talosgenerator

package
v7.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Overview

Package talosgenerator provides a generator for Talos project scaffolding.

This package creates the Talos patches directory structure required for Talos cluster configuration, including cluster-wide, control-plane, and worker patch folders.

Index

Constants

View Source 
const ExternalCloudProviderPatchYAML = `cluster:
  externalCloudProvider:
    enabled: true
machine:
  kubelet:
    extraArgs:
      cloud-provider: external
`

ExternalCloudProviderPatchYAML is the Talos machine config patch YAML that enables the external cloud provider. This is the single source of truth for the patch content, shared between the generator (file-based scaffolding) and the runtime config manager (in-memory patch injection for existing projects).

It enables both the cluster-level externalCloudProvider and the kubelet cloud-provider flag, which are required for cloud controller managers (e.g., Hetzner CCM) to initialize nodes with a providerID and write node labels.

See: https://www.talos.dev/latest/kubernetes-guides/configuration/cloud-provider/

View Source 
const KubeletServingCertApproverManifestURL = "https://raw.githubusercontent.com/alex1989hu/kubelet-serving-cert-approver/main/deploy/standalone-install.yaml"

KubeletServingCertApproverManifestURL is the URL for the kubelet-serving-cert-approver manifest. This is installed during Talos bootstrap to automatically approve kubelet serving certificate CSRs. Note: We use alex1989hu/kubelet-serving-cert-approver for Talos because it provides a single manifest URL suitable for extraManifests. For non-Talos distributions, we use postfinance/kubelet-csr-approver via Helm which offers more features and configurability. See: https://docs.siderolabs.com/kubernetes-guides/monitoring-and-observability/deploy-metrics-server/

Deprecated: Use csrapprover.Manifest() with inlineManifests instead of this URL. This constant is retained for backward compatibility with existing patch files.

Variables

View Source 
var ErrConfigRequired = errors.New("talos config is required")

ErrConfigRequired is returned when a nil config is provided.

Functions

func KubeletCSRApproverInlineManifestPatchYAML added in v7.4.2 

func KubeletCSRApproverInlineManifestPatchYAML() string

KubeletCSRApproverInlineManifestPatchYAML returns the Talos machine config patch YAML that installs the kubelet-serving-cert-approver via cluster.inlineManifests. The manifest uses the upstream-recommended :main image tag.

Types

type Config 

type Config struct {
	// PatchesDir is the root directory for Talos patches.
	PatchesDir string
	// MirrorRegistries contains mirror registry specifications in "host=upstream" format.
	// Example: ["docker.io=https://registry-1.docker.io"]
	MirrorRegistries []string
	// WorkerNodes is the number of worker nodes configured.
	// When 0 (default), generates allow-scheduling-on-control-planes.yaml.
	WorkerNodes int
	// DisableDefaultCNI indicates whether to disable Talos's default CNI (Flannel).
	// When true, generates a disable-default-cni.yaml patch to set cluster.network.cni.name to "none".
	// This is required when using an alternative CNI like Cilium.
	DisableDefaultCNI bool
	// EnableKubeletCertRotation indicates whether to enable kubelet serving certificate rotation.
	// When true, generates a kubelet-cert-rotation.yaml patch with rotate-server-certificates: true.
	// This is required for secure metrics-server communication using TLS.
	EnableKubeletCertRotation bool
	// ClusterName is an optional explicit cluster name override.
	// When set, generates a cluster-name.yaml patch to set cluster.clusterName.
	// This name is used for the kubeconfig context (admin@<name>).
	ClusterName string
	// EnableImageVerification indicates whether to generate an ImageVerificationConfig template.
	// When true, generates an image-verification.yaml document with a default skip-all rule
	// and commented examples for keyless (Cosign/OIDC) and public key verification.
	// This requires Talos 1.13+.
	EnableImageVerification bool
	// DisableCDI indicates whether to generate a patch that disables CDI.
	// When true, generates a disable-cdi.yaml patch to set machine.features.enableCDI to false.
	// Talos 1.13+ enables CDI by default, so this patch is only needed when CDI should be turned off.
	DisableCDI bool
	// EnableExternalCloudProvider indicates whether to enable the external cloud provider.
	// When true, generates an external-cloud-provider.yaml patch that sets
	// cluster.externalCloudProvider.enabled to true and machine.kubelet.extraArgs.cloud-provider
	// to "external". This is required for Hetzner Cloud so that the Cloud Controller Manager
	// can initialize nodes with a providerID and the CSI driver can schedule.
	// See: https://www.talos.dev/latest/kubernetes-guides/configuration/cloud-provider/
	EnableExternalCloudProvider bool
}

Config represents the Talos scaffolding configuration.

type Generator 

type Generator struct{}

Generator generates the Talos directory structure.

func NewGenerator 

func NewGenerator() *Generator

NewGenerator creates a new Generator.

func (*Generator) Generate 

func (g *Generator) Generate(
	model *Config,
	opts yamlgenerator.Options,
) (string, error)

Generate creates the Talos patches directory structure. The model parameter contains the patches directory path. Returns the generated directory path and any error encountered.

Source Files

View all Source files

Directories

Path Synopsis
Package csrapprover provides the kubelet-serving-cert-approver manifest for embedding in Talos machine configs via cluster.inlineManifests.
 Package csrapprover provides the kubelet-serving-cert-approver manifest for embedding in Talos machine configs via cluster.inlineManifests.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.