talos

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2026 License: Apache-2.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateBootstrapTokenSecret 

func CreateBootstrapTokenSecret(ctx context.Context, client kubernetes.Interface, token string) error

CreateBootstrapTokenSecret creates a bootstrap token Secret in the tenant API server's kube-system namespace. The token has no TTL so it remains valid for static machine configs.

Steward's soot PhaseBootstrapToken already creates the RBAC needed for bootstrap tokens to work (AllowBootstrapTokensToGetNodes, AllowBootstrapTokensToPostCSRs, AutoApproveNodeBootstrapTokens, AutoApproveNodeCertificateRotation). These RBAC rules apply to ALL bootstrap tokens via group-based ClusterRoleBindings.

func EndpointFromTCPStatus 

func EndpointFromTCPStatus(endpoint string) string

EndpointFromTCPStatus converts a TCP status endpoint ("host:port") to the format Talos expects ("https://host:port").

func FindExistingBootstrapToken 

func FindExistingBootstrapToken(ctx context.Context, client kubernetes.Interface) (string, error)

FindExistingBootstrapToken checks the tenant API server for an existing bootstrap token Secret. Returns the token string if found, or empty string if none exists. This enables idempotent reconciliation when the reconciler creates a token but fails before creating the CAPI bootstrap Secret.

func GenerateBootstrapToken 

func GenerateBootstrapToken() (string, error)

GenerateBootstrapToken generates a random kubeadm-format bootstrap token. Format: "<6-char-id>.<16-char-secret>" (e.g., "a1b2c3.abcdef0123456789").

func GenerateTalosconfig added in v0.5.0 

func GenerateTalosconfig(input TalosconfigInput) ([]byte, error)

GenerateTalosconfig generates a talosconfig YAML for CLI access to worker nodes.

func GenerateWorkerConfig 

func GenerateWorkerConfig(input MachineConfigInput) ([]byte, error)

GenerateWorkerConfig generates a Talos v1alpha1 worker machine config YAML.

func IsTalosCluster 

func IsTalosCluster(tc *butlerv1alpha1.TenantCluster) bool

IsTalosCluster returns true if the TenantCluster uses Talos OS for workers.

Types

type Client added in v0.5.0 

type Client struct {
	TalosctlPath string
}

Client wraps talosctl for applying machine configs to nodes in maintenance mode.

func NewClient added in v0.5.0 

func NewClient() *Client

NewClient creates a new talosctl client.

func (*Client) ApplyConfig added in v0.5.0 

func (c *Client) ApplyConfig(ctx context.Context, nodeIP string, configData []byte, configPatches ...string) error

ApplyConfig applies a Talos machine config to a node using talosctl. The --insecure flag is always used because these are fresh VMs in maintenance mode. Optional configPatches are passed as --config-patch arguments for per-node overrides.

type MachineConfigInput 

type MachineConfigInput struct {
	// ClusterName is the name of the tenant cluster.
	ClusterName string

	// ControlPlaneEndpoint is the API server endpoint (e.g., "https://10.40.0.1:6443").
	ControlPlaneEndpoint string

	// ClusterCACert is the PEM-encoded Kubernetes cluster CA certificate.
	ClusterCACert string

	// MachineToken is the trustd authentication token (format: "butler.<hex>").
	// Used by Talos apid to authenticate with steward-trustd.
	MachineToken string

	// BootstrapToken is a kubeadm bootstrap token (format: "<6char>.<16char>").
	// Used by kubelet for TLS bootstrapping with the tenant API server.
	BootstrapToken string

	// OSCACert is the PEM-encoded OS CA certificate for trusting steward-trustd.
	OSCACert string

	// PodCIDR is the pod network CIDR (e.g., "10.244.0.0/16").
	PodCIDR string

	// ServiceCIDR is the service network CIDR (e.g., "10.96.0.0/12").
	ServiceCIDR string

	// InstallDisk is the disk device for Talos installation (e.g., "/dev/vda").
	InstallDisk string

	// InstallerImage is the Talos installer image reference.
	InstallerImage string
}

MachineConfigInput contains all data needed to generate a Talos worker machine config.

type MachineInfo added in v0.5.0 

type MachineInfo struct {
	Name        string
	IP          string
	Annotations map[string]string
}

MachineInfo contains the name, IP, and annotations of a CAPI Machine.

func GetMachineAddresses added in v0.5.0 

func GetMachineAddresses(ctx context.Context, c client.Client, clusterName, namespace string) ([]MachineInfo, error)

GetMachineAddresses lists CAPI Machine objects for a cluster and extracts their IP addresses. Returns a slice of MachineInfo with name, IP, and annotations for each Machine that has an address. Machines without addresses are skipped (they may not be provisioned yet).

type TalosconfigInput added in v0.5.0 

type TalosconfigInput struct {
	ContextName string
	Endpoints   []string // Control plane endpoint(s)
	CACert      []byte   // PEM-encoded os-ca.crt
	AdminCert   []byte   // PEM-encoded admin.crt
	AdminKey    []byte   // PEM-encoded admin.key
}

TalosconfigInput contains the parameters needed to generate a talosconfig.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.