Documentation
¶
Index ¶
- Constants
- func FullConfigProcess(opts Options, patches []string) (*bundle.Bundle, machine.Type, error)
- func InitializeConfigBundle(opts Options) (*bundle.Bundle, error)
- func MergeFileAsPatch(rendered []byte, patchFile string) ([]byte, error)
- func NodeFileHasOverlay(patchFile string) (bool, error)
- func NormalizeTemplatePath(p string) string
- func OmitSecretValues(rendered []byte, secrets map[string]struct{}) ([]byte, error)
- func RedactSecretValues(rendered []byte, secrets map[string]struct{}) ([]byte, error)
- func Render(ctx context.Context, c *client.Client, opts Options) ([]byte, error)
- func SerializeConfiguration(configBundle *bundle.Bundle, machineType machine.Type) ([]byte, error)
- type Options
Constants ¶
const CommandNameApply = "talm apply"
CommandNameApply is the CommandName value `talm apply` passes to engine.Render. Exported so pkg/commands/apply.go uses it directly as the source of truth — eliminates the drift class that would otherwise let apply error hints silently start suggesting the non-existent `--offline` flag.
const CommandNameTemplate = "talm template"
CommandNameTemplate is the CommandName value `talm template` passes to engine.Render. Pinning to a constant lets offlineRemedyFor allow-list `--offline` suggestions (rather than deny-list against known no-offline subcommands) — that way any future subcommand or untested caller that forgets to set CommandName falls through to the safe "fix reachability" remedy instead of getting an `--offline` hint that may not exist for its flow.
Variables ¶
This section is empty.
Functions ¶
func FullConfigProcess ¶
FullConfigProcess handles the full process of creating and updating the Bundle.
The function performs no I/O that would respect a context; the ctx parameter that callers used to pass in was always discarded inside. Dropping the parameter makes the contract honest. If a future caller needs cancellation (e.g. a future remote configpatcher), reintroduce it as a typed first argument.
func InitializeConfigBundle ¶
InitializeConfigBundle initializes a Talos configuration bundle from opts.
func MergeFileAsPatch ¶ added in v0.25.0
MergeFileAsPatch overlays the YAML body of patchFile onto rendered using Talos's strategic-merge config patcher.
patchFile is a node file: its first line is the talm modeline (a YAML comment) followed by an arbitrary Talos config patch (typically machine.* fields the user wants pinned per node). When the file contains only the modeline (or is otherwise empty after stripping comments and whitespace) the function returns rendered unchanged — short-circuiting Talos's configpatcher which would otherwise route the empty patch through JSON6902 and reject any multi-document rendered config (the v1.12+ output format) outright.
Note that for non-empty patches the patcher round-trips rendered through its config loader, normalising YAML formatting and dropping comments. This is acceptable for the apply path (the result goes straight to ApplyConfiguration) but unsuitable for human-facing output such as `talm template` — which is why the template subcommand does not call this helper.
func NodeFileHasOverlay ¶ added in v0.25.0
NodeFileHasOverlay reports whether a node file carries a non-empty per-node body below its modeline. The apply path uses this to reject multi-node node files that would otherwise stamp the same pinned hostname/address/VIP onto every target.
func NormalizeTemplatePath ¶ added in v0.19.1
NormalizeTemplatePath converts OS-specific path separators to forward slash. Helm engine's Render() returns map keys with forward slashes regardless of OS, so input paths must be normalized to match.
func OmitSecretValues ¶ added in v0.32.0
OmitSecretValues removes every field whose scalar value is a known secret from the rendered config so the value never lands in a committed node file. The real value is re-rendered at apply time, where the node-file body is merged as a patch on top of a fresh render — so a path the body omits is left to the render, which holds the genuine value.
Two granularities, dictated by how `talm apply`'s patch merge treats the node body (see MergeFileAsPatch / pruneBodyIdentitiesAgainstRendered):
- A secret that is a direct map value: drop the key. Maps merge by key, so the rendered value survives untouched.
- A secret anywhere inside a sequence: drop the WHOLE KEY, never a partial list. A partial list is unsafe two ways. Under default sequence semantics a stripped element no longer deep-equals the rendered element and would be appended as a spurious duplicate. Under `merge:"replace"` semantics (configpatcher's replaceSemanticPaths — cluster podSubnets / serviceSubnets, apiServer auditPolicy, ingress, portSelector/ports) a partial body list OVERWRITES the rendered list, silently dropping the secret-bearing element from the applied config. Dropping the whole key sidesteps both: the body omits the list entirely, so the render (which holds every element, secret included) is authoritative under any merge semantics.
A mapping emptied by dropping a secret key is left as an empty map (e.g. `auth: {}`), NOT key-dropped. An empty-map patch merges as a no-op (maps merge by key), so the rendered value survives — no clobber risk, unlike the sequence case.
Returns rendered unchanged when secrets is empty.
func RedactSecretValues ¶ added in v0.32.0
RedactSecretValues replaces every known-secret scalar value with a fixed sentinel, preserving structure. Used only for the stdout / preview stream of `talm template` (default-on when encrypted value files are in scope, bypassed by --show-secrets) so a preview never prints secret material. Returns rendered unchanged when secrets is empty.
Types ¶
type Options ¶
type Options struct {
ValueFiles []string
StringValues []string
Values []string
FileValues []string
JsonValues []string `yaml:"jsonValues"` //nolint:revive // public field name kept for backwards compatibility with existing consumers in pkg/commands/template.go and Chart.yaml
LiteralValues []string
TalosVersion string
WithSecrets string
Full bool
Debug bool
Root string
Offline bool
KubernetesVersion string
TemplateFiles []string
ClusterName string
Endpoint string
// CommandName names the caller subcommand for error messages such as
// the one produced by FailIfMultiNodes. Empty value falls back to "talm".
CommandName string
// TalosEndpoints carries the addresses dialed by the talos client for
// chart `lookup` calls. Surfaced through wrapLookupError so failed
// lookups name the endpoints the operator actually targeted, instead
// of forcing them to reconstruct from CLI flags / modeline.
TalosEndpoints []string
}
Options encapsulates all parameters necessary for rendering.