]; }; } # In any of the places you define packages { # Nixos environment . systemPackages = with pkgs ; [ talhelper ]; # Home Manager home . packages = with pkgs ; [ talhelper ]; # Flakes pkgs . mkShell = with pkgs ; [ talhelper ]; }","title":"Using Nix Flakes"},{"location":"installation/#using-pacman","text":"Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper","title":"Using Pacman"},{"location":"installation/#using-aur","text":"You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin","title":"Using AUR"},{"location":"installation/#using-scoop","text":"You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper","title":"Using Scoop"},{"location":"installation/#using-one-liner-with-jpillora","text":"You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash","title":"Using one liner with jpillora"},{"location":"installation/#from-the-release-page","text":"If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"From the release page"},{"location":"reference/cli/","text":"CLI talhelper completion bash Generate the autocompletion script for bash Synopsis Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once: Linux: talhelper completion bash > /etc/bash_completion.d/talhelper macOS: talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash Options -h, --help help for bash --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion fish Generate the autocompletion script for fish Synopsis Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags] Options -h, --help help for fish --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion powershell Generate the autocompletion script for powershell Synopsis Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags] Options -h, --help help for powershell --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion zsh Generate the autocompletion script for zsh Synopsis Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once: Linux: talhelper completion zsh > \"${fpath[1]}/_talhelper\" macOS: talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags] Options -h, --help help for zsh --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion Generate the autocompletion script for the specified shell Synopsis Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script. Options -h, --help help for completion Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh talhelper gencommand apply Generate talosctl apply-config commands. talhelper gencommand apply [flags] Options -h, --help help for apply Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand bootstrap Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags] Options -h, --help help for bootstrap Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand kubeconfig Generate talosctl kubeconfig commands. talhelper gencommand kubeconfig [flags] Options -h, --help help for kubeconfig Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand reset Generate talosctl reset commands. talhelper gencommand reset [flags] Options -h, --help help for reset Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade Generate talosctl upgrade commands. talhelper gencommand upgrade [flags] Options -h, --help help for upgrade Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade-k8s Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags] Options -h, --help help for upgrade-k8s Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand Generate commands for talosctl. Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand kubeconfig - Generate talosctl kubeconfig commands. talhelper gencommand reset - Generate talosctl reset commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands. talhelper genconfig Generate Talos cluster config YAML files talhelper genconfig [flags] Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genschema Generate talconfig.yaml JSON schema file talhelper genschema [flags] Options -f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gensecret Generate Talos cluster secrets talhelper gensecret [flags] Options -f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl image Generate URL for Talos ISO or disk image talhelper genurl image [flags] Options -a, --arch string CPU architecture support of the image (default \"amd64\") --boot-method string Boot method of the image (can be disk-image, iso, or pxe) (default \"iso\") -h, --help help for image --suffix string The image file extension (only used when boot-method is not iso) (e.g: raw.xz, raw.tar.gz, qcow2) -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") --use-uki Whether to generate UKI image url if Secure Boot is enabled Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl installer Generate URL for Talos installer image talhelper genurl installer [flags] Options -h, --help help for installer Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl Generate URL for Talos installer or ISO Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl image - Generate URL for Talos ISO or disk image talhelper genurl installer - Generate URL for Talos installer image talhelper validate nodeconfig Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags] Options -h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate talconfig Check the validity of talhelper config file talhelper validate talconfig [file] [flags] Options -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate Validate the correctness of talconfig or talos node config Options -h, --help help for validate Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file talhelper A tool to help with creating Talos cluster Synopsis talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them. Options -d, --debug Whether to enable debugging mode -h, --help help for talhelper SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"CLI"},{"location":"reference/cli/#cli","text":"","title":"CLI"},{"location":"reference/cli/#talhelper-completion-bash","text":"Generate the autocompletion script for bash","title":"talhelper completion bash"},{"location":"reference/cli/#synopsis","text":"Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux","text":"talhelper completion bash > /etc/bash_completion.d/talhelper","title":"Linux:"},{"location":"reference/cli/#macos","text":"talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash","title":"macOS:"},{"location":"reference/cli/#options","text":"-h, --help help for bash --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-fish","text":"Generate the autocompletion script for fish","title":"talhelper completion fish"},{"location":"reference/cli/#synopsis_1","text":"Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags]","title":"Synopsis"},{"location":"reference/cli/#options_1","text":"-h, --help help for fish --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_1","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_1","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-powershell","text":"Generate the autocompletion script for powershell","title":"talhelper completion powershell"},{"location":"reference/cli/#synopsis_2","text":"Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags]","title":"Synopsis"},{"location":"reference/cli/#options_2","text":"-h, --help help for powershell --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_2","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_2","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-zsh","text":"Generate the autocompletion script for zsh","title":"talhelper completion zsh"},{"location":"reference/cli/#synopsis_3","text":"Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux_1","text":"talhelper completion zsh > \"${fpath[1]}/_talhelper\"","title":"Linux:"},{"location":"reference/cli/#macos_1","text":"talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags]","title":"macOS:"},{"location":"reference/cli/#options_3","text":"-h, --help help for zsh --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_3","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_3","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion","text":"Generate the autocompletion script for the specified shell","title":"talhelper completion"},{"location":"reference/cli/#synopsis_4","text":"Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script.","title":"Synopsis"},{"location":"reference/cli/#options_4","text":"-h, --help help for completion","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_4","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_4","text":"talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-apply","text":"Generate talosctl apply-config commands. talhelper gencommand apply [flags]","title":"talhelper gencommand apply"},{"location":"reference/cli/#options_5","text":"-h, --help help for apply","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_5","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_5","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-bootstrap","text":"Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags]","title":"talhelper gencommand bootstrap"},{"location":"reference/cli/#options_6","text":"-h, --help help for bootstrap","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_6","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_6","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-kubeconfig","text":"Generate talosctl kubeconfig commands. talhelper gencommand kubeconfig [flags]","title":"talhelper gencommand kubeconfig"},{"location":"reference/cli/#options_7","text":"-h, --help help for kubeconfig","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_7","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_7","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-reset","text":"Generate talosctl reset commands. talhelper gencommand reset [flags]","title":"talhelper gencommand reset"},{"location":"reference/cli/#options_8","text":"-h, --help help for reset","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_8","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_8","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade","text":"Generate talosctl upgrade commands. talhelper gencommand upgrade [flags]","title":"talhelper gencommand upgrade"},{"location":"reference/cli/#options_9","text":"-h, --help help for upgrade","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_9","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_9","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade-k8s","text":"Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags]","title":"talhelper gencommand upgrade-k8s"},{"location":"reference/cli/#options_10","text":"-h, --help help for upgrade-k8s","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_10","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_10","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand","text":"Generate commands for talosctl.","title":"talhelper gencommand"},{"location":"reference/cli/#options_11","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_11","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_11","text":"talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand kubeconfig - Generate talosctl kubeconfig commands. talhelper gencommand reset - Generate talosctl reset commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genconfig","text":"Generate Talos cluster config YAML files talhelper genconfig [flags]","title":"talhelper genconfig"},{"location":"reference/cli/#options_12","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_12","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_12","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genschema","text":"Generate talconfig.yaml JSON schema file talhelper genschema [flags]","title":"talhelper genschema"},{"location":"reference/cli/#options_13","text":"-f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_13","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_13","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gensecret","text":"Generate Talos cluster secrets talhelper gensecret [flags]","title":"talhelper gensecret"},{"location":"reference/cli/#options_14","text":"-f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_14","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_14","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-image","text":"Generate URL for Talos ISO or disk image talhelper genurl image [flags]","title":"talhelper genurl image"},{"location":"reference/cli/#options_15","text":"-a, --arch string CPU architecture support of the image (default \"amd64\") --boot-method string Boot method of the image (can be disk-image, iso, or pxe) (default \"iso\") -h, --help help for image --suffix string The image file extension (only used when boot-method is not iso) (e.g: raw.xz, raw.tar.gz, qcow2) -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") --use-uki Whether to generate UKI image url if Secure Boot is enabled","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_15","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_15","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-installer","text":"Generate URL for Talos installer image talhelper genurl installer [flags]","title":"talhelper genurl installer"},{"location":"reference/cli/#options_16","text":"-h, --help help for installer","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_16","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_16","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl","text":"Generate URL for Talos installer or ISO","title":"talhelper genurl"},{"location":"reference/cli/#options_17","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_17","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_17","text":"talhelper - A tool to help with creating Talos cluster talhelper genurl image - Generate URL for Talos ISO or disk image talhelper genurl installer - Generate URL for Talos installer image","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-nodeconfig","text":"Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags]","title":"talhelper validate nodeconfig"},{"location":"reference/cli/#options_18","text":"-h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_18","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_18","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-talconfig","text":"Check the validity of talhelper config file talhelper validate talconfig [file] [flags]","title":"talhelper validate talconfig"},{"location":"reference/cli/#options_19","text":"-e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_19","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_19","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate","text":"Validate the correctness of talconfig or talos node config","title":"talhelper validate"},{"location":"reference/cli/#options_20","text":"-h, --help help for validate","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_20","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_20","text":"talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file","title":"SEE ALSO"},{"location":"reference/cli/#talhelper","text":"A tool to help with creating Talos cluster","title":"talhelper"},{"location":"reference/cli/#synopsis_5","text":"talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them.","title":"Synopsis"},{"location":"reference/cli/#options_21","text":"-d, --debug Whether to enable debugging mode -h, --help help for talhelper","title":"Options"},{"location":"reference/cli/#see-also_21","text":"talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/configuration/","text":"Configuration Config Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ImageURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane NodeConfigs Configurations targetted for all controlplane nodes. Show example controlPlane : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker NodeConfigs Configurations targetted for all worker nodes. Show example worker : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil Node Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached, can be IP or comma separated list of IPs. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false ignoreHostname bool Whether to set machine.network.hostname to the generated config file. Show example ignoreHostname : true false overridePatches bool Whether patches defined here should override the one defined in node group. By default they will get appended instead. Show example overridePatches : true false overrideExtraManifests bool Whether extraManifests defined here should override the one defined in node group. By default they will get appended instead. Show example overrideExtraManifests : true false - NodeConfigs Node specific configurations that will override node group configurations. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e nodeLabels : rack : rack1a nodeTaints : exampleTaint : exampletaintValue:NoSchedule disableSearchDomain : true nil NodeConfigs NodeConfigs defines machine configurations. Field Type Description Default Value Required talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl image subcommand. Show example machineSpec : mode : metal arch : arm64 bootMethod : disk-image imageSuffix : raw.xz nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil extensionServices [] ExtensionService Machine extension services specification for the node. Show example extensionServices : - name : nut-client configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf environment : - UPS_NAME=ups nil volumes [] Volume Machine volume configs specification. Show example volumes : - name : EPHEMERAL provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeAnnotations map[string]string Annotations to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] noSchematicValidate bool Whether to skip schematic validation. Show example noSchematicValidate : true false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil imageSchematic Schematic Configure Talos image customization to be used for ISO or boot image Show example imageSchematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] extraManifests []string List of manifest files to be added for the node. Show example extraManifests : - etcd-firewall.yaml - kubelet-firewall.yaml [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] ImageFactory ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version , Secureboot Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer{{if .Secureboot}}-secureboot{{end}}/{{.ID}}:{{.Version}} ImageURLTmpl string Go template to parse the full ISO or boot image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch , Secureboot , UseUKI , BootMethod , Suffix Show example ImageURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}{{if .Secureboot}}-secureboot{{end}}{{if and .Secureboot .UseUKI}}-uki.efi{{else}}{{.Suffix}}{{end}} MachineSpec MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 secureboot bool Whether to enable Secure Boot. Show example secureboot : true false useUKI bool Whether to use UKI if Secure Boot is enabled. Show example useUKI : true false bootMethod string Boot method for the node. Can be \"disk-image\", \"iso\" or \"pxe\". Show example bootMethod : disk-image iso imageSuffix string The image file extension. Will be automatically defined by specified bootMethod , e.g: raw.xz , raw.tar.gz , qcow2 . Show example imageSuffix : raw.xz \"\" IngressFirewall IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil ExtensionService ExtensionService defines machine extension service configuration for a node. Field Type Description Default Value Required name string Name of the extension service config. Show example name : nut-client nil configFiles [] ConfigFile The config files for the extension service. Show example configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf nil environment []string The environment for the extension service. Show example environment : - UPS_NAME=ups nil Volume Volume defines machine volume configuration for a node. Field Type Description Default Value Required name string Name of the volume config. Show example name : EPHEMERAL nil provisioning ProvisioningSpec Provisioning spec of the volume config. Show example provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil NetworkRule NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil CNIConfig CNIConfig is type of upstream Talos v1alpha1.CNIConfig InstallDiskSelector InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector . MachineDisk MachineDisk is type of upstream Talos v1alpha1.MachineDisk MachineFile MachineFile is type of upstream Talos v1alpha1.MachineFile InstallExtensionConfig InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig Schematic Schematic is type of upstream Talos Image Factory schematic.Schematic KernelModuleConfig KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig Device Device is type of upstream Talos v1alpha1.Device PortSelector PortSelector is type of upstream Talos network.RulePortSelector IngressConfig IngressConfig is type of upstream Talos network.IngressConfig ConfigFile ConfigFile is type of upstream Talos extensions.ConfigFile ProvisioningSpec ProvisioningSpec is type of upstream Talos block.ProvisioningSpec","title":"Configuration"},{"location":"reference/configuration/#configuration","text":"","title":"Configuration"},{"location":"reference/configuration/#config","text":"Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ImageURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane NodeConfigs Configurations targetted for all controlplane nodes. Show example controlPlane : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker NodeConfigs Configurations targetted for all worker nodes. Show example worker : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil","title":"Config"},{"location":"reference/configuration/#node","text":"Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached, can be IP or comma separated list of IPs. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false ignoreHostname bool Whether to set machine.network.hostname to the generated config file. Show example ignoreHostname : true false overridePatches bool Whether patches defined here should override the one defined in node group. By default they will get appended instead. Show example overridePatches : true false overrideExtraManifests bool Whether extraManifests defined here should override the one defined in node group. By default they will get appended instead. Show example overrideExtraManifests : true false - NodeConfigs Node specific configurations that will override node group configurations. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e nodeLabels : rack : rack1a nodeTaints : exampleTaint : exampletaintValue:NoSchedule disableSearchDomain : true nil","title":"Node"},{"location":"reference/configuration/#nodeconfigs","text":"NodeConfigs defines machine configurations. Field Type Description Default Value Required talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl image subcommand. Show example machineSpec : mode : metal arch : arm64 bootMethod : disk-image imageSuffix : raw.xz nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil extensionServices [] ExtensionService Machine extension services specification for the node. Show example extensionServices : - name : nut-client configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf environment : - UPS_NAME=ups nil volumes [] Volume Machine volume configs specification. Show example volumes : - name : EPHEMERAL provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeAnnotations map[string]string Annotations to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] noSchematicValidate bool Whether to skip schematic validation. Show example noSchematicValidate : true false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil imageSchematic Schematic Configure Talos image customization to be used for ISO or boot image Show example imageSchematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] extraManifests []string List of manifest files to be added for the node. Show example extraManifests : - etcd-firewall.yaml - kubelet-firewall.yaml [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" []","title":"NodeConfigs"},{"location":"reference/configuration/#imagefactory","text":"ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version , Secureboot Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer{{if .Secureboot}}-secureboot{{end}}/{{.ID}}:{{.Version}} ImageURLTmpl string Go template to parse the full ISO or boot image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch , Secureboot , UseUKI , BootMethod , Suffix Show example ImageURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}{{if .Secureboot}}-secureboot{{end}}{{if and .Secureboot .UseUKI}}-uki.efi{{else}}{{.Suffix}}{{end}}","title":"ImageFactory"},{"location":"reference/configuration/#machinespec","text":"MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 secureboot bool Whether to enable Secure Boot. Show example secureboot : true false useUKI bool Whether to use UKI if Secure Boot is enabled. Show example useUKI : true false bootMethod string Boot method for the node. Can be \"disk-image\", \"iso\" or \"pxe\". Show example bootMethod : disk-image iso imageSuffix string The image file extension. Will be automatically defined by specified bootMethod , e.g: raw.xz , raw.tar.gz , qcow2 . Show example imageSuffix : raw.xz \"\"","title":"MachineSpec"},{"location":"reference/configuration/#ingressfirewall","text":"IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"IngressFirewall"},{"location":"reference/configuration/#extensionservice","text":"ExtensionService defines machine extension service configuration for a node. Field Type Description Default Value Required name string Name of the extension service config. Show example name : nut-client nil configFiles [] ConfigFile The config files for the extension service. Show example configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf nil environment []string The environment for the extension service. Show example environment : - UPS_NAME=ups nil","title":"ExtensionService"},{"location":"reference/configuration/#volume","text":"Volume defines machine volume configuration for a node. Field Type Description Default Value Required name string Name of the volume config. Show example name : EPHEMERAL nil provisioning ProvisioningSpec Provisioning spec of the volume config. Show example provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil","title":"Volume"},{"location":"reference/configuration/#networkrule","text":"NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"NetworkRule"},{"location":"reference/configuration/#cniconfig","text":"CNIConfig is type of upstream Talos v1alpha1.CNIConfig","title":"CNIConfig"},{"location":"reference/configuration/#installdiskselector","text":"InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector .","title":"InstallDiskSelector"},{"location":"reference/configuration/#machinedisk","text":"MachineDisk is type of upstream Talos v1alpha1.MachineDisk","title":"MachineDisk"},{"location":"reference/configuration/#machinefile","text":"MachineFile is type of upstream Talos v1alpha1.MachineFile","title":"MachineFile"},{"location":"reference/configuration/#installextensionconfig","text":"InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig","title":"InstallExtensionConfig"},{"location":"reference/configuration/#schematic","text":"Schematic is type of upstream Talos Image Factory schematic.Schematic","title":"Schematic"},{"location":"reference/configuration/#kernelmoduleconfig","text":"KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig","title":"KernelModuleConfig"},{"location":"reference/configuration/#device","text":"Device is type of upstream Talos v1alpha1.Device","title":"Device"},{"location":"reference/configuration/#portselector","text":"PortSelector is type of upstream Talos network.RulePortSelector","title":"PortSelector"},{"location":"reference/configuration/#ingressconfig","text":"IngressConfig is type of upstream Talos network.IngressConfig","title":"IngressConfig"},{"location":"reference/configuration/#configfile","text":"ConfigFile is type of upstream Talos extensions.ConfigFile","title":"ConfigFile"},{"location":"reference/configuration/#provisioningspec","text":"ProvisioningSpec is type of upstream Talos block.ProvisioningSpec","title":"ProvisioningSpec"},{"location":"reference/supported-version/","text":"Supported Talos Versions Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10","title":"Supported Talos Versions"},{"location":"reference/supported-version/#supported-talos-versions","text":"Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10","title":"Supported Talos Versions"}]} \ No newline at end of file +{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Introduction Overview talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . You can say talhelper is like kustomize but for Talos manifest files with SOPS support natively. In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public. Why should I use Talhelper The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section. Alternatives There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider Bug report and feature request If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Introduction"},{"location":"#introduction","text":"","title":"Introduction"},{"location":"#overview","text":"talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . You can say talhelper is like kustomize but for Talos manifest files with SOPS support natively. In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public.","title":"Overview"},{"location":"#why-should-i-use-talhelper","text":"The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section.","title":"Why should I use Talhelper"},{"location":"#alternatives","text":"There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider","title":"Alternatives"},{"location":"#bug-report-and-feature-request","text":"If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Bug report and feature request"},{"location":"contributing/","text":"Contributing Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"contributing/#contributing","text":"Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"getting-started/","text":"Getting Started Before you begin There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation. Scenarios Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started: You already have a Talos cluster running If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration. You are starting from scratch If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"Getting Started"},{"location":"getting-started/#getting-started","text":"","title":"Getting Started"},{"location":"getting-started/#before-you-begin","text":"There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation.","title":"Before you begin"},{"location":"getting-started/#scenarios","text":"Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started:","title":"Scenarios"},{"location":"getting-started/#you-already-have-a-talos-cluster-running","text":"If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"You already have a Talos cluster running"},{"location":"getting-started/#you-are-starting-from-scratch","text":"If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. Note Do not update or change your talsecret.sops.yaml file once you have a working cluster unless you want to recreate a new cluster or know what you're doing as you will break the cluster and lose access to it. Note Running talhelper genconfig will request a brand new talosconfig that is valid for 365 days since the time you run the command. This means the content of the file will be different everytime. This is the equivalent to Generating new client configuration that you can use to re-request a new client configuration.","title":"You are starting from scratch"},{"location":"guides/","text":"Guides Example talconfig.yaml A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference . DRY (Don't Repeat Yourself) in talconfig.yaml A lot of times, you have similar configurations for all your nodes. Instead of writing them multiple times for each node, you can make use of controlPlane and worker fields as \"global configurations\" for all your node group. --- clusterName : my-cluster nodes : - hostname : cp1 controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda - hostname : cp2 controlPlane : true ipAddress : 192.168.200.12 installDisk : /dev/sda controlPlane : schematic : customization : extraKernelArgs : - net.ifnames=0 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" The schematic and patches defined in controlPlane will be applied to both cp1 and cp2 because they're both in the group of controlPlane nodes. Note NodeConfigs you define in controlPlane or worker will be overwritten if you define them per node in nodes[] section. But, for patches and extraManifests they are appended instead because it makes more sense. You can modify the default behavior by adding overridePatches: true and overrideExtraManifests: true inside nodes[] for node you don't want the default behavior. Adding Talos extensions and kernel arguments Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 . Adding Ingress Firewall and extra manifests for each node With the addition of Ingress Firewall in Talos v1.6 and their future plan of multi-document machine configuration, you can now add firewall rules and extra manifests for each node. Let's say you want to strengthen your nodes like described in the recommended rules . You can achieve it like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 clusterSvcNets : - ${CLUSTER_SUBNET} ## Define this in your talenv.yaml file controlPlane : ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : ${CLUSTER_SUBNET} - name : apid-ingress portSelector : ports : - 50000 protocol : tcp ingress : - subnet : 0.0.0.0/0 - subnet : ::/0 - ... nodes : - name : worker1 controlPlane : false ipAddress : 192.168.200.12 extraManifests : - worker1-firewall.yaml You can add ingressFirewall and extraManifests below controlPlane or worker field for node groups that you want to apply. Or you can add them to nodes[] field for specific node you want to apply. Configuring SOPS for Talhelper sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files. Using Doppler instead of SOPS If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Generating talosctl commands for bash scripting Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation . Generate single config file for multiple nodes Thanks to the idea from onedr0p , you can generate a single config file for multiple nodes. This is useful if you have identical hardware for all your nodes and you use DHCP server to manage your node's IP address and hostname. The idea is to set nodes[].ignoreHostname to true and set nodes[].ipAddress to multiple IP addresses separated by comma: --- clusterName : my-cluster nodes : - hostname : controller ipAddress : 192.168.10.11, 192.168.10.12, 192.168.10.13 controlPlane : true ignoreHostname : true - hostname : worker ipAddress : 192.168.10.14, 192.168.10.15, 192.168.10.16 controlPlane : false ignoreHostname : true This will generate my-cluster-controller.yaml and my-cluster-worker.yaml that you can apply with talosctl apply-config command. You can also use talhelper gencommand -n to generate the talosctl commands for your nodes. Selfhosted Image Factory By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs. Templating node labels or annotations for system-upgrade-controller Some configuration fields can use Helm-like templating. These templates have the ability to reference other configuration fields and run Sprig functions . This is useful for passing Talos information to Kubernetes workloads, such as system-upgrade-controller plans. To upgrade Talos on a node, the upgrade controller needs the name of the installer image, which is generated by talhelper. This can be added to node annotations as follows: --- nodes : - hostname : my-node nodeAnnotations : installerImage : '{{ .MachineConfig.MachineInstall.InstallImage }}' This can then be queried at upgrade time to determine what image to use: --- apiVersion : upgrade.cattle.io/v1 kind : Plan metadata : name : talos-upgrade spec : serviceAccountName : system-upgrade-controller version : ${TALOS_VERSION} secrets : - name : talos-credentials path : /var/run/secrets/talos.dev upgrade : image : alpine/k8s:1.31.2 envs : - name : NODE_NAME valueFrom : fieldRef : fieldPath : spec.nodeName command : - bash args : - -c - >- INSTALLER_IMAGE=\"$( kubectl get node \"${NODE_NAME}\" -o yaml | yq 'metadata.annotations[\"installerImage\"]' )\" talosctl -n \"${NODE_NAME}\" -e \"${NODE_NAME}\" upgrade \"--image=${INSTALLER_IMAGE}:${SYSTEM_UPGRADE_PLAN_LATEST_VERSION}\" A full example is available here . Editing talconfig.yaml file If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately. Shell completion Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Guides"},{"location":"guides/#guides","text":"","title":"Guides"},{"location":"guides/#example-talconfigyaml","text":"A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference .","title":"Example talconfig.yaml"},{"location":"guides/#dry-dont-repeat-yourself-in-talconfigyaml","text":"A lot of times, you have similar configurations for all your nodes. Instead of writing them multiple times for each node, you can make use of controlPlane and worker fields as \"global configurations\" for all your node group. --- clusterName : my-cluster nodes : - hostname : cp1 controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda - hostname : cp2 controlPlane : true ipAddress : 192.168.200.12 installDisk : /dev/sda controlPlane : schematic : customization : extraKernelArgs : - net.ifnames=0 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" The schematic and patches defined in controlPlane will be applied to both cp1 and cp2 because they're both in the group of controlPlane nodes. Note NodeConfigs you define in controlPlane or worker will be overwritten if you define them per node in nodes[] section. But, for patches and extraManifests they are appended instead because it makes more sense. You can modify the default behavior by adding overridePatches: true and overrideExtraManifests: true inside nodes[] for node you don't want the default behavior.","title":"DRY (Don't Repeat Yourself) in talconfig.yaml"},{"location":"guides/#adding-talos-extensions-and-kernel-arguments","text":"Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 .","title":"Adding Talos extensions and kernel arguments"},{"location":"guides/#adding-ingress-firewall-and-extra-manifests-for-each-node","text":"With the addition of Ingress Firewall in Talos v1.6 and their future plan of multi-document machine configuration, you can now add firewall rules and extra manifests for each node. Let's say you want to strengthen your nodes like described in the recommended rules . You can achieve it like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 clusterSvcNets : - ${CLUSTER_SUBNET} ## Define this in your talenv.yaml file controlPlane : ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : ${CLUSTER_SUBNET} - name : apid-ingress portSelector : ports : - 50000 protocol : tcp ingress : - subnet : 0.0.0.0/0 - subnet : ::/0 - ... nodes : - name : worker1 controlPlane : false ipAddress : 192.168.200.12 extraManifests : - worker1-firewall.yaml You can add ingressFirewall and extraManifests below controlPlane or worker field for node groups that you want to apply. Or you can add them to nodes[] field for specific node you want to apply.","title":"Adding Ingress Firewall and extra manifests for each node"},{"location":"guides/#configuring-sops-for-talhelper","text":"sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files.","title":"Configuring SOPS for Talhelper"},{"location":"guides/#using-doppler-instead-of-sops","text":"If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig .","title":"Using Doppler instead of SOPS"},{"location":"guides/#generating-talosctl-commands-for-bash-scripting","text":"Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation .","title":"Generating talosctl commands for bash scripting"},{"location":"guides/#generate-single-config-file-for-multiple-nodes","text":"Thanks to the idea from onedr0p , you can generate a single config file for multiple nodes. This is useful if you have identical hardware for all your nodes and you use DHCP server to manage your node's IP address and hostname. The idea is to set nodes[].ignoreHostname to true and set nodes[].ipAddress to multiple IP addresses separated by comma: --- clusterName : my-cluster nodes : - hostname : controller ipAddress : 192.168.10.11, 192.168.10.12, 192.168.10.13 controlPlane : true ignoreHostname : true - hostname : worker ipAddress : 192.168.10.14, 192.168.10.15, 192.168.10.16 controlPlane : false ignoreHostname : true This will generate my-cluster-controller.yaml and my-cluster-worker.yaml that you can apply with talosctl apply-config command. You can also use talhelper gencommand -n to generate the talosctl commands for your nodes.","title":"Generate single config file for multiple nodes"},{"location":"guides/#selfhosted-image-factory","text":"By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs.","title":"Selfhosted Image Factory"},{"location":"guides/#templating-node-labels-or-annotations-for-system-upgrade-controller","text":"Some configuration fields can use Helm-like templating. These templates have the ability to reference other configuration fields and run Sprig functions . This is useful for passing Talos information to Kubernetes workloads, such as system-upgrade-controller plans. To upgrade Talos on a node, the upgrade controller needs the name of the installer image, which is generated by talhelper. This can be added to node annotations as follows: --- nodes : - hostname : my-node nodeAnnotations : installerImage : '{{ .MachineConfig.MachineInstall.InstallImage }}' This can then be queried at upgrade time to determine what image to use: --- apiVersion : upgrade.cattle.io/v1 kind : Plan metadata : name : talos-upgrade spec : serviceAccountName : system-upgrade-controller version : ${TALOS_VERSION} secrets : - name : talos-credentials path : /var/run/secrets/talos.dev upgrade : image : alpine/k8s:1.31.2 envs : - name : NODE_NAME valueFrom : fieldRef : fieldPath : spec.nodeName command : - bash args : - -c - >- INSTALLER_IMAGE=\"$( kubectl get node \"${NODE_NAME}\" -o yaml | yq 'metadata.annotations[\"installerImage\"]' )\" talosctl -n \"${NODE_NAME}\" -e \"${NODE_NAME}\" upgrade \"--image=${INSTALLER_IMAGE}:${SYSTEM_UPGRADE_PLAN_LATEST_VERSION}\" A full example is available here .","title":"Templating node labels or annotations for system-upgrade-controller"},{"location":"guides/#editing-talconfigyaml-file","text":"If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately.","title":"Editing talconfig.yaml file"},{"location":"guides/#shell-completion","text":"Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Shell completion"},{"location":"installation/","text":"Installation There are several ways to install talhelper to your workstation. Using aqua You can get talhelper from the standard registry as budimanjojo/talhelper . Using asdf You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest Using Homebrew You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper Using Nix Flakes You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Additionally we provide a convenient overlay for your nixpkgs { ... pkgs = import nixpkgs { overlays = [ inputs . talhelper . overlays . default ]; }; } # In any of the places you define packages { # Nixos environment . systemPackages = with pkgs ; [ talhelper ]; # Home Manager home . packages = with pkgs ; [ talhelper ]; # Flakes pkgs . mkShell = with pkgs ; [ talhelper ]; } Using Pacman Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper Using AUR You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin Using Scoop You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper Using one liner with jpillora You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash From the release page If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"Installation"},{"location":"installation/#installation","text":"There are several ways to install talhelper to your workstation.","title":"Installation"},{"location":"installation/#using-aqua","text":"You can get talhelper from the standard registry as budimanjojo/talhelper .","title":"Using aqua"},{"location":"installation/#using-asdf","text":"You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest","title":"Using asdf"},{"location":"installation/#using-homebrew","text":"You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper","title":"Using Homebrew"},{"location":"installation/#using-nix-flakes","text":"You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Additionally we provide a convenient overlay for your nixpkgs { ... pkgs = import nixpkgs { overlays = [ inputs . talhelper . overlays . default ]; }; } # In any of the places you define packages { # Nixos environment . systemPackages = with pkgs ; [ talhelper ]; # Home Manager home . packages = with pkgs ; [ talhelper ]; # Flakes pkgs . mkShell = with pkgs ; [ talhelper ]; }","title":"Using Nix Flakes"},{"location":"installation/#using-pacman","text":"Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper","title":"Using Pacman"},{"location":"installation/#using-aur","text":"You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin","title":"Using AUR"},{"location":"installation/#using-scoop","text":"You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper","title":"Using Scoop"},{"location":"installation/#using-one-liner-with-jpillora","text":"You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash","title":"Using one liner with jpillora"},{"location":"installation/#from-the-release-page","text":"If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"From the release page"},{"location":"reference/cli/","text":"CLI talhelper completion bash Generate the autocompletion script for bash Synopsis Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once: Linux: talhelper completion bash > /etc/bash_completion.d/talhelper macOS: talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash Options -h, --help help for bash --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion fish Generate the autocompletion script for fish Synopsis Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags] Options -h, --help help for fish --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion powershell Generate the autocompletion script for powershell Synopsis Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags] Options -h, --help help for powershell --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion zsh Generate the autocompletion script for zsh Synopsis Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once: Linux: talhelper completion zsh > \"${fpath[1]}/_talhelper\" macOS: talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags] Options -h, --help help for zsh --no-descriptions disable completion descriptions Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion Generate the autocompletion script for the specified shell Synopsis Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script. Options -h, --help help for completion Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh talhelper gencommand apply Generate talosctl apply-config commands. talhelper gencommand apply [flags] Options -h, --help help for apply Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand bootstrap Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags] Options -h, --help help for bootstrap Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand kubeconfig Generate talosctl kubeconfig commands. talhelper gencommand kubeconfig [flags] Options -h, --help help for kubeconfig Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand reset Generate talosctl reset commands. talhelper gencommand reset [flags] Options -h, --help help for reset Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade Generate talosctl upgrade commands. talhelper gencommand upgrade [flags] Options -h, --help help for upgrade Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade-k8s Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags] Options -h, --help help for upgrade-k8s Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand Generate commands for talosctl. Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand kubeconfig - Generate talosctl kubeconfig commands. talhelper gencommand reset - Generate talosctl reset commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands. talhelper genconfig Generate Talos cluster config YAML files talhelper genconfig [flags] Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genschema Generate talconfig.yaml JSON schema file talhelper genschema [flags] Options -f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gensecret Generate Talos cluster secrets talhelper gensecret [flags] Options -f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl image Generate URL for Talos ISO or disk image talhelper genurl image [flags] Options -a, --arch string CPU architecture support of the image (default \"amd64\") --boot-method string Boot method of the image (can be disk-image, iso, or pxe) (default \"iso\") -h, --help help for image --suffix string The image file extension (only used when boot-method is not iso) (e.g: raw.xz, raw.tar.gz, qcow2) -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") --use-uki Whether to generate UKI image url if Secure Boot is enabled Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl installer Generate URL for Talos installer image talhelper genurl installer [flags] Options -h, --help help for installer Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl Generate URL for Talos installer or ISO Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl image - Generate URL for Talos ISO or disk image talhelper genurl installer - Generate URL for Talos installer image talhelper validate nodeconfig Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags] Options -h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\") Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate talconfig Check the validity of talhelper config file talhelper validate talconfig [file] [flags] Options -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate Validate the correctness of talconfig or talos node config Options -h, --help help for validate Options inherited from parent commands -d, --debug Whether to enable debugging mode SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file talhelper A tool to help with creating Talos cluster Synopsis talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them. Options -d, --debug Whether to enable debugging mode -h, --help help for talhelper SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"CLI"},{"location":"reference/cli/#cli","text":"","title":"CLI"},{"location":"reference/cli/#talhelper-completion-bash","text":"Generate the autocompletion script for bash","title":"talhelper completion bash"},{"location":"reference/cli/#synopsis","text":"Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux","text":"talhelper completion bash > /etc/bash_completion.d/talhelper","title":"Linux:"},{"location":"reference/cli/#macos","text":"talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash","title":"macOS:"},{"location":"reference/cli/#options","text":"-h, --help help for bash --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-fish","text":"Generate the autocompletion script for fish","title":"talhelper completion fish"},{"location":"reference/cli/#synopsis_1","text":"Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags]","title":"Synopsis"},{"location":"reference/cli/#options_1","text":"-h, --help help for fish --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_1","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_1","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-powershell","text":"Generate the autocompletion script for powershell","title":"talhelper completion powershell"},{"location":"reference/cli/#synopsis_2","text":"Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags]","title":"Synopsis"},{"location":"reference/cli/#options_2","text":"-h, --help help for powershell --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_2","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_2","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-zsh","text":"Generate the autocompletion script for zsh","title":"talhelper completion zsh"},{"location":"reference/cli/#synopsis_3","text":"Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux_1","text":"talhelper completion zsh > \"${fpath[1]}/_talhelper\"","title":"Linux:"},{"location":"reference/cli/#macos_1","text":"talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags]","title":"macOS:"},{"location":"reference/cli/#options_3","text":"-h, --help help for zsh --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_3","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_3","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion","text":"Generate the autocompletion script for the specified shell","title":"talhelper completion"},{"location":"reference/cli/#synopsis_4","text":"Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script.","title":"Synopsis"},{"location":"reference/cli/#options_4","text":"-h, --help help for completion","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_4","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_4","text":"talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-apply","text":"Generate talosctl apply-config commands. talhelper gencommand apply [flags]","title":"talhelper gencommand apply"},{"location":"reference/cli/#options_5","text":"-h, --help help for apply","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_5","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_5","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-bootstrap","text":"Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags]","title":"talhelper gencommand bootstrap"},{"location":"reference/cli/#options_6","text":"-h, --help help for bootstrap","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_6","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_6","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-kubeconfig","text":"Generate talosctl kubeconfig commands. talhelper gencommand kubeconfig [flags]","title":"talhelper gencommand kubeconfig"},{"location":"reference/cli/#options_7","text":"-h, --help help for kubeconfig","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_7","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_7","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-reset","text":"Generate talosctl reset commands. talhelper gencommand reset [flags]","title":"talhelper gencommand reset"},{"location":"reference/cli/#options_8","text":"-h, --help help for reset","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_8","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_8","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade","text":"Generate talosctl upgrade commands. talhelper gencommand upgrade [flags]","title":"talhelper gencommand upgrade"},{"location":"reference/cli/#options_9","text":"-h, --help help for upgrade","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_9","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_9","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade-k8s","text":"Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags]","title":"talhelper gencommand upgrade-k8s"},{"location":"reference/cli/#options_10","text":"-h, --help help for upgrade-k8s","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_10","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_10","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand","text":"Generate commands for talosctl.","title":"talhelper gencommand"},{"location":"reference/cli/#options_11","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_11","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_11","text":"talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand kubeconfig - Generate talosctl kubeconfig commands. talhelper gencommand reset - Generate talosctl reset commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genconfig","text":"Generate Talos cluster config YAML files talhelper genconfig [flags]","title":"talhelper genconfig"},{"location":"reference/cli/#options_12","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_12","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_12","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genschema","text":"Generate talconfig.yaml JSON schema file talhelper genschema [flags]","title":"talhelper genschema"},{"location":"reference/cli/#options_13","text":"-f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_13","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_13","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gensecret","text":"Generate Talos cluster secrets talhelper gensecret [flags]","title":"talhelper gensecret"},{"location":"reference/cli/#options_14","text":"-f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_14","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_14","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-image","text":"Generate URL for Talos ISO or disk image talhelper genurl image [flags]","title":"talhelper genurl image"},{"location":"reference/cli/#options_15","text":"-a, --arch string CPU architecture support of the image (default \"amd64\") --boot-method string Boot method of the image (can be disk-image, iso, or pxe) (default \"iso\") -h, --help help for image --suffix string The image file extension (only used when boot-method is not iso) (e.g: raw.xz, raw.tar.gz, qcow2) -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") --use-uki Whether to generate UKI image url if Secure Boot is enabled","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_15","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_15","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-installer","text":"Generate URL for Talos installer image talhelper genurl installer [flags]","title":"talhelper genurl installer"},{"location":"reference/cli/#options_16","text":"-h, --help help for installer","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_16","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -d, --debug Whether to enable debugging mode --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_16","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl","text":"Generate URL for Talos installer or ISO","title":"talhelper genurl"},{"location":"reference/cli/#options_17","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") --secure-boot Whether to generate Secure Boot enabled URL -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.9.3\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_17","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_17","text":"talhelper - A tool to help with creating Talos cluster talhelper genurl image - Generate URL for Talos ISO or disk image talhelper genurl installer - Generate URL for Talos installer image","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-nodeconfig","text":"Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags]","title":"talhelper validate nodeconfig"},{"location":"reference/cli/#options_18","text":"-h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_18","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_18","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-talconfig","text":"Check the validity of talhelper config file talhelper validate talconfig [file] [flags]","title":"talhelper validate talconfig"},{"location":"reference/cli/#options_19","text":"-e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_19","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_19","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate","text":"Validate the correctness of talconfig or talos node config","title":"talhelper validate"},{"location":"reference/cli/#options_20","text":"-h, --help help for validate","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_20","text":"-d, --debug Whether to enable debugging mode","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_20","text":"talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file","title":"SEE ALSO"},{"location":"reference/cli/#talhelper","text":"A tool to help with creating Talos cluster","title":"talhelper"},{"location":"reference/cli/#synopsis_5","text":"talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them.","title":"Synopsis"},{"location":"reference/cli/#options_21","text":"-d, --debug Whether to enable debugging mode -h, --help help for talhelper","title":"Options"},{"location":"reference/cli/#see-also_21","text":"talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/configuration/","text":"Configuration Config Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ImageURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] inlineManifests [] InlineManifest A list of inline Kubernetes manifests for the cluster. Show example inlineManifests : - name : namespace-ci contents : |- apiVersion: v1 kind: Namespace metadata: name: ci [] controlPlane NodeConfigs Configurations targetted for all controlplane nodes. Show example controlPlane : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker NodeConfigs Configurations targetted for all worker nodes. Show example worker : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil Node Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached, can be IP or comma separated list of IPs. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false ignoreHostname bool Whether to set machine.network.hostname to the generated config file. Show example ignoreHostname : true false overridePatches bool Whether patches defined here should override the one defined in node group. By default they will get appended instead. Show example overridePatches : true false overrideExtraManifests bool Whether extraManifests defined here should override the one defined in node group. By default they will get appended instead. Show example overrideExtraManifests : true false - NodeConfigs Node specific configurations that will override node group configurations. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e nodeLabels : rack : rack1a nodeTaints : exampleTaint : exampletaintValue:NoSchedule disableSearchDomain : true nil NodeConfigs NodeConfigs defines machine configurations. Field Type Description Default Value Required talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl image subcommand. Show example machineSpec : mode : metal arch : arm64 bootMethod : disk-image imageSuffix : raw.xz nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil extensionServices [] ExtensionService Machine extension services specification for the node. Show example extensionServices : - name : nut-client configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf environment : - UPS_NAME=ups nil volumes [] Volume Machine volume configs specification. Show example volumes : - name : EPHEMERAL provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeAnnotations map[string]string Annotations to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] noSchematicValidate bool Whether to skip schematic validation. Show example noSchematicValidate : true false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil imageSchematic Schematic Configure Talos image customization to be used for ISO or boot image Show example imageSchematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] extraManifests []string List of manifest files to be added for the node. Show example extraManifests : - etcd-firewall.yaml - kubelet-firewall.yaml [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] ImageFactory ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version , Secureboot Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer{{if .Secureboot}}-secureboot{{end}}/{{.ID}}:{{.Version}} ImageURLTmpl string Go template to parse the full ISO or boot image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch , Secureboot , UseUKI , BootMethod , Suffix Show example ImageURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}{{if .Secureboot}}-secureboot{{end}}{{if and .Secureboot .UseUKI}}-uki.efi{{else}}{{.Suffix}}{{end}} MachineSpec MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 secureboot bool Whether to enable Secure Boot. Show example secureboot : true false useUKI bool Whether to use UKI if Secure Boot is enabled. Show example useUKI : true false bootMethod string Boot method for the node. Can be \"disk-image\", \"iso\" or \"pxe\". Show example bootMethod : disk-image iso imageSuffix string The image file extension. Will be automatically defined by specified bootMethod , e.g: raw.xz , raw.tar.gz , qcow2 . Show example imageSuffix : raw.xz \"\" IngressFirewall IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil ExtensionService ExtensionService defines machine extension service configuration for a node. Field Type Description Default Value Required name string Name of the extension service config. Show example name : nut-client nil configFiles [] ConfigFile The config files for the extension service. Show example configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf nil environment []string The environment for the extension service. Show example environment : - UPS_NAME=ups nil Volume Volume defines machine volume configuration for a node. Field Type Description Default Value Required name string Name of the volume config. Show example name : EPHEMERAL nil provisioning ProvisioningSpec Provisioning spec of the volume config. Show example provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil NetworkRule NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil CNIConfig CNIConfig is type of upstream Talos v1alpha1.CNIConfig InstallDiskSelector InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector . InlineManifest InlineManifest is type of upstream Talos v1alpha1.ClusterInlineManifest In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml ) MachineDisk MachineDisk is type of upstream Talos v1alpha1.MachineDisk MachineFile MachineFile is type of upstream Talos v1alpha1.MachineFile In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml ) InstallExtensionConfig InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig Schematic Schematic is type of upstream Talos Image Factory schematic.Schematic KernelModuleConfig KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig Device Device is type of upstream Talos v1alpha1.Device PortSelector PortSelector is type of upstream Talos network.RulePortSelector IngressConfig IngressConfig is type of upstream Talos network.IngressConfig ConfigFile ConfigFile is type of upstream Talos extensions.ConfigFile ProvisioningSpec ProvisioningSpec is type of upstream Talos block.ProvisioningSpec","title":"Configuration"},{"location":"reference/configuration/#configuration","text":"","title":"Configuration"},{"location":"reference/configuration/#config","text":"Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ImageURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] inlineManifests [] InlineManifest A list of inline Kubernetes manifests for the cluster. Show example inlineManifests : - name : namespace-ci contents : |- apiVersion: v1 kind: Namespace metadata: name: ci [] controlPlane NodeConfigs Configurations targetted for all controlplane nodes. Show example controlPlane : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker NodeConfigs Configurations targetted for all worker nodes. Show example worker : kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil","title":"Config"},{"location":"reference/configuration/#node","text":"Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached, can be IP or comma separated list of IPs. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false ignoreHostname bool Whether to set machine.network.hostname to the generated config file. Show example ignoreHostname : true false overridePatches bool Whether patches defined here should override the one defined in node group. By default they will get appended instead. Show example overridePatches : true false overrideExtraManifests bool Whether extraManifests defined here should override the one defined in node group. By default they will get appended instead. Show example overrideExtraManifests : true false - NodeConfigs Node specific configurations that will override node group configurations. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e nodeLabels : rack : rack1a nodeTaints : exampleTaint : exampletaintValue:NoSchedule disableSearchDomain : true nil","title":"Node"},{"location":"reference/configuration/#nodeconfigs","text":"NodeConfigs defines machine configurations. Field Type Description Default Value Required talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl image subcommand. Show example machineSpec : mode : metal arch : arm64 bootMethod : disk-image imageSuffix : raw.xz nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil extensionServices [] ExtensionService Machine extension services specification for the node. Show example extensionServices : - name : nut-client configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf environment : - UPS_NAME=ups nil volumes [] Volume Machine volume configs specification. Show example volumes : - name : EPHEMERAL provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeAnnotations map[string]string Annotations to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] noSchematicValidate bool Whether to skip schematic validation. Show example noSchematicValidate : true false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil imageSchematic Schematic Configure Talos image customization to be used for ISO or boot image Show example imageSchematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] extraManifests []string List of manifest files to be added for the node. Show example extraManifests : - etcd-firewall.yaml - kubelet-firewall.yaml [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" []","title":"NodeConfigs"},{"location":"reference/configuration/#imagefactory","text":"ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version , Secureboot Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer{{if .Secureboot}}-secureboot{{end}}/{{.ID}}:{{.Version}} ImageURLTmpl string Go template to parse the full ISO or boot image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch , Secureboot , UseUKI , BootMethod , Suffix Show example ImageURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}{{if .Secureboot}}-secureboot{{end}}{{if and .Secureboot .UseUKI}}-uki.efi{{else}}{{.Suffix}}{{end}}","title":"ImageFactory"},{"location":"reference/configuration/#machinespec","text":"MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 secureboot bool Whether to enable Secure Boot. Show example secureboot : true false useUKI bool Whether to use UKI if Secure Boot is enabled. Show example useUKI : true false bootMethod string Boot method for the node. Can be \"disk-image\", \"iso\" or \"pxe\". Show example bootMethod : disk-image iso imageSuffix string The image file extension. Will be automatically defined by specified bootMethod , e.g: raw.xz , raw.tar.gz , qcow2 . Show example imageSuffix : raw.xz \"\"","title":"MachineSpec"},{"location":"reference/configuration/#ingressfirewall","text":"IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"IngressFirewall"},{"location":"reference/configuration/#extensionservice","text":"ExtensionService defines machine extension service configuration for a node. Field Type Description Default Value Required name string Name of the extension service config. Show example name : nut-client nil configFiles [] ConfigFile The config files for the extension service. Show example configFiles : - content : MONITOR upsmonHost 1 remote pass password mountPath : /usr/local/etc/nut/upsmon.conf nil environment []string The environment for the extension service. Show example environment : - UPS_NAME=ups nil","title":"ExtensionService"},{"location":"reference/configuration/#volume","text":"Volume defines machine volume configuration for a node. Field Type Description Default Value Required name string Name of the volume config. Show example name : EPHEMERAL nil provisioning ProvisioningSpec Provisioning spec of the volume config. Show example provisioning : diskSelector : match : disk.transport == \"nvme\" maxSize : 50GiB nil","title":"Volume"},{"location":"reference/configuration/#networkrule","text":"NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"NetworkRule"},{"location":"reference/configuration/#cniconfig","text":"CNIConfig is type of upstream Talos v1alpha1.CNIConfig","title":"CNIConfig"},{"location":"reference/configuration/#installdiskselector","text":"InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector .","title":"InstallDiskSelector"},{"location":"reference/configuration/#inlinemanifest","text":"InlineManifest is type of upstream Talos v1alpha1.ClusterInlineManifest In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml )","title":"InlineManifest"},{"location":"reference/configuration/#machinedisk","text":"MachineDisk is type of upstream Talos v1alpha1.MachineDisk","title":"MachineDisk"},{"location":"reference/configuration/#machinefile","text":"MachineFile is type of upstream Talos v1alpha1.MachineFile In addition to this, there's also a skipEnvsubst key that can be set to true to skip doing envsubst (only for file outside of talconfig.yaml )","title":"MachineFile"},{"location":"reference/configuration/#installextensionconfig","text":"InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig","title":"InstallExtensionConfig"},{"location":"reference/configuration/#schematic","text":"Schematic is type of upstream Talos Image Factory schematic.Schematic","title":"Schematic"},{"location":"reference/configuration/#kernelmoduleconfig","text":"KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig","title":"KernelModuleConfig"},{"location":"reference/configuration/#device","text":"Device is type of upstream Talos v1alpha1.Device","title":"Device"},{"location":"reference/configuration/#portselector","text":"PortSelector is type of upstream Talos network.RulePortSelector","title":"PortSelector"},{"location":"reference/configuration/#ingressconfig","text":"IngressConfig is type of upstream Talos network.IngressConfig","title":"IngressConfig"},{"location":"reference/configuration/#configfile","text":"ConfigFile is type of upstream Talos extensions.ConfigFile","title":"ConfigFile"},{"location":"reference/configuration/#provisioningspec","text":"ProvisioningSpec is type of upstream Talos block.ProvisioningSpec","title":"ProvisioningSpec"},{"location":"reference/supported-version/","text":"Supported Talos Versions Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10","title":"Supported Talos Versions"},{"location":"reference/supported-version/#supported-talos-versions","text":"Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6 v1.7 v1.8 v1.9 v1.10","title":"Supported Talos Versions"}]} \ No newline at end of file