Documentation ¶
Overview ¶
Package config provides methods to generate and consume Talos configuration.
Package config provides methods to generate and consume Talos configuration.
Index ¶
- Variables
- func New(kind, version string) (interface{}, error)
- func Register(kind string, f func(version string) interface{})
- type APIServer
- type AdminKubeconfig
- type AdmissionPlugin
- type Bond
- type Bridge
- type CNI
- type ClusterConfig
- type ClusterNetwork
- type ControllerManager
- type CoreDNS
- type DHCPOptions
- type Device
- type Discovery
- type DiscoveryRegistries
- type Disk
- type Encryption
- type EncryptionKey
- type EncryptionKeyNodeID
- type EncryptionKeyStatic
- type Env
- type Etcd
- type Extension
- type ExternalCloudProvider
- type ExtraHost
- type Features
- type File
- type InlineManifest
- type Install
- type Kernel
- type KernelModule
- type KubeSpan
- type KubeSpanFilters
- type Kubelet
- type KubeletNodeIP
- type KubernetesRegistry
- type KubernetesTalosAPIAccess
- type Logging
- type LoggingDestination
- type MachineConfig
- type MachineControlPlane
- type MachineControllerManager
- type MachineNetwork
- type MachineScheduler
- type NetworkDeviceSelector
- type NodeLabels
- type Partition
- type Provider
- type ProviderBundle
- type Proxy
- type Registries
- type Registry
- type RegistryAuthConfig
- type RegistryConfig
- type RegistryMirrorConfig
- type RegistryTLSConfig
- type Route
- type RuntimeMode
- type STP
- type Scheduler
- type SeccompProfile
- type Security
- type ServiceRegistry
- type SystemDiskEncryption
- type Time
- type Token
- type UdevConfig
- type VIPConfig
- type VIPEquinixMetal
- type VIPHCloud
- type ValidationOption
- type ValidationOptions
- type VersionContract
- func (contract *VersionContract) APIServerAuditPolicySupported() bool
- func (contract *VersionContract) ApidExtKeyUsageCheckEnabled() bool
- func (contract *VersionContract) ClusterDiscoveryEnabled() bool
- func (contract *VersionContract) Greater(other *VersionContract) bool
- func (contract *VersionContract) KubeletDefaultRuntimeSeccompProfileEnabled() bool
- func (contract *VersionContract) KubeletManifestsDirectoryDisabled() bool
- func (contract *VersionContract) KubernetesAllowSchedulingOnControlPlanes() bool
- func (contract *VersionContract) KubernetesAlternateImageRegistries() bool
- func (contract *VersionContract) KubernetesDiscoveryBackendDisabled() bool
- func (contract *VersionContract) PodSecurityAdmissionEnabled() bool
- func (contract *VersionContract) PodSecurityPolicyEnabled() bool
- func (contract *VersionContract) SecretboxEncryptionSupported() bool
- func (contract *VersionContract) StableHostnameEnabled() bool
- func (contract *VersionContract) SupportsAggregatorCA() bool
- func (contract *VersionContract) SupportsDynamicCertSANs() bool
- func (contract *VersionContract) SupportsECDSAKeys() bool
- func (contract *VersionContract) SupportsECDSASHA256() bool
- func (contract *VersionContract) SupportsRBACFeature() bool
- func (contract *VersionContract) SupportsServiceAccount() bool
- type Vlan
- type VolumeMount
- type WireguardConfig
- type WireguardPeer
Constants ¶
This section is empty.
Variables ¶
var ( TalosVersionCurrent = (*VersionContract)(nil) TalosVersion1_3 = &VersionContract{1, 3} TalosVersion1_2 = &VersionContract{1, 2} TalosVersion1_1 = &VersionContract{1, 1} TalosVersion1_0 = &VersionContract{1, 0} TalosVersion0_14 = &VersionContract{0, 14} TalosVersion0_13 = &VersionContract{0, 13} TalosVersion0_12 = &VersionContract{0, 12} TalosVersion0_11 = &VersionContract{0, 11} TalosVersion0_10 = &VersionContract{0, 10} TalosVersion0_9 = &VersionContract{0, 9} TalosVersion0_8 = &VersionContract{0, 8} )
Well-known Talos version contracts.
var ( // ErrNotRegistered indicates that the manifest kind is not registered. ErrNotRegistered = errors.New("not registered") // ErrExists indicates that the manifest is already registered. ErrExists = errors.New("exists") )
Functions ¶
Types ¶
type APIServer ¶
type APIServer interface { Image() string ExtraArgs() map[string]string ExtraVolumes() []VolumeMount Env() Env DisablePodSecurityPolicy() bool AdmissionControl() []AdmissionPlugin AuditPolicy() map[string]interface{} }
APIServer defines the requirements for a config that pertains to apiserver related options.
type AdminKubeconfig ¶
type AdminKubeconfig interface { CommonName() string CertOrganization() string CertLifetime() time.Duration }
AdminKubeconfig defines settings for admin kubeconfig.
type AdmissionPlugin ¶
AdmissionPlugin defines the API server Admission Plugin configuration.
type Bond ¶
type Bond interface { Interfaces() []string ARPIPTarget() []string Mode() string HashPolicy() string LACPRate() string ADActorSystem() string ARPValidate() string ARPAllTargets() string Primary() string PrimaryReselect() string FailOverMac() string ADSelect() string MIIMon() uint32 UpDelay() uint32 DownDelay() uint32 ARPInterval() uint32 ResendIGMP() uint32 MinLinks() uint32 LPInterval() uint32 PacketsPerSlave() uint32 NumPeerNotif() uint8 TLBDynamicLB() uint8 AllSlavesActive() uint8 UseCarrier() bool ADActorSysPrio() uint16 ADUserPortKey() uint16 PeerNotifyDelay() uint32 }
Bond contains the various options for configuring a bonded interface.
type ClusterConfig ¶
type ClusterConfig interface { ID() string Name() string Secret() string APIServer() APIServer ControllerManager() ControllerManager Proxy() Proxy Scheduler() Scheduler Endpoint() *url.URL Token() Token CertSANs() []string CA() *x509.PEMEncodedCertificateAndKey AggregatorCA() *x509.PEMEncodedCertificateAndKey ServiceAccount() *x509.PEMEncodedKey AESCBCEncryptionSecret() string SecretboxEncryptionSecret() string Config(machine.Type) (string, error) Etcd() Etcd Network() ClusterNetwork LocalAPIServerPort() int CoreDNS() CoreDNS // ExternalCloudProvider returns external cloud provider settings. ExternalCloudProvider() ExternalCloudProvider ExtraManifestURLs() []string ExtraManifestHeaderMap() map[string]string InlineManifests() []InlineManifest AdminKubeconfig() AdminKubeconfig ScheduleOnControlPlanes() bool Discovery() Discovery }
ClusterConfig defines the requirements for a config that pertains to cluster related options.
type ClusterNetwork ¶
type ClusterNetwork interface { CNI() CNI PodCIDRs() []string ServiceCIDRs() []string DNSDomain() string // APIServerIPs returns kube-apiserver IPs in the ServiceCIDR. APIServerIPs() ([]netip.Addr, error) // DNSServiceIPs returns DNS service IPs in the ServiceCIDR. DNSServiceIPs() ([]netip.Addr, error) }
ClusterNetwork defines the requirements for a config that pertains to cluster network options.
type ControllerManager ¶
type ControllerManager interface { Image() string ExtraArgs() map[string]string ExtraVolumes() []VolumeMount Env() Env }
ControllerManager defines the requirements for a config that pertains to controller manager related options.
type CoreDNS ¶
CoreDNS defines the requirements for a config that pertains to CoreDNS coredns options.
type DHCPOptions ¶
DHCPOptions represents a set of DHCP options.
type Device ¶
type Device interface { Interface() string Addresses() []string Routes() []Route Bond() Bond Bridge() Bridge Vlans() []Vlan MTU() int DHCP() bool Ignore() bool Dummy() bool DHCPOptions() DHCPOptions VIPConfig() VIPConfig WireguardConfig() WireguardConfig Selector() NetworkDeviceSelector }
Device represents a network interface.
type Discovery ¶
type Discovery interface { Enabled() bool Registries() DiscoveryRegistries }
Discovery describes cluster membership discovery.
type DiscoveryRegistries ¶
type DiscoveryRegistries interface { Kubernetes() KubernetesRegistry Service() ServiceRegistry }
DiscoveryRegistries describes discovery methods.
type Disk ¶
Disk represents the options available for partitioning, formatting, and mounting extra disks.
type Encryption ¶
type Encryption interface { Kind() string Cipher() string KeySize() uint BlockSize() uint64 Options() []string Keys() []EncryptionKey }
Encryption defines settings for the partition encryption.
type EncryptionKey ¶
type EncryptionKey interface { Static() EncryptionKeyStatic NodeID() EncryptionKeyNodeID Slot() int }
EncryptionKey defines settings for the partition encryption key handling.
type EncryptionKeyNodeID ¶
type EncryptionKeyNodeID interface{}
EncryptionKeyNodeID deterministically generated encryption key.
type EncryptionKeyStatic ¶
type EncryptionKeyStatic interface {
Key() []byte
}
EncryptionKeyStatic ephemeral encryption key.
type Etcd ¶
type Etcd interface { Image() string CA() *x509.PEMEncodedCertificateAndKey ExtraArgs() map[string]string AdvertisedSubnets() []string ListenSubnets() []string }
Etcd defines the requirements for a config that pertains to etcd related options.
type Extension ¶
type Extension interface {
Image() string
}
Extension defines the system extension.
type ExternalCloudProvider ¶
type ExternalCloudProvider interface { // Enabled returns true if external cloud provider is enabled. Enabled() bool // ManifestURLs returns external cloud provider manifest URLs if it is enabled. ManifestURLs() []string }
ExternalCloudProvider defines settings for external cloud provider.
type Features ¶
type Features interface { RBACEnabled() bool StableHostnameEnabled() bool KubernetesTalosAPIAccess() KubernetesTalosAPIAccess ApidCheckExtKeyUsageEnabled() bool }
Features describe individual Talos features that can be switched on or off.
type InlineManifest ¶
InlineManifest describes inline manifest for the cluster boostrap.
type Install ¶
type Install interface { Image() string Extensions() []Extension Disk() (string, error) ExtraKernelArgs() []string Zero() bool LegacyBIOSSupport() bool WithBootloader() bool }
Install defines the requirements for a config that pertains to install related options.
type Kernel ¶
type Kernel interface {
Modules() []KernelModule
}
Kernel describes Talos Linux kernel configuration.
type KernelModule ¶
KernelModule describes Linux module to load.
type KubeSpan ¶
type KubeSpan interface { Enabled() bool ForceRouting() bool AdvertiseKubernetesNetworks() bool MTU() uint32 Filters() KubeSpanFilters }
KubeSpan configures KubeSpan feature.
type KubeSpanFilters ¶
type KubeSpanFilters interface {
Endpoints() []string
}
KubeSpanFilters configures KubeSpan filters.
type Kubelet ¶
type Kubelet interface { Image() string ClusterDNS() []string ExtraArgs() map[string]string ExtraMounts() []specs.Mount ExtraConfig() map[string]interface{} DefaultRuntimeSeccompProfileEnabled() bool RegisterWithFQDN() bool NodeIP() KubeletNodeIP SkipNodeRegistration() bool DisableManifestsDirectory() bool }
Kubelet defines the requirements for a config that pertains to kubelet related options.
type KubeletNodeIP ¶
type KubeletNodeIP interface {
ValidSubnets() []string
}
KubeletNodeIP defines the way node IPs are selected for the kubelet.
type KubernetesRegistry ¶
type KubernetesRegistry interface {
Enabled() bool
}
KubernetesRegistry describes Kubernetes discovery registry.
type KubernetesTalosAPIAccess ¶
type KubernetesTalosAPIAccess interface { Enabled() bool AllowedRoles() []string AllowedKubernetesNamespaces() []string }
KubernetesTalosAPIAccess describes the Kubernetes Talos API access features.
type Logging ¶
type Logging interface {
Destinations() []LoggingDestination
}
Logging describes logging configuration.
type LoggingDestination ¶
LoggingDestination describes logging destination.
type MachineConfig ¶
type MachineConfig interface { Install() Install Security() Security Network() MachineNetwork Disks() []Disk Time() Time Env() Env Files() ([]File, error) Type() machine.Type Controlplane() MachineControlPlane Pods() []map[string]interface{} Kubelet() Kubelet Sysctls() map[string]string Sysfs() map[string]string Registries() Registries SystemDiskEncryption() SystemDiskEncryption Features() Features Udev() UdevConfig Logging() Logging Kernel() Kernel SeccompProfiles() []SeccompProfile NodeLabels() NodeLabels }
MachineConfig defines the requirements for a config that pertains to machine related options.
type MachineControlPlane ¶
type MachineControlPlane interface { ControllerManager() MachineControllerManager Scheduler() MachineScheduler }
MachineControlPlane defines the requirements for a config that pertains to Controlplane related options.
type MachineControllerManager ¶
type MachineControllerManager interface {
Disabled() bool
}
MachineControllerManager defines the requirements for a config that pertains to ControllerManager related options.
type MachineNetwork ¶
type MachineNetwork interface { Hostname() string Resolvers() []string Devices() []Device ExtraHosts() []ExtraHost KubeSpan() KubeSpan DisableSearchDomain() bool }
MachineNetwork defines the requirements for a config that pertains to network related options.
type MachineScheduler ¶
type MachineScheduler interface {
Disabled() bool
}
MachineScheduler defines the requirements for a config that pertains to Scheduler related options.
type NetworkDeviceSelector ¶
type NetworkDeviceSelector interface { Bus() string HardwareAddress() string PCIID() string KernelDriver() string }
NetworkDeviceSelector defines the set of fields that can be used to pick network a device.
type NodeLabels ¶
NodeLabels defines the labels that should be set on a node.
type Provider ¶
type Provider interface { // Config parts accessor. Version() string Debug() bool Persist() bool Machine() MachineConfig Cluster() ClusterConfig // Validate checks configuration and returns warnings and fatal errors (as multierror). Validate(RuntimeMode, ...ValidationOption) ([]string, error) // Bytes returns source YAML representation (if available) or does default encoding. Bytes() ([]byte, error) // RedactSecrets returns a copy of the Provider with all secrets replaced with the given string. RedactSecrets(string) Provider // Encode configuration to YAML using the provided options. EncodeString(encoderOptions ...encoder.Option) (string, error) EncodeBytes(encoderOptions ...encoder.Option) ([]byte, error) // Raw returns internal config representation. Raw() interface{} }
Provider defines the configuration consumption interface.
type ProviderBundle ¶
type ProviderBundle interface { Init() Provider ControlPlane() Provider Worker() Provider TalosConfig() *clientconfig.Config }
ProviderBundle defines the configuration bundle interface.
type Proxy ¶
type Proxy interface { Enabled() bool Image() string // Mode indicates the proxy mode for kube-proxy. By default, this is `iptables`. Other options include `ipvs`. Mode() string // ExtraArgs describe an additional set of arguments to be supplied to the execution of `kube-proxy` ExtraArgs() map[string]string }
Proxy defines the requirements for a config that pertains to the kube-proxy options.
type Registries ¶
type Registries interface { // Mirror config by registry host (first part of image reference). Mirrors() map[string]RegistryMirrorConfig // Registry config (auth, TLS) by hostname. Config() map[string]RegistryConfig }
Registries defines the configuration for image fetching.
type Registry ¶
type Registry struct {
// contains filtered or unexported fields
}
Registry represents the provider registry.
type RegistryAuthConfig ¶
type RegistryAuthConfig interface { Username() string Password() string Auth() string IdentityToken() string }
RegistryAuthConfig specifies authentication configuration for a registry.
type RegistryConfig ¶
type RegistryConfig interface { TLS() RegistryTLSConfig Auth() RegistryAuthConfig }
RegistryConfig specifies auth & TLS config per registry.
type RegistryMirrorConfig ¶
RegistryMirrorConfig represents mirror configuration for a registry.
type RegistryTLSConfig ¶
type RegistryTLSConfig interface { ClientIdentity() *x509.PEMEncodedCertificateAndKey CA() []byte InsecureSkipVerify() bool GetTLSConfig() (*tls.Config, error) }
RegistryTLSConfig specifies TLS config for HTTPS registries.
type Route ¶
type Route interface { Network() string Gateway() string Source() string Metric() uint32 MTU() uint32 }
Route represents a network route.
type RuntimeMode ¶
RuntimeMode abstracts current runtime mode.
type STP ¶
type STP interface {
Enabled() bool
}
STP contains the Spanning Tree Protocol settings for a bridge.
type Scheduler ¶
type Scheduler interface { Image() string ExtraArgs() map[string]string ExtraVolumes() []VolumeMount Env() Env }
Scheduler defines the requirements for a config that pertains to scheduler related options.
type SeccompProfile ¶
SeccompProfile defines the requirements for a config that pertains to seccomp related options.
type Security ¶
type Security interface { CA() *x509.PEMEncodedCertificateAndKey Token() string CertSANs() []string }
Security defines the requirements for a config that pertains to security related options.
type ServiceRegistry ¶
ServiceRegistry describes external service discovery registry.
type SystemDiskEncryption ¶
type SystemDiskEncryption interface {
Get(label string) Encryption
}
SystemDiskEncryption accumulates settings for all system partitions encryption.
type Token ¶
Token defines the requirements for a config that pertains to Kubernetes bootstrap token.
type UdevConfig ¶
type UdevConfig interface {
Rules() []string
}
UdevConfig describes configuration for udev.
type VIPConfig ¶
type VIPConfig interface { IP() string EquinixMetal() VIPEquinixMetal HCloud() VIPHCloud }
VIPConfig contains settings for the Virtual (shared) IP setup.
type VIPEquinixMetal ¶
type VIPEquinixMetal interface {
APIToken() string
}
VIPEquinixMetal contains Equinix Metal API VIP settings.
type VIPHCloud ¶
type VIPHCloud interface {
APIToken() string
}
VIPHCloud contains Hetzner Cloud API VIP settings.
type ValidationOption ¶
type ValidationOption func(opts *ValidationOptions)
ValidationOption represents an additional validation parameter for the config Validate method.
type ValidationOptions ¶
type ValidationOptions struct { // Local should disable part of the validation flow which won't work on the host machine. Local bool // Strict mode returns warnings as errors. Strict bool }
ValidationOptions additional validation parameters for the config Validate method.
func NewValidationOptions ¶
func NewValidationOptions(options ...ValidationOption) *ValidationOptions
NewValidationOptions creates new validation options.
type VersionContract ¶
VersionContract describes Talos version to generate config for.
Config generation only supports backwards compatibility (e.g. Talos 0.9 can generate configs for Talos 0.9 and 0.8). Matching version of the machinery package is required to generate configs for the current version of Talos.
Nil value of *VersionContract always describes current version of Talos.
func ParseContractFromVersion ¶
func ParseContractFromVersion(version string) (*VersionContract, error)
ParseContractFromVersion parses Talos version into VersionContract.
func (*VersionContract) APIServerAuditPolicySupported ¶
func (contract *VersionContract) APIServerAuditPolicySupported() bool
APIServerAuditPolicySupported returns true if kube-apiserver custom audit policy is supported.
func (*VersionContract) ApidExtKeyUsageCheckEnabled ¶
func (contract *VersionContract) ApidExtKeyUsageCheckEnabled() bool
ApidExtKeyUsageCheckEnabled returns true if apid should check ext key usage of client certificates.
func (*VersionContract) ClusterDiscoveryEnabled ¶
func (contract *VersionContract) ClusterDiscoveryEnabled() bool
ClusterDiscoveryEnabled returns true if cluster discovery should be enabled by default.
func (*VersionContract) Greater ¶
func (contract *VersionContract) Greater(other *VersionContract) bool
Greater compares contract to another contract.
func (*VersionContract) KubeletDefaultRuntimeSeccompProfileEnabled ¶
func (contract *VersionContract) KubeletDefaultRuntimeSeccompProfileEnabled() bool
KubeletDefaultRuntimeSeccompProfileEnabled returns true if kubelet seccomp profile should be enabled by default.
func (*VersionContract) KubeletManifestsDirectoryDisabled ¶
func (contract *VersionContract) KubeletManifestsDirectoryDisabled() bool
KubeletManifestsDirectoryDisabled returns true if the manifests directory flag is supported.
func (*VersionContract) KubernetesAllowSchedulingOnControlPlanes ¶
func (contract *VersionContract) KubernetesAllowSchedulingOnControlPlanes() bool
KubernetesAllowSchedulingOnControlPlanes returns true if scheduling on control planes should be enabled by default.
func (*VersionContract) KubernetesAlternateImageRegistries ¶
func (contract *VersionContract) KubernetesAlternateImageRegistries() bool
KubernetesAlternateImageRegistries returns true if alternate image registries should be enabled by default. https://github.com/kubernetes/kubernetes/pull/109938
func (*VersionContract) KubernetesDiscoveryBackendDisabled ¶
func (contract *VersionContract) KubernetesDiscoveryBackendDisabled() bool
KubernetesDiscoveryBackendDisabled returns true if Kubernetes cluster discovery backend should be disabled by default.
func (*VersionContract) PodSecurityAdmissionEnabled ¶
func (contract *VersionContract) PodSecurityAdmissionEnabled() bool
PodSecurityAdmissionEnabled returns true if pod security admission should be enabled by default.
func (*VersionContract) PodSecurityPolicyEnabled ¶
func (contract *VersionContract) PodSecurityPolicyEnabled() bool
PodSecurityPolicyEnabled returns true if pod security policy should be enabled by default.
func (*VersionContract) SecretboxEncryptionSupported ¶
func (contract *VersionContract) SecretboxEncryptionSupported() bool
SecretboxEncryptionSupported returns true if encryption with secretbox is supported.
func (*VersionContract) StableHostnameEnabled ¶
func (contract *VersionContract) StableHostnameEnabled() bool
StableHostnameEnabled returns true if stable hostname generation should be enabled by default.
func (*VersionContract) SupportsAggregatorCA ¶
func (contract *VersionContract) SupportsAggregatorCA() bool
SupportsAggregatorCA returns true if version of Talos supports AggregatorCA in the config.
func (*VersionContract) SupportsDynamicCertSANs ¶
func (contract *VersionContract) SupportsDynamicCertSANs() bool
SupportsDynamicCertSANs returns true if version of Talos supports dynamic certificate generation with SANs provided from resources.
func (*VersionContract) SupportsECDSAKeys ¶
func (contract *VersionContract) SupportsECDSAKeys() bool
SupportsECDSAKeys returns true if version of Talos supports ECDSA keys (vs. RSA keys).
func (*VersionContract) SupportsECDSASHA256 ¶
func (contract *VersionContract) SupportsECDSASHA256() bool
SupportsECDSASHA256 returns true if version of Talos supports ECDSA-SHA256 for Kubernetes certificates.
func (*VersionContract) SupportsRBACFeature ¶
func (contract *VersionContract) SupportsRBACFeature() bool
SupportsRBACFeature returns true if version of Talos supports RBAC feature gate.
func (*VersionContract) SupportsServiceAccount ¶
func (contract *VersionContract) SupportsServiceAccount() bool
SupportsServiceAccount returns true if version of Talos supports ServiceAccount in the config.
type Vlan ¶
type Vlan interface { Addresses() []string Routes() []Route DHCP() bool ID() uint16 MTU() uint32 VIPConfig() VIPConfig DHCPOptions() DHCPOptions }
Vlan represents vlan settings for a device.
type VolumeMount ¶
VolumeMount describes extra volume mount for the static pods.
type WireguardConfig ¶
type WireguardConfig interface { PrivateKey() string ListenPort() int FirewallMark() int Peers() []WireguardPeer }
WireguardConfig contains settings for configuring Wireguard network interface.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package configloader provides methods to load Talos config.
|
Package configloader provides methods to load Talos config. |
Package configpatcher provides methods to patch Talos config.
|
Package configpatcher provides methods to patch Talos config. |
internal
|
|
types
|
|
v1alpha1
Package v1alpha1 configuration file contains all the options available for configuring a machine.
|
Package v1alpha1 configuration file contains all the options available for configuring a machine. |
v1alpha1/generate
Package generate provides Talos machine configuration generation and client config generation.
|
Package generate provides Talos machine configuration generation and client config generation. |