From d690f73cfd35c7aa0f21c717631a862a908d7923 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 17 Jan 2024 09:30:51 +0000 Subject: [PATCH] Deployed 03b2788 to develop with MkDocs 1.4.2 and mike 1.2.0.dev0 --- develop/reference/configuration/index.html | 111 +++++++++++++++++++++ develop/search/search_index.json | 2 +- 2 files changed, 112 insertions(+), 1 deletion(-) diff --git a/develop/reference/configuration/index.html b/develop/reference/configuration/index.html index 3889687f..e68f933e 100644 --- a/develop/reference/configuration/index.html +++ b/develop/reference/configuration/index.html @@ -71,6 +71,10 @@
  • MachineSpec
    • +
  • IngressFirewall +
    • +
  • NetworkRule +
  • ControlPlane
  • Worker @@ -91,6 +95,10 @@
  • Device
    • +
  • PortSelector +
    • +
  • IngressConfig +
  • Supported Talos Versions @@ -432,6 +440,26 @@

    Node

    ❎ +ingressFirewall +IngressFirewall +Machine firewall specification for the node.
    Show example +
    ingressFirewall:
+  defaultAction: block
+  rules:
+    - name: kubelet-ingress
+      portSelector:
+        ports:
+          - 10250
+        protocol: tcp
+      ingress:
+        - subnet: 172.20.0.0/24
+          except: 172.20.0.1/32
+
    + +nil +❎ + + controlPlane bool Whether the node is a controlplane.
    Show example @@ -705,6 +733,85 @@

    MachineSpec

    ❎ +

    IngressFirewall

    +

    IngressFirewall defines machine firewall configuration for a node.

    + + + +

    + + + + + + + + + + + + + + + +
    FieldTypeDescriptionDefault ValueRequired
    defaultActionstring
    Default action for all not explicitly configured traffic.Can be "accept" or "block"
    Show example +
    defaultAction: accept
+
    +
    		nil✅
    rules[]NetworkRule
    List of matching network rules to allow or block against the defaultAction.If defaultAction is set to block, matching rules will be allowed vice versa.
    Show example +
    rules:
+  - name: kubelet-ingress
+    portSelector:
+      ports:
+        - 10250
+      protocol: tcp
+    ingress:
+      - subnet: 172.20.0.0/24
+        except: 172.20.0.1/32
+
    +
    		nil✅
    +

    NetworkRule

    +

    NetworkRule defines the firewall rules to match.

    + + + +

    + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeDescriptionDefault ValueRequired
    namestringName of the rule.
    Show example +
    name: kubelet-ingress
+
    +
    		nil✅
    portSelectorPortSelectorPorts and protocols on the host affected by the rule.
    Show example +
    portSelector:
+  ports:
+    - 10250
+  protocol: tcp
+
    +
    		nil✅
    ingress[]IngressConfigList of source subnets allowed to access the host ports/protocols.
    Show example +
    ingress:
+  - subnet: 172.20.0.0/24
+    except: 172.20.0.1/32
+
    +
    		nil✅

    ControlPlane

    ControlPlane defines machine configurations for controlplane type nodes.

    @@ -867,6 +974,10 @@

    KernelModuleConfig

    KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig

    Device

    Device is type of upstream Talos v1alpha1.Device

    +

    PortSelector

    +

    PortSelector is type of upstream Talos network.RulePortSelector

    +

    IngressConfig

    +

    IngressConfig is type of upstream Talos network.IngressConfig

    diff --git a/develop/search/search_index.json b/develop/search/search_index.json index e2ea506e..f10275f6 100644 --- a/develop/search/search_index.json +++ b/develop/search/search_index.json @@ -1 +1 @@ -{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Introduction Overview talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public. Why should I use Talhelper The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section. Alternatives There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider Bug report and feature request If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Introduction"},{"location":"#introduction","text":"","title":"Introduction"},{"location":"#overview","text":"talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public.","title":"Overview"},{"location":"#why-should-i-use-talhelper","text":"The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section.","title":"Why should I use Talhelper"},{"location":"#alternatives","text":"There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider","title":"Alternatives"},{"location":"#bug-report-and-feature-request","text":"If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Bug report and feature request"},{"location":"contributing/","text":"Contributing Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"contributing/#contributing","text":"Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"getting-started/","text":"Getting Started Before you begin There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation. Scenarios Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started: You already have a Talos cluster running If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. You are starting from scratch If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"Getting Started"},{"location":"getting-started/#getting-started","text":"","title":"Getting Started"},{"location":"getting-started/#before-you-begin","text":"There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation.","title":"Before you begin"},{"location":"getting-started/#scenarios","text":"Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started:","title":"Scenarios"},{"location":"getting-started/#you-already-have-a-talos-cluster-running","text":"If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"You already have a Talos cluster running"},{"location":"getting-started/#you-are-starting-from-scratch","text":"If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"You are starting from scratch"},{"location":"guides/","text":"Guides Example talconfig.yaml A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference . Adding Talos extensions and kernel arguments Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 . Configuring SOPS for Talhelper sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files. Using Doppler instead of SOPS If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} 2. In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . 3. Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Generating talosctl commands for bash scripting Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation . Selfhosted Image Factory By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs. Editing talconfig.yaml file If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately. Shell completion Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Guides"},{"location":"guides/#guides","text":"","title":"Guides"},{"location":"guides/#example-talconfigyaml","text":"A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference .","title":"Example talconfig.yaml"},{"location":"guides/#adding-talos-extensions-and-kernel-arguments","text":"Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 .","title":"Adding Talos extensions and kernel arguments"},{"location":"guides/#configuring-sops-for-talhelper","text":"sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files.","title":"Configuring SOPS for Talhelper"},{"location":"guides/#using-doppler-instead-of-sops","text":"If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} 2. In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . 3. Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig .","title":"Using Doppler instead of SOPS"},{"location":"guides/#generating-talosctl-commands-for-bash-scripting","text":"Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation .","title":"Generating talosctl commands for bash scripting"},{"location":"guides/#selfhosted-image-factory","text":"By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs.","title":"Selfhosted Image Factory"},{"location":"guides/#editing-talconfigyaml-file","text":"If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately.","title":"Editing talconfig.yaml file"},{"location":"guides/#shell-completion","text":"Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Shell completion"},{"location":"installation/","text":"Installation There are several ways to install talhelper to your workstation. Using aqua You can get talhelper from the standard registry as budimanjojo/talhelper . Using asdf You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest Using Homebrew You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper Using Nix Flakes You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Using Pacman Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper Using AUR You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin Using Scoop You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper Using one liner with jpillora You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash From the release page If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"Installation"},{"location":"installation/#installation","text":"There are several ways to install talhelper to your workstation.","title":"Installation"},{"location":"installation/#using-aqua","text":"You can get talhelper from the standard registry as budimanjojo/talhelper .","title":"Using aqua"},{"location":"installation/#using-asdf","text":"You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest","title":"Using asdf"},{"location":"installation/#using-homebrew","text":"You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper","title":"Using Homebrew"},{"location":"installation/#using-nix-flakes","text":"You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default .","title":"Using Nix Flakes"},{"location":"installation/#using-pacman","text":"Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper","title":"Using Pacman"},{"location":"installation/#using-aur","text":"You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin","title":"Using AUR"},{"location":"installation/#using-scoop","text":"You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper","title":"Using Scoop"},{"location":"installation/#using-one-liner-with-jpillora","text":"You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash","title":"Using one liner with jpillora"},{"location":"installation/#from-the-release-page","text":"If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"From the release page"},{"location":"reference/cli/","text":"CLI talhelper completion bash Generate the autocompletion script for bash Synopsis Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once: Linux: talhelper completion bash > /etc/bash_completion.d/talhelper macOS: talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash Options -h, --help help for bash --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion fish Generate the autocompletion script for fish Synopsis Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags] Options -h, --help help for fish --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion powershell Generate the autocompletion script for powershell Synopsis Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags] Options -h, --help help for powershell --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion zsh Generate the autocompletion script for zsh Synopsis Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once: Linux: talhelper completion zsh > \"${fpath[1]}/_talhelper\" macOS: talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags] Options -h, --help help for zsh --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion Generate the autocompletion script for the specified shell Synopsis Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script. Options -h, --help help for completion SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh talhelper gencommand apply Generate talosctl apply-config commands. talhelper gencommand apply [flags] Options -h, --help help for apply Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand bootstrap Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags] Options -h, --help help for bootstrap Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade Generate talosctl upgrade commands. talhelper gencommand upgrade [flags] Options -h, --help help for upgrade Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade-k8s Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags] Options -h, --help help for upgrade-k8s Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand Generate commands for talosctl. Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands. talhelper genconfig Generate Talos cluster config YAML files talhelper genconfig [flags] Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genschema Generate talconfig.yaml JSON schema file talhelper genschema [flags] Options -f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gensecret Generate Talos cluster secrets talhelper gensecret [flags] Options -f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl installer Generate URL for Talos installer image talhelper genurl installer [flags] Options -h, --help help for installer Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl iso Generate URL for Talos ISO image talhelper genurl iso [flags] Options -a, --arch string CPU architecture support of the image (default \"amd64\") -h, --help help for iso -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl Generate URL for Talos installer or ISO Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl installer - Generate URL for Talos installer image talhelper genurl iso - Generate URL for Talos ISO image talhelper validate nodeconfig Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags] Options -h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\") SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate talconfig Check the validity of talhelper config file talhelper validate talconfig [file] [flags] Options -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yaml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate Validate the correctness of talconfig or talos node config Options -h, --help help for validate SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file talhelper A tool to help with creating Talos cluster Synopsis talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them. Options -h, --help help for talhelper SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"CLI"},{"location":"reference/cli/#cli","text":"","title":"CLI"},{"location":"reference/cli/#talhelper-completion-bash","text":"Generate the autocompletion script for bash","title":"talhelper completion bash"},{"location":"reference/cli/#synopsis","text":"Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux","text":"talhelper completion bash > /etc/bash_completion.d/talhelper","title":"Linux:"},{"location":"reference/cli/#macos","text":"talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash","title":"macOS:"},{"location":"reference/cli/#options","text":"-h, --help help for bash --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-fish","text":"Generate the autocompletion script for fish","title":"talhelper completion fish"},{"location":"reference/cli/#synopsis_1","text":"Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags]","title":"Synopsis"},{"location":"reference/cli/#options_1","text":"-h, --help help for fish --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_1","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-powershell","text":"Generate the autocompletion script for powershell","title":"talhelper completion powershell"},{"location":"reference/cli/#synopsis_2","text":"Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags]","title":"Synopsis"},{"location":"reference/cli/#options_2","text":"-h, --help help for powershell --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_2","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-zsh","text":"Generate the autocompletion script for zsh","title":"talhelper completion zsh"},{"location":"reference/cli/#synopsis_3","text":"Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux_1","text":"talhelper completion zsh > \"${fpath[1]}/_talhelper\"","title":"Linux:"},{"location":"reference/cli/#macos_1","text":"talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags]","title":"macOS:"},{"location":"reference/cli/#options_3","text":"-h, --help help for zsh --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_3","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion","text":"Generate the autocompletion script for the specified shell","title":"talhelper completion"},{"location":"reference/cli/#synopsis_4","text":"Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script.","title":"Synopsis"},{"location":"reference/cli/#options_4","text":"-h, --help help for completion","title":"Options"},{"location":"reference/cli/#see-also_4","text":"talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-apply","text":"Generate talosctl apply-config commands. talhelper gencommand apply [flags]","title":"talhelper gencommand apply"},{"location":"reference/cli/#options_5","text":"-h, --help help for apply","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_5","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-bootstrap","text":"Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags]","title":"talhelper gencommand bootstrap"},{"location":"reference/cli/#options_6","text":"-h, --help help for bootstrap","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_1","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_6","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade","text":"Generate talosctl upgrade commands. talhelper gencommand upgrade [flags]","title":"talhelper gencommand upgrade"},{"location":"reference/cli/#options_7","text":"-h, --help help for upgrade","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_2","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_7","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade-k8s","text":"Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags]","title":"talhelper gencommand upgrade-k8s"},{"location":"reference/cli/#options_8","text":"-h, --help help for upgrade-k8s","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_3","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_8","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand","text":"Generate commands for talosctl.","title":"talhelper gencommand"},{"location":"reference/cli/#options_9","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options"},{"location":"reference/cli/#see-also_9","text":"talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genconfig","text":"Generate Talos cluster config YAML files talhelper genconfig [flags]","title":"talhelper genconfig"},{"location":"reference/cli/#options_10","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\")","title":"Options"},{"location":"reference/cli/#see-also_10","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genschema","text":"Generate talconfig.yaml JSON schema file talhelper genschema [flags]","title":"talhelper genschema"},{"location":"reference/cli/#options_11","text":"-f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema","title":"Options"},{"location":"reference/cli/#see-also_11","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gensecret","text":"Generate Talos cluster secrets talhelper gensecret [flags]","title":"talhelper gensecret"},{"location":"reference/cli/#options_12","text":"-f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret","title":"Options"},{"location":"reference/cli/#see-also_12","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-installer","text":"Generate URL for Talos installer image talhelper genurl installer [flags]","title":"talhelper genurl installer"},{"location":"reference/cli/#options_13","text":"-h, --help help for installer","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_4","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_13","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-iso","text":"Generate URL for Talos ISO image talhelper genurl iso [flags]","title":"talhelper genurl iso"},{"location":"reference/cli/#options_14","text":"-a, --arch string CPU architecture support of the image (default \"amd64\") -h, --help help for iso -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_5","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_14","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl","text":"Generate URL for Talos installer or ISO","title":"talhelper genurl"},{"location":"reference/cli/#options_15","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options"},{"location":"reference/cli/#see-also_15","text":"talhelper - A tool to help with creating Talos cluster talhelper genurl installer - Generate URL for Talos installer image talhelper genurl iso - Generate URL for Talos ISO image","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-nodeconfig","text":"Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags]","title":"talhelper validate nodeconfig"},{"location":"reference/cli/#options_16","text":"-h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\")","title":"Options"},{"location":"reference/cli/#see-also_16","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-talconfig","text":"Check the validity of talhelper config file talhelper validate talconfig [file] [flags]","title":"talhelper validate talconfig"},{"location":"reference/cli/#options_17","text":"-e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yaml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation","title":"Options"},{"location":"reference/cli/#see-also_17","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate","text":"Validate the correctness of talconfig or talos node config","title":"talhelper validate"},{"location":"reference/cli/#options_18","text":"-h, --help help for validate","title":"Options"},{"location":"reference/cli/#see-also_18","text":"talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file","title":"SEE ALSO"},{"location":"reference/cli/#talhelper","text":"A tool to help with creating Talos cluster","title":"talhelper"},{"location":"reference/cli/#synopsis_5","text":"talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them.","title":"Synopsis"},{"location":"reference/cli/#options_19","text":"-h, --help help for talhelper","title":"Options"},{"location":"reference/cli/#see-also_19","text":"talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/configuration/","text":"Configuration Config Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosImageURL string DEPRECATED, won't do anything, use nodes[].talosImageURL instead . Show example talosImageURL : ghcr.io/siderolabs/installer \"ghcr.io/siderolabs/installer\" talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ISOURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane ControlPlane Configurations targetted for controlplane nodes. Show example controlPlane : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker Worker Configurations targetted for worker nodes. Show example worker : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil Node Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl iso subcommand. Show example machineSpec : mode : metal arch : arm64 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] extensions [] InstallExtensionConfig DEPRECATED, use schematic instead . List of additional system extensions image to install. Show example extensions : - image : ghcr.io/siderolabs/tailscale:1.44.0 [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to the node. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to the node. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] ImageFactory ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer/{{.ID}}:{{.Version}} ISOURLTmpl string Go template to parse the full ISO image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch Show example installerURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso MachineSpec MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 ControlPlane ControlPlane defines machine configurations for controlplane type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all controlplane nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all controlplane nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all controlplane nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all controlplane nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil Worker Worker defines machine configurations for worker type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all worker nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all worker nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all worker nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all worker nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil CNIConfig CNIConfig is type of upstream Talos v1alpha1.CNIConfig InstallDiskSelector InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector . MachineDisk MachineDisk is type of upstream Talos v1alpha1.MachineDisk MachineFile MachineFile is type of upstream Talos v1alpha1.MachineFile InstallExtensionConfig InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig Schematic Schematic is type of upstream Talos Image Factory schematic.Schematic KernelModuleConfig KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig Device Device is type of upstream Talos v1alpha1.Device","title":"Configuration"},{"location":"reference/configuration/#configuration","text":"","title":"Configuration"},{"location":"reference/configuration/#config","text":"Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosImageURL string DEPRECATED, won't do anything, use nodes[].talosImageURL instead . Show example talosImageURL : ghcr.io/siderolabs/installer \"ghcr.io/siderolabs/installer\" talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ISOURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane ControlPlane Configurations targetted for controlplane nodes. Show example controlPlane : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker Worker Configurations targetted for worker nodes. Show example worker : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil","title":"Config"},{"location":"reference/configuration/#node","text":"Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl iso subcommand. Show example machineSpec : mode : metal arch : arm64 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] extensions [] InstallExtensionConfig DEPRECATED, use schematic instead . List of additional system extensions image to install. Show example extensions : - image : ghcr.io/siderolabs/tailscale:1.44.0 [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to the node. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to the node. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[]","title":"Node"},{"location":"reference/configuration/#imagefactory","text":"ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer/{{.ID}}:{{.Version}} ISOURLTmpl string Go template to parse the full ISO image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch Show example installerURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso","title":"ImageFactory"},{"location":"reference/configuration/#machinespec","text":"MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64","title":"MachineSpec"},{"location":"reference/configuration/#controlplane","text":"ControlPlane defines machine configurations for controlplane type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all controlplane nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all controlplane nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all controlplane nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all controlplane nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil","title":"ControlPlane"},{"location":"reference/configuration/#worker","text":"Worker defines machine configurations for worker type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all worker nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all worker nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all worker nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all worker nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil","title":"Worker"},{"location":"reference/configuration/#cniconfig","text":"CNIConfig is type of upstream Talos v1alpha1.CNIConfig","title":"CNIConfig"},{"location":"reference/configuration/#installdiskselector","text":"InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector .","title":"InstallDiskSelector"},{"location":"reference/configuration/#machinedisk","text":"MachineDisk is type of upstream Talos v1alpha1.MachineDisk","title":"MachineDisk"},{"location":"reference/configuration/#machinefile","text":"MachineFile is type of upstream Talos v1alpha1.MachineFile","title":"MachineFile"},{"location":"reference/configuration/#installextensionconfig","text":"InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig","title":"InstallExtensionConfig"},{"location":"reference/configuration/#schematic","text":"Schematic is type of upstream Talos Image Factory schematic.Schematic","title":"Schematic"},{"location":"reference/configuration/#kernelmoduleconfig","text":"KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig","title":"KernelModuleConfig"},{"location":"reference/configuration/#device","text":"Device is type of upstream Talos v1alpha1.Device","title":"Device"},{"location":"reference/supported-version/","text":"Supported Talos Versions Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6","title":"Supported Talos Versions"},{"location":"reference/supported-version/#supported-talos-versions","text":"Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6","title":"Supported Talos Versions"}]} \ No newline at end of file +{"config":{"indexing":"full","lang":["en"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"Introduction Overview talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public. Why should I use Talhelper The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section. Alternatives There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider Bug report and feature request If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Introduction"},{"location":"#introduction","text":"","title":"Introduction"},{"location":"#overview","text":"talhelper is a tool to help creating Talos configuration files declaratively. It was inspired by a python script written by @bjw-s . In a nutshell, this is what talhelper does step by step behind the door: Read and validate talconfig.yaml . Read and decrypt talsecret.yaml or talsecret.sops.yaml with sops if needed. Read and decrypt talenv.yaml or talenv.sops.yaml with sops if needed and load them into environment variables. Do envsubst if needed. Validate and generate Talos and machine config files inside ./clusterconfig directory. Generate .gitignore file so you don't commit the generated files to the public.","title":"Overview"},{"location":"#why-should-i-use-talhelper","text":"The main reason to use talhelper instead of talosctl gen config command to generate Talos machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with talosctl . Currently, to create Talos configuration files using the official talosctl tool your steps are: Run talosctl gen config and it will generate controlplane.yaml , worker.yaml , talosconfig in the current working directory. Copy and modify those files manually according to your nodes. Run talosctl apply-config --insecure -n --file for each node. This process is fine if you just want to do this once and forget about it. But if you're like me (and many others ), you might want to \"GitOpsified\" this process. So here's where you might want to use talhelper . With talhelper , the steps will become like this: Create a talconfig.yaml . Run talhelper gensecret > talsecret.sops.yaml and encrypt it with sops sops -e -i talsecret.sops.yaml . Run talhelper genconfig . Run talosctl apply-config --insecure -n --file ./clusterconfig/-.yaml for each node. Yes there are more steps needed. But now you can commit your talconfig.yaml and the encrypted talsecret.sops.yaml to your repository and get your whole cluster version controlled. To get started, hop over to the Getting Started section.","title":"Why should I use Talhelper"},{"location":"#alternatives","text":"There are some alternatives you can consider instead of talhelper . The official Terraform provider The official Pulumi provider","title":"Alternatives"},{"location":"#bug-report-and-feature-request","text":"If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.","title":"Bug report and feature request"},{"location":"contributing/","text":"Contributing Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"contributing/#contributing","text":"Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated ! If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the label \"enhancement\". Don't forget to give the project a star! Fork the project Create your Feature Branch ( git checkout -b feature/AmazingFeature ) Commit your changes ( git commit -m 'feat: add some AmazingFeature ) Push to the branch ( git push origin feature/AmazingFeature ) Open a Pull Request","title":"Contributing"},{"location":"getting-started/","text":"Getting Started Before you begin There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation. Scenarios Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started: You already have a Talos cluster running If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them. You are starting from scratch If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"Getting Started"},{"location":"getting-started/#getting-started","text":"","title":"Getting Started"},{"location":"getting-started/#before-you-begin","text":"There are some prerequisites before you start using talhelper . You need talhelper installed on your workstation (of course), head over to the Installation page for more detail. You also need sops installed and configured with your preferred encryption tool ( age , pgp , etc). If you want to use doppler instead, there's an alternative way to do this thanks to @truxnell which you can read here You also need talosctl installed on your workstation to apply the generated machine config files. Once you have all of the above conditions met, you can now start with the Scenario that suits your current situation.","title":"Before you begin"},{"location":"getting-started/#scenarios","text":"Depending on which situation you are currently in before integrating talhelper to your stack, here are some simplified steps to get you started:","title":"Scenarios"},{"location":"getting-started/#you-already-have-a-talos-cluster-running","text":"If you already have your Talos Kubernetes cluster up and running but you haven't GitOps it yet. Here are the steps you need to do: Get your node's machineconfig using talosctl : talosctl -n read /system/state/config.yaml > /tmp/machineconfig.yaml . Run talhelper gensecret -f /tmp/machineconfig.yaml > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with all your current cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Create a talconfig.yaml based on your current cluster, here's the example template . For all the available options, look at the Configuration Reference Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"You already have a Talos cluster running"},{"location":"getting-started/#you-are-starting-from-scratch","text":"If you are creating a Talos Kubernetes cluster from scratch and you want to use talhelper , that's awesome! Here are the steps you need to do: Create a talconfig.yaml according to your needs, here's the example template . For all the available options, look at the Configuration Reference Run talhelper gensecret > talsecret.sops.yaml . This command will create a talsecret.sops.yaml file with your future cluster secrets. Encrypt the secret with sops : sops -e -i talsecret.sops.yaml (you will need sops configured properly ). Run talhelper genconfig and the output files will be in ./clusterconfig by default. You can now do talosctl apply-config commands to the generated files. Commit your talconfig.yaml and talsecret.yaml in your git repository. Note Please don't push the generated files into your public git repository. By default talhelper will create a .gitignore file to ignore the generated files for you unless you use --no-gitignore flag. The generated files contain unencrypted secrets and you don't want people to get a hand on them.","title":"You are starting from scratch"},{"location":"guides/","text":"Guides Example talconfig.yaml A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference . Adding Talos extensions and kernel arguments Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 . Configuring SOPS for Talhelper sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files. Using Doppler instead of SOPS If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} 2. In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . 3. Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Generating talosctl commands for bash scripting Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation . Selfhosted Image Factory By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs. Editing talconfig.yaml file If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately. Shell completion Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Guides"},{"location":"guides/#guides","text":"","title":"Guides"},{"location":"guides/#example-talconfigyaml","text":"A minimal talconfig.yaml file will look like this: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda Let's say you want to add labels to the master node and add another worker node named warmachine , you can modify talconfig.yaml like so: --- clusterName : my-cluster endpoint : https://192.168.200.10:6443 nodes : - hostname : master controlPlane : true ipAddress : 192.168.200.11 installDisk : /dev/sda nodeLabels : rack : rack1 - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 installDiskSelector : size : 128GB Then you can run talhelper genconfig . Here's a more detailed example talconfig.yaml . To see all the available options of the configuration file, head over to Configuration Reference .","title":"Example talconfig.yaml"},{"location":"guides/#adding-talos-extensions-and-kernel-arguments","text":"Talos v1.5 introduced a new unified way to generate boot assets for installer container image that you can build yourself using their imager container or use image-factory to dynamically build it for you. The old way of installing system extensions using machine.install.extensions in the configuration file is being deprecated, so it's not recommended to use it. Talhelper can help you to generate the installer url like image-factory if you provide schematic for your nodes. Let's say your warmachine node is using Intel processor so you want to have intel-ucode extension and you also want to use traditional network interface naming by providing net.ifnames=0 to the kernel argument. Your talhelper.yaml should be something like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode When you run talhelper genconfig , the generated manifest file for warmachine will have machine.install.image value of factory.talos.dev/installer/9e8cc193609699825d61c039c7738d81cf29c7b20f2a91d8f5c540511b9ea0b4:v1.5.4 , which will be the same url you'll get if using image-factory . If you don't want to use the url from image-factory or you want to use your own installer image, you can use per node talosImageURL like this: --- clusterName : my-cluster talosVersion : v1.5.4 endpoint : https://192.168.200.10:6443 nodes : - hostname : warmachine controlPlane : false ipAddress : 192.168.200.12 talosImageURL : my.registry/install/talos-installer-image This will result in machine.install.image value to be my.registry/install/talos-installer-image:v1.5.4 .","title":"Adding Talos extensions and kernel arguments"},{"location":"guides/#configuring-sops-for-talhelper","text":"sops is a simple and flexible tool for managing secrets. If you haven't used sops before, the easiest way to get started is by using age as the encryption tool of choice. To configure talhelper to use sops to encrypt and decrypt your secrets, here's the simplified step by step you can do: Install both sops and age into your system. Run age-keygen -o /age/keys.txt . By default, will be in $XDG_CONFIG_HOME/sops on Linux, $HOME/Library/Application Support/sops on MacOS, and %AppData%\\sops on Windows. In the directory where your talenv.sops.yaml , and talsecrets.sops.yaml lives, create a .sops.yaml file with this content: --- creation_rules : - age : >- ## get this in the keys.txt file from previous step Now, if you encrypt your talenv.sops.yaml and talsecret.sops.yaml files with sops , talhelper will be able to decrypt it when generating config files.","title":"Configuring SOPS for Talhelper"},{"location":"guides/#using-doppler-instead-of-sops","text":"If you don't want to use sops as your secret management, you can use Doppler instead (or any other secret managers that can inject environment variables to the shell). Thanks to @truxnell for this genius idea. Here's the simplified step by step to achieve this: In the place where you want to use environment secrets, put it in talconfig.yaml file with ${} placeholder like this: controlPlane : inlinePatch : cluster : aescbcEncryptionSecret : ${AESCBCENCYPTIONKEY} In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig . Thanks to @jtcressy you can also make use of talsecret.yaml file (which is a better way than doing inlinePatch ). Note that you can only put the cluster secrets known by Talos here (you can use talhelper gensecret command and modify it). Here's the simplified step by step to achieve this: In talsecret.yaml file, put all your secrets with ${} placeholder like this: cluster : id : ${CLUSTERNAME} secret : ${CLUSTERSECRET} secrets : bootstraptoken : ${BOOTSTRAPTOKEN} secretboxencryptionsecret : ${AESCBCENCYPTIONKEY} trustdinfo : token : ${TRUSTDTOKEN} certs : etcd : crt : ${ETCDCERT} key : ${ETCDKEY} k8s : crt : ${K8SCERT} key : ${K8SKEY} k8saggregator : crt : ${K8SAGGCERT} key : ${K8SAGGKEY} k8sserviceaccount : key : ${K8SSAKEY} os : crt : ${OSCERT} key : ${OSKEY} 2. In doppler , create a project named i.e \"talhelper\". In that project, create a config i.e \"env\" that stores key and value of the secret like AESCBCENCYPTIONKEY: . . 3. Run doppler CLI command that sets environment variable before running the talhelper command i.e: doppler run -p talhelper -c env talhelper genconfig .","title":"Using Doppler instead of SOPS"},{"location":"guides/#generating-talosctl-commands-for-bash-scripting","text":"Thanks to the idea and contribution of mirceanton , you can generate talosctl commands for bash scripting in your workflow. For example, in the directory where a talconfig.yaml like this is located: --- clusterName : my-cluster talosVersion : v1.5.5 nodes : - hostname : node1 ipAddress : 192.168.10.11 controlPlane : true After running talhelper genconfig , you can run talhelper gencommand apply | bash in the terminal to apply the generated config into your machine(s) automatically. There are some other gencommand commands that you can use like upgrade , upgrade-k8s , bootstrap , etc, For more information about the available gencommand commands and flags you can use, head over to the documentation .","title":"Generating talosctl commands for bash scripting"},{"location":"guides/#selfhosted-image-factory","text":"By default, the generated manifests will use the official image-factory to pull the installer image. If you're self hosting your own image-factory, you can change your talconfig.yaml like so: --- clusterName : my-cluster imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : http installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} The schematicEndpoint is used to do HTTP POST request to get the schematic ID. If your selfhosted image factory doesn't do schematic ID like the official one does, you can pass --offline flag to talhelper genconfig command and modify the installerURLTmpl to your needs.","title":"Selfhosted Image Factory"},{"location":"guides/#editing-talconfigyaml-file","text":"If you're using a text editor with yaml LSP support, you can use talhelper genschema command to generate a talconfig.json . You can then feed that file to the language server so you can get autocompletion when editing talconfig.yaml file. If your LSP is configured to use JSON schema store , you should get auto-completion working immediately.","title":"Editing talconfig.yaml file"},{"location":"guides/#shell-completion","text":"Depending on how you install talhelper , you might not need to do anything to get autocompletion for talhelper commands i.e if you install using the Nix Flakes or AUR. If you don't get it working out of the box, you can use talhelper completion command to generate autocompletion for your shell. bash You will need bash-completion installed and configured on your system first. And then you can put this line somewhere inside your ~/.bashrc file: source < ( talhelper completion bash ) After reloading your shell, autocompletion should be working. To enable bash autocompletion in current session of shell, source the ~/.bashrc file: source ~/.bashrc fish Put this line somewhere inside your ~/.config/fish/config.fish file: talhelper completion fish | source Another way is to put the generated file into ~/.config/fish/completions/talhelper.fish file: talhelper completion fish > ~/.config/fish/completions/talhelper.fish After reloading your shell, autocompletion should be working. zsh Put this line somewhere inside your ~/.zshrc : source < ( talhelper completion zsh ) After reloading your shell, autocompletion should be working. To enable zsh autocompletion in current session of shell, source the ~/.zshrc file: source ~/.zshrc powershell Append the generated file into $PROFILE : talhelper completion powershell >> $PROFILE After reloading your shell, autocompletion should be working.","title":"Shell completion"},{"location":"installation/","text":"Installation There are several ways to install talhelper to your workstation. Using aqua You can get talhelper from the standard registry as budimanjojo/talhelper . Using asdf You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest Using Homebrew You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper Using Nix Flakes You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default . Using Pacman Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper Using AUR You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin Using Scoop You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper Using one liner with jpillora You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash From the release page If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"Installation"},{"location":"installation/#installation","text":"There are several ways to install talhelper to your workstation.","title":"Installation"},{"location":"installation/#using-aqua","text":"You can get talhelper from the standard registry as budimanjojo/talhelper .","title":"Using aqua"},{"location":"installation/#using-asdf","text":"You can get talhelper with a plugin maintained by @bjw-s . Add the plugin asdf plugin add talhelper Install the program asdf install talhelper latest","title":"Using asdf"},{"location":"installation/#using-homebrew","text":"You can get talhelper from the official formulae (thanks to @ishioni ). brew install talhelper","title":"Using Homebrew"},{"location":"installation/#using-nix-flakes","text":"You can get talhelper as Nix Flakes from the repository . Add the repository as input in your flake.nix file { inputs = { talhelper . url = \"github:budimanjojo/talhelper\" ; } } The package is now available at packages..default of the flake. You can call it in your home.packages or environment.systemPackages or devShell by referencing the input as inputs.talhelper.packages..default .","title":"Using Nix Flakes"},{"location":"installation/#using-pacman","text":"Thanks to grawlinson , you can get talhelper from official Arch Linux \"Extra\" repository. sudo pacman -S talhelper","title":"Using Pacman"},{"location":"installation/#using-aur","text":"You can get talhelper from AUR using any AUR helper if you're Arch Linux user btw. Example using yay : yay -S talhelper-bin","title":"Using AUR"},{"location":"installation/#using-scoop","text":"You can get talhelper from Scoop if you're a Windows user (thanks to @dedene ). scoop bucket add budimanjojo https :// github . com / budimanjojo / talhelper . git scoop install talhelper","title":"Using Scoop"},{"location":"installation/#using-one-liner-with-jpillora","text":"You can get talhelper using this one liner using tool provided by jpillora . curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash","title":"Using one liner with jpillora"},{"location":"installation/#from-the-release-page","text":"If none of the above works for you, you can download the archived binary for your system from the latest release page . Please let me know if you want to help with adding new installation method by creating a new issue .","title":"From the release page"},{"location":"reference/cli/","text":"CLI talhelper completion bash Generate the autocompletion script for bash Synopsis Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once: Linux: talhelper completion bash > /etc/bash_completion.d/talhelper macOS: talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash Options -h, --help help for bash --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion fish Generate the autocompletion script for fish Synopsis Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags] Options -h, --help help for fish --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion powershell Generate the autocompletion script for powershell Synopsis Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags] Options -h, --help help for powershell --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion zsh Generate the autocompletion script for zsh Synopsis Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once: Linux: talhelper completion zsh > \"${fpath[1]}/_talhelper\" macOS: talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags] Options -h, --help help for zsh --no-descriptions disable completion descriptions SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper completion Generate the autocompletion script for the specified shell Synopsis Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script. Options -h, --help help for completion SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh talhelper gencommand apply Generate talosctl apply-config commands. talhelper gencommand apply [flags] Options -h, --help help for apply Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand bootstrap Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags] Options -h, --help help for bootstrap Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade Generate talosctl upgrade commands. talhelper gencommand upgrade [flags] Options -h, --help help for upgrade Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand upgrade-k8s Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags] Options -h, --help help for upgrade-k8s Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper gencommand - Generate commands for talosctl. talhelper gencommand Generate commands for talosctl. Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands. talhelper genconfig Generate Talos cluster config YAML files talhelper genconfig [flags] Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genschema Generate talconfig.yaml JSON schema file talhelper genschema [flags] Options -f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper gensecret Generate Talos cluster secrets talhelper gensecret [flags] Options -f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl installer Generate URL for Talos installer image talhelper genurl installer [flags] Options -h, --help help for installer Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl iso Generate URL for Talos ISO image talhelper genurl iso [flags] Options -a, --arch string CPU architecture support of the image (default \"amd64\") -h, --help help for iso -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\") Options inherited from parent commands -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper genurl - Generate URL for Talos installer or ISO talhelper genurl Generate URL for Talos installer or ISO Options -c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\") SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper genurl installer - Generate URL for Talos installer image talhelper genurl iso - Generate URL for Talos ISO image talhelper validate nodeconfig Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags] Options -h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\") SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate talconfig Check the validity of talhelper config file talhelper validate talconfig [file] [flags] Options -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yaml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation SEE ALSO talhelper validate - Validate the correctness of talconfig or talos node config talhelper validate Validate the correctness of talconfig or talos node config Options -h, --help help for validate SEE ALSO talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file talhelper A tool to help with creating Talos cluster Synopsis talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them. Options -h, --help help for talhelper SEE ALSO talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"CLI"},{"location":"reference/cli/#cli","text":"","title":"CLI"},{"location":"reference/cli/#talhelper-completion-bash","text":"Generate the autocompletion script for bash","title":"talhelper completion bash"},{"location":"reference/cli/#synopsis","text":"Generate the autocompletion script for the bash shell. This script depends on the 'bash-completion' package. If it is not installed already, you can install it via your OS's package manager. To load completions in your current shell session: source <(talhelper completion bash) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux","text":"talhelper completion bash > /etc/bash_completion.d/talhelper","title":"Linux:"},{"location":"reference/cli/#macos","text":"talhelper completion bash > $(brew --prefix)/etc/bash_completion.d/talhelper You will need to start a new shell for this setup to take effect. talhelper completion bash","title":"macOS:"},{"location":"reference/cli/#options","text":"-h, --help help for bash --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-fish","text":"Generate the autocompletion script for fish","title":"talhelper completion fish"},{"location":"reference/cli/#synopsis_1","text":"Generate the autocompletion script for the fish shell. To load completions in your current shell session: talhelper completion fish | source To load completions for every new session, execute once: talhelper completion fish > ~/.config/fish/completions/talhelper.fish You will need to start a new shell for this setup to take effect. talhelper completion fish [flags]","title":"Synopsis"},{"location":"reference/cli/#options_1","text":"-h, --help help for fish --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_1","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-powershell","text":"Generate the autocompletion script for powershell","title":"talhelper completion powershell"},{"location":"reference/cli/#synopsis_2","text":"Generate the autocompletion script for powershell. To load completions in your current shell session: talhelper completion powershell | Out-String | Invoke-Expression To load completions for every new session, add the output of the above command to your powershell profile. talhelper completion powershell [flags]","title":"Synopsis"},{"location":"reference/cli/#options_2","text":"-h, --help help for powershell --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_2","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion-zsh","text":"Generate the autocompletion script for zsh","title":"talhelper completion zsh"},{"location":"reference/cli/#synopsis_3","text":"Generate the autocompletion script for the zsh shell. If shell completion is not already enabled in your environment you will need to enable it. You can execute the following once: echo \"autoload -U compinit; compinit\" >> ~/.zshrc To load completions in your current shell session: source <(talhelper completion zsh) To load completions for every new session, execute once:","title":"Synopsis"},{"location":"reference/cli/#linux_1","text":"talhelper completion zsh > \"${fpath[1]}/_talhelper\"","title":"Linux:"},{"location":"reference/cli/#macos_1","text":"talhelper completion zsh > $(brew --prefix)/share/zsh/site-functions/_talhelper You will need to start a new shell for this setup to take effect. talhelper completion zsh [flags]","title":"macOS:"},{"location":"reference/cli/#options_3","text":"-h, --help help for zsh --no-descriptions disable completion descriptions","title":"Options"},{"location":"reference/cli/#see-also_3","text":"talhelper completion - Generate the autocompletion script for the specified shell","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-completion","text":"Generate the autocompletion script for the specified shell","title":"talhelper completion"},{"location":"reference/cli/#synopsis_4","text":"Generate the autocompletion script for talhelper for the specified shell. See each sub-command's help for details on how to use the generated script.","title":"Synopsis"},{"location":"reference/cli/#options_4","text":"-h, --help help for completion","title":"Options"},{"location":"reference/cli/#see-also_4","text":"talhelper - A tool to help with creating Talos cluster talhelper completion bash - Generate the autocompletion script for bash talhelper completion fish - Generate the autocompletion script for fish talhelper completion powershell - Generate the autocompletion script for powershell talhelper completion zsh - Generate the autocompletion script for zsh","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-apply","text":"Generate talosctl apply-config commands. talhelper gencommand apply [flags]","title":"talhelper gencommand apply"},{"location":"reference/cli/#options_5","text":"-h, --help help for apply","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_5","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-bootstrap","text":"Generate talosctl bootstrap commands. talhelper gencommand bootstrap [flags]","title":"talhelper gencommand bootstrap"},{"location":"reference/cli/#options_6","text":"-h, --help help for bootstrap","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_1","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_6","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade","text":"Generate talosctl upgrade commands. talhelper gencommand upgrade [flags]","title":"talhelper gencommand upgrade"},{"location":"reference/cli/#options_7","text":"-h, --help help for upgrade","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_2","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_7","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand-upgrade-k8s","text":"Generate talosctl upgrade-k8s commands. talhelper gencommand upgrade-k8s [flags]","title":"talhelper gencommand upgrade-k8s"},{"location":"reference/cli/#options_8","text":"-h, --help help for upgrade-k8s","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_3","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_8","text":"talhelper gencommand - Generate commands for talosctl.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gencommand","text":"Generate commands for talosctl.","title":"talhelper gencommand"},{"location":"reference/cli/#options_9","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) --extra-flags strings List of additional flags that will be injected into the generated commands. -h, --help help for gencommand -n, --node string A specific node to generate the command for. If not specified, will generate for all nodes. -o, --out-dir string Directory that contains the generated config files to apply. (default \"./clusterconfig\")","title":"Options"},{"location":"reference/cli/#see-also_9","text":"talhelper - A tool to help with creating Talos cluster talhelper gencommand apply - Generate talosctl apply-config commands. talhelper gencommand bootstrap - Generate talosctl bootstrap commands. talhelper gencommand upgrade - Generate talosctl upgrade commands. talhelper gencommand upgrade-k8s - Generate talosctl upgrade-k8s commands.","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genconfig","text":"Generate Talos cluster config YAML files talhelper genconfig [flags]","title":"talhelper genconfig"},{"location":"reference/cli/#options_10","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") -n, --dry-run Skip generating manifests and show diff instead -e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -h, --help help for genconfig --no-gitignore Create/update gitignore file too --offline-mode Generate schematic ID without doing POST request to image-factory -o, --out-dir string Directory where to dump the generated files (default \"./clusterconfig\") -s, --secret-file strings List of files containing secrets for the cluster (default [talsecret.yaml,talsecret.sops.yaml,talsecret.yml,talsecret.sops.yml]) -m, --talos-mode string Talos runtime mode to validate generated config (default \"metal\")","title":"Options"},{"location":"reference/cli/#see-also_10","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genschema","text":"Generate talconfig.yaml JSON schema file talhelper genschema [flags]","title":"talhelper genschema"},{"location":"reference/cli/#options_11","text":"-f, --file string Where to dump the generated json-schema file (default \"talconfig.json\") -h, --help help for genschema","title":"Options"},{"location":"reference/cli/#see-also_11","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-gensecret","text":"Generate Talos cluster secrets talhelper gensecret [flags]","title":"talhelper gensecret"},{"location":"reference/cli/#options_12","text":"-f, --from-configfile string Talos cluster node configuration file to generate secret from -h, --help help for gensecret","title":"Options"},{"location":"reference/cli/#see-also_12","text":"talhelper - A tool to help with creating Talos cluster","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-installer","text":"Generate URL for Talos installer image talhelper genurl installer [flags]","title":"talhelper genurl installer"},{"location":"reference/cli/#options_13","text":"-h, --help help for installer","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_4","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_13","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl-iso","text":"Generate URL for Talos ISO image talhelper genurl iso [flags]","title":"talhelper genurl iso"},{"location":"reference/cli/#options_14","text":"-a, --arch string CPU architecture support of the image (default \"amd64\") -h, --help help for iso -m, --talos-mode string Talos runtime mode to generate URL (default \"metal\")","title":"Options"},{"location":"reference/cli/#options-inherited-from-parent-commands_5","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options inherited from parent commands"},{"location":"reference/cli/#see-also_14","text":"talhelper genurl - Generate URL for Talos installer or ISO","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-genurl","text":"Generate URL for Talos installer or ISO","title":"talhelper genurl"},{"location":"reference/cli/#options_15","text":"-c, --config-file string File containing configurations for talhelper (default \"talconfig.yaml\") --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml]) -e, --extension strings Official extension image to be included in the image (ignored when talconfig.yaml is found) -h, --help help for genurl -k, --kernel-arg strings Kernel arguments to be passed to the image kernel (ignored when talconfig.yaml is found) -n, --node string A specific node to generate command for. If not specified, will generate for all nodes (ignored when talconfig.yaml is not found) --offline-mode Generate schematic ID without doing POST request to image-factory -r, --registry-url string Registry url of the image (default \"factory.talos.dev\") -v, --version string Talos version to generate (defaults to latest Talos version) (default \"v1.6.0\")","title":"Options"},{"location":"reference/cli/#see-also_15","text":"talhelper - A tool to help with creating Talos cluster talhelper genurl installer - Generate URL for Talos installer image talhelper genurl iso - Generate URL for Talos ISO image","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-nodeconfig","text":"Check the validity of Talos node config file talhelper validate nodeconfig [file] [flags]","title":"talhelper validate nodeconfig"},{"location":"reference/cli/#options_16","text":"-h, --help help for nodeconfig -m, --mode string Talos runtime mode to validate with (default \"metal\")","title":"Options"},{"location":"reference/cli/#see-also_16","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate-talconfig","text":"Check the validity of talhelper config file talhelper validate talconfig [file] [flags]","title":"talhelper validate talconfig"},{"location":"reference/cli/#options_17","text":"-e, --env-file strings List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yaml,talenv.sops.yml]) -h, --help help for talconfig --no-substitute Whether to do envsubst on before validation","title":"Options"},{"location":"reference/cli/#see-also_17","text":"talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/cli/#talhelper-validate","text":"Validate the correctness of talconfig or talos node config","title":"talhelper validate"},{"location":"reference/cli/#options_18","text":"-h, --help help for validate","title":"Options"},{"location":"reference/cli/#see-also_18","text":"talhelper - A tool to help with creating Talos cluster talhelper validate nodeconfig - Check the validity of Talos node config file talhelper validate talconfig - Check the validity of talhelper config file","title":"SEE ALSO"},{"location":"reference/cli/#talhelper","text":"A tool to help with creating Talos cluster","title":"talhelper"},{"location":"reference/cli/#synopsis_5","text":"talhelper is a tool to help you create a Talos cluster. Workflow: Create talconfig.yaml file defining your nodes information like so: clusterName: mycluster talosVersion: v1.0 endpoint: https://192.168.200.10:6443 nodes: - hostname: master1 ipAddress: 192.168.200.11 installDisk: /dev/sdb controlPlane: true - hostname: worker1 ipAddress: 192.168.200.21 installDisk: /dev/nvme1 controlPlane: false Then run these commands: talhelper gensecret > talsecret.sops.yaml sops -e -i talsecret.sops.yaml talhelper genconfig The generated yaml files will be in ./clusterconfig directory WARNING! Please don't push the generated files into your public git repository. By default talhelper will create a \".gitignore\" file to ignore the generated files for you unless you use \"--no-gitignore\" flag. The generated files contain unencrypted secrets and you don't want people to get a hand of them.","title":"Synopsis"},{"location":"reference/cli/#options_19","text":"-h, --help help for talhelper","title":"Options"},{"location":"reference/cli/#see-also_19","text":"talhelper completion - Generate the autocompletion script for the specified shell talhelper gencommand - Generate commands for talosctl. talhelper genconfig - Generate Talos cluster config YAML files talhelper genschema - Generate talconfig.yaml JSON schema file talhelper gensecret - Generate Talos cluster secrets talhelper genurl - Generate URL for Talos installer or ISO talhelper validate - Validate the correctness of talconfig or talos node config","title":"SEE ALSO"},{"location":"reference/configuration/","text":"Configuration Config Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosImageURL string DEPRECATED, won't do anything, use nodes[].talosImageURL instead . Show example talosImageURL : ghcr.io/siderolabs/installer \"ghcr.io/siderolabs/installer\" talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ISOURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane ControlPlane Configurations targetted for controlplane nodes. Show example controlPlane : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker Worker Configurations targetted for worker nodes. Show example worker : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil Node Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl iso subcommand. Show example machineSpec : mode : metal arch : arm64 nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] extensions [] InstallExtensionConfig DEPRECATED, use schematic instead . List of additional system extensions image to install. Show example extensions : - image : ghcr.io/siderolabs/tailscale:1.44.0 [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to the node. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to the node. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] ImageFactory ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer/{{.ID}}:{{.Version}} ISOURLTmpl string Go template to parse the full ISO image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch Show example installerURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso MachineSpec MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64 IngressFirewall IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil NetworkRule NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil ControlPlane ControlPlane defines machine configurations for controlplane type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all controlplane nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all controlplane nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all controlplane nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all controlplane nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil Worker Worker defines machine configurations for worker type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all worker nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all worker nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all worker nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all worker nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil CNIConfig CNIConfig is type of upstream Talos v1alpha1.CNIConfig InstallDiskSelector InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector . MachineDisk MachineDisk is type of upstream Talos v1alpha1.MachineDisk MachineFile MachineFile is type of upstream Talos v1alpha1.MachineFile InstallExtensionConfig InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig Schematic Schematic is type of upstream Talos Image Factory schematic.Schematic KernelModuleConfig KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig Device Device is type of upstream Talos v1alpha1.Device PortSelector PortSelector is type of upstream Talos network.RulePortSelector IngressConfig IngressConfig is type of upstream Talos network.IngressConfig","title":"Configuration"},{"location":"reference/configuration/#configuration","text":"","title":"Configuration"},{"location":"reference/configuration/#config","text":"Package config contains all the options available for configuring a Talos cluster. Field Type Description Default Value Required clusterName string Configures the cluster's name. Show example clusterName : my-cluster \"\" endpoint string Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example endpoint : https://192.168.200.10:6443 \"\" nodes [] Node List of nodes configurations Show example nodes : - hostname : kmaster1 ipAddress : 192.168.200.11 controlPlane : true installDiskSelector : size : 128GB - hostname : kworker1 ipAddress : 192.168.200.12 controlPlane : false installDisk : /dev/sda networkInterfaces : - interface : eth0 dhcp : true [] talosImageURL string DEPRECATED, won't do anything, use nodes[].talosImageURL instead . Show example talosImageURL : ghcr.io/siderolabs/installer \"ghcr.io/siderolabs/installer\" talosVersion string Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example talosVersion : v1.5.2 \"latest\" kubernetesVersion string Allows for supplying the Kubernetes version to use. Show example kubernetesVersion : v1.28.1 \"\" domain string Allows for supplying the domain used by Kubernetes DNS. Show example domain : mycluster.com \"cluster.local\" allowSchedulingOnMasters bool Whether to allow running workload on controlplane nodes. Show example allowSchedulingOnMasters : true false allowSchedulingOnControlPlanes bool Whether to allow running workload on controlplane nodes. It is an alias to allowSchedulingOnMasters Show example allowSchedulingOnControlPlanes : true false additionalMachineCertSans []string Extra certificate SANs for the machine's certificate. Show example additionalMachineCertSans : - 10.0.0.10 - 172.16.0.10 - 192.168.0.10 [] additionalApiServerCertSans []string Extra certificate SANs for the API server's certificate. Show example additionalApiServerCertSans : - 1.2.3.4 - 4.5.6.7 - mycluster.local [] cniConfig CNIConfig The CNI to be used for the cluster's network. Show example cniConfig : name : custom urls : - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml nil imageFactory ImageFactory Configures selfhosted image factory. Show example imageFactory : registryURL : myfactory.com schematicEndpoint : /schematics protocol : https installerURLTmpl : {{ .RegistryURL }} /installer/{{.ID}}:{{.Version}} ISOURLTmpl : {{ .Protocol }} ://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso nil patches []string Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] controlPlane ControlPlane Configurations targetted for controlplane nodes. Show example controlPlane : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil worker Worker Configurations targetted for worker nodes. Show example worker : patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" nil","title":"Config"},{"location":"reference/configuration/#node","text":"Node defines machine configurations for each node. Field Type Description Default Value Required hostname string Configures the hostname of a node. Show example hostname : kmaster1 \"\" ipAddress string IP address where the node can be reached. Needed for endpoint and node address inside talosconfig . Show example ipAddress : 192.168.200.11 \"\" installDisk string The disk used for installation. Show example installDisk : /dev/sda \"\" talosImageURL string Allows for supplying the node level image used to perform the installation. Show example talosImageURL : factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e \"\" installDiskSelector InstallDiskSelector Look up disk used for installation. Required if installDisk is not specified. Show example installDiskSelector : size : 128GB model : WDC* name : /sys/block/sda/device/name busPath : /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 nil machineSpec MachineSpec Machine hardware specification for the node. Only used for genurl iso subcommand. Show example machineSpec : mode : metal arch : arm64 nil ingressFirewall IngressFirewall Machine firewall specification for the node. Show example ingressFirewall : defaultAction : block rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil controlPlane bool Whether the node is a controlplane. Show example controlPlane : true false nodeLabels map[string]string Labels to be added to the node. Show example rack : rack1a false nodeTaints map[string]string Node taints for the node. Show example exampleTaint : exampleTaintValue:NoSchedule false disableSearchDomain bool Whether to disable generating default search domain. Show example disableSearchDomain : true false machineDisks [] MachineDisk List of additional disks to partition, format, mount. Show example machineDisks : - device : /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions : - mountpoint : /var/mnt/sata [] machineFiles [] MachineFile List of additional files to create inside the node. Show example machineFiles : - content : | TS_AUTHKEY=123456 permissions : 0o644 path : /var/etc/tailscale/auth.env op : create [] extensions [] InstallExtensionConfig DEPRECATED, use schematic instead . List of additional system extensions image to install. Show example extensions : - image : ghcr.io/siderolabs/tailscale:1.44.0 [] schematic Schematic Configure Talos image customization to be used in the installer image Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil kernelModules [] KernelModuleConfig List of additional kernel modules to load. Show example kernelModules : - name : br_netfilter parameters : - nf_conntrack_max=131072 [] nameservers []string List of nameservers for the node. Show example nameservers : - 8.8.8.8 - 1.1.1.1 [] networkInterfaces [] Device List of network interface configurations for the node. Show example networkInterfaces : - interface : enp0s1 addresses : - 192.168.2.0/24 routes : - network : 0.0.0.0/0 gateway : 192.168.2.1 metric : 1024 mtu : 1500 [] patches []string Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to the node. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to the node. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[]","title":"Node"},{"location":"reference/configuration/#imagefactory","text":"ImageFactory defines configuration for selfhosted image-factory. Field Type Description Default Value Required registryURL string Registry URL of the factory. Show example registryURL : myfactory.com \"factory.talos.dev\" protocol string Protocol the registry is listening to. Show example protocol : http https schematicEndpoint string Path to do HTTP POST request to the registry. Show example schematicEndpoint : /schematics /schematics installerURLTmpl string Go template to parse the full installer URL. Available placeholders: RegistryURL , ID , Version Show example installerURLTmpl : \"{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}\" {{.RegistryURL}}/installer/{{.ID}}:{{.Version}} ISOURLTmpl string Go template to parse the full ISO image URL. Available placeholders: Protocol , RegistryURL , ID , Version , Mode , Arch Show example installerURLTmpl : \"{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso\" {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso","title":"ImageFactory"},{"location":"reference/configuration/#machinespec","text":"MachineSpec defines machine hardware configurations for a node. Field Type Description Default Value Required mode string Machine mode. Show example mode : metal \"metal\" arch string Machine architecture. Show example arch : arm64 amd64","title":"MachineSpec"},{"location":"reference/configuration/#ingressfirewall","text":"IngressFirewall defines machine firewall configuration for a node. Field Type Description Default Value Required defaultAction string Default action for all not explicitly configured traffic. Can be \"accept\" or \"block\" Show example defaultAction : accept nil rules [] NetworkRule List of matching network rules to allow or block against the defaultAction. If defaultAction is set to block, matching rules will be allowed vice versa. Show example rules : - name : kubelet-ingress portSelector : ports : - 10250 protocol : tcp ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"IngressFirewall"},{"location":"reference/configuration/#networkrule","text":"NetworkRule defines the firewall rules to match. Field Type Description Default Value Required name string Name of the rule. Show example name : kubelet-ingress nil portSelector PortSelector Ports and protocols on the host affected by the rule. Show example portSelector : ports : - 10250 protocol : tcp nil ingress [] IngressConfig List of source subnets allowed to access the host ports/protocols. Show example ingress : - subnet : 172.20.0.0/24 except : 172.20.0.1/32 nil","title":"NetworkRule"},{"location":"reference/configuration/#controlplane","text":"ControlPlane defines machine configurations for controlplane type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all controlplane nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all controlplane nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all controlplane nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all controlplane nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil","title":"ControlPlane"},{"location":"reference/configuration/#worker","text":"Worker defines machine configurations for worker type nodes. Field Type Description Default Value Required patches []string Patches to be applied to all worker nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example patches : - |- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: \"true\" - |- machine: env: MYENV: value - \"@./a-patch.yaml\" [] configPatches []map[string]interface{} DEPRECATED, use patches instead . List of RFC6902 JSON patches to be applied to all worker nodes. Show example configPatches : - op : add path : /machine/install/extraKernelArgs value : - console=ttyS1 [] inlinePatch map[string]interface{} DEPRECATED, use patches instead . Strategic merge patches to be applied to all worker nodes. Show example inlinePatch : machine : network : interfaces : - interface : eth0 addresses : [ 192.168.200.11/24 ] map[] schematic Schematic Configure Talos image customization to be applied to all worker nodes Show example schematic : customization : extraKernelArgs : - net.ifnames=0 systemExtensions : officialExtensions : - siderolabs/intel-ucode nil","title":"Worker"},{"location":"reference/configuration/#cniconfig","text":"CNIConfig is type of upstream Talos v1alpha1.CNIConfig","title":"CNIConfig"},{"location":"reference/configuration/#installdiskselector","text":"InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector .","title":"InstallDiskSelector"},{"location":"reference/configuration/#machinedisk","text":"MachineDisk is type of upstream Talos v1alpha1.MachineDisk","title":"MachineDisk"},{"location":"reference/configuration/#machinefile","text":"MachineFile is type of upstream Talos v1alpha1.MachineFile","title":"MachineFile"},{"location":"reference/configuration/#installextensionconfig","text":"InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig","title":"InstallExtensionConfig"},{"location":"reference/configuration/#schematic","text":"Schematic is type of upstream Talos Image Factory schematic.Schematic","title":"Schematic"},{"location":"reference/configuration/#kernelmoduleconfig","text":"KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig","title":"KernelModuleConfig"},{"location":"reference/configuration/#device","text":"Device is type of upstream Talos v1alpha1.Device","title":"Device"},{"location":"reference/configuration/#portselector","text":"PortSelector is type of upstream Talos network.RulePortSelector","title":"PortSelector"},{"location":"reference/configuration/#ingressconfig","text":"IngressConfig is type of upstream Talos network.IngressConfig","title":"IngressConfig"},{"location":"reference/supported-version/","text":"Supported Talos Versions Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6","title":"Supported Talos Versions"},{"location":"reference/supported-version/#supported-talos-versions","text":"Currently, the supported major and minor Talos versions are: v1.2 v1.3 v1.4 v1.5 v1.6","title":"Supported Talos Versions"}]} \ No newline at end of file