config

package
v1.4.0-beta.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 11, 2023 License: MPL-2.0 Imports: 15 Imported by: 11

Documentation

Overview

Package config provides methods to generate and consume Talos configuration.

Package config provides methods to generate and consume Talos configuration.

Index

Constants

This section is empty.

Variables

View Source
var (
	TalosVersionCurrent = (*VersionContract)(nil)
	TalosVersion1_4     = &VersionContract{1, 4}
	TalosVersion1_3     = &VersionContract{1, 3}
	TalosVersion1_2     = &VersionContract{1, 2}
	TalosVersion1_1     = &VersionContract{1, 1}
	TalosVersion1_0     = &VersionContract{1, 0}
	TalosVersion0_14    = &VersionContract{0, 14}
	TalosVersion0_13    = &VersionContract{0, 13}
	TalosVersion0_12    = &VersionContract{0, 12}
	TalosVersion0_11    = &VersionContract{0, 11}
	TalosVersion0_10    = &VersionContract{0, 10}
	TalosVersion0_9     = &VersionContract{0, 9}
	TalosVersion0_8     = &VersionContract{0, 8}
)

Well-known Talos version contracts.

View Source
var (
	// ErrNotRegistered indicates that the manifest kind is not registered.
	ErrNotRegistered = errors.New("not registered")
	// ErrExists indicates that the manifest is already registered.
	ErrExists = errors.New("exists")
)

Functions

func New

func New(kind, version string) (interface{}, error)

New creates a new instance of the requested manifest.

func Register

func Register(kind string, f func(version string) interface{})

Register registers a manifests with the registry.

Types

type APIServer

type APIServer interface {
	Image() string
	ExtraArgs() map[string]string
	ExtraVolumes() []VolumeMount
	Env() Env
	DisablePodSecurityPolicy() bool
	AdmissionControl() []AdmissionPlugin
	AuditPolicy() map[string]interface{}
}

APIServer defines the requirements for a config that pertains to apiserver related options.

type AdminKubeconfig

type AdminKubeconfig interface {
	CommonName() string
	CertOrganization() string
	CertLifetime() time.Duration
}

AdminKubeconfig defines settings for admin kubeconfig.

type AdmissionPlugin

type AdmissionPlugin interface {
	Name() string
	Configuration() map[string]interface{}
}

AdmissionPlugin defines the API server Admission Plugin configuration.

type Bond

type Bond interface {
	Interfaces() []string
	Selectors() []NetworkDeviceSelector
	ARPIPTarget() []string
	Mode() string
	HashPolicy() string
	LACPRate() string
	ADActorSystem() string
	ARPValidate() string
	ARPAllTargets() string
	Primary() string
	PrimaryReselect() string
	FailOverMac() string
	ADSelect() string
	MIIMon() uint32
	UpDelay() uint32
	DownDelay() uint32
	ARPInterval() uint32
	ResendIGMP() uint32
	MinLinks() uint32
	LPInterval() uint32
	PacketsPerSlave() uint32
	NumPeerNotif() uint8
	TLBDynamicLB() uint8
	AllSlavesActive() uint8
	UseCarrier() bool
	ADActorSysPrio() uint16
	ADUserPortKey() uint16
	PeerNotifyDelay() uint32
}

Bond contains the various options for configuring a bonded interface.

type Bridge

type Bridge interface {
	Interfaces() []string
	STP() STP
}

Bridge contains the options for configuring a bridged interface.

type CNI

type CNI interface {
	Name() string
	URLs() []string
}

CNI defines the requirements for a config that pertains to Kubernetes cni.

type ClusterConfig

type ClusterConfig interface {
	ID() string
	Name() string
	Secret() string
	APIServer() APIServer
	ControllerManager() ControllerManager
	Proxy() Proxy
	Scheduler() Scheduler
	Endpoint() *url.URL
	Token() Token
	CertSANs() []string
	CA() *x509.PEMEncodedCertificateAndKey
	AggregatorCA() *x509.PEMEncodedCertificateAndKey
	ServiceAccount() *x509.PEMEncodedKey
	AESCBCEncryptionSecret() string
	SecretboxEncryptionSecret() string
	Config(machine.Type) (string, error)
	Etcd() Etcd
	Network() ClusterNetwork
	LocalAPIServerPort() int
	CoreDNS() CoreDNS
	// ExternalCloudProvider returns external cloud provider settings.
	ExternalCloudProvider() ExternalCloudProvider
	ExtraManifestURLs() []string
	ExtraManifestHeaderMap() map[string]string
	InlineManifests() []InlineManifest
	AdminKubeconfig() AdminKubeconfig
	ScheduleOnControlPlanes() bool
	Discovery() Discovery
}

ClusterConfig defines the requirements for a config that pertains to cluster related options.

type ClusterNetwork

type ClusterNetwork interface {
	CNI() CNI
	PodCIDRs() []string
	ServiceCIDRs() []string
	DNSDomain() string
	// APIServerIPs returns kube-apiserver IPs in the ServiceCIDR.
	APIServerIPs() ([]netip.Addr, error)
	// DNSServiceIPs returns DNS service IPs in the ServiceCIDR.
	DNSServiceIPs() ([]netip.Addr, error)
}

ClusterNetwork defines the requirements for a config that pertains to cluster network options.

type ControllerManager

type ControllerManager interface {
	Image() string
	ExtraArgs() map[string]string
	ExtraVolumes() []VolumeMount
	Env() Env
}

ControllerManager defines the requirements for a config that pertains to controller manager related options.

type CoreDNS

type CoreDNS interface {
	Enabled() bool
	Image() string
}

CoreDNS defines the requirements for a config that pertains to CoreDNS coredns options.

type DHCPOptions

type DHCPOptions interface {
	RouteMetric() uint32
	IPv4() bool
	IPv6() bool
	DUIDv6() string
}

DHCPOptions represents a set of DHCP options.

type Device

type Device interface {
	Interface() string
	Addresses() []string
	Routes() []Route
	Bond() Bond
	Bridge() Bridge
	Vlans() []Vlan
	MTU() int
	DHCP() bool
	Ignore() bool
	Dummy() bool
	DHCPOptions() DHCPOptions
	VIPConfig() VIPConfig
	WireguardConfig() WireguardConfig
	Selector() NetworkDeviceSelector
}

Device represents a network interface.

type Discovery

type Discovery interface {
	Enabled() bool
	Registries() DiscoveryRegistries
}

Discovery describes cluster membership discovery.

type DiscoveryRegistries

type DiscoveryRegistries interface {
	Kubernetes() KubernetesRegistry
	Service() ServiceRegistry
}

DiscoveryRegistries describes discovery methods.

type Disk

type Disk interface {
	Device() string
	Partitions() []Partition
}

Disk represents the options available for partitioning, formatting, and mounting extra disks.

type Encryption

type Encryption interface {
	Kind() string
	Cipher() string
	KeySize() uint
	BlockSize() uint64
	Options() []string
	Keys() []EncryptionKey
}

Encryption defines settings for the partition encryption.

type EncryptionKey

type EncryptionKey interface {
	Static() EncryptionKeyStatic
	NodeID() EncryptionKeyNodeID
	Slot() int
}

EncryptionKey defines settings for the partition encryption key handling.

type EncryptionKeyNodeID

type EncryptionKeyNodeID interface{}

EncryptionKeyNodeID deterministically generated encryption key.

type EncryptionKeyStatic

type EncryptionKeyStatic interface {
	Key() []byte
}

EncryptionKeyStatic ephemeral encryption key.

type Env

type Env = map[string]string

Env represents a set of environment variables.

type Etcd

type Etcd interface {
	Image() string
	CA() *x509.PEMEncodedCertificateAndKey
	ExtraArgs() map[string]string
	AdvertisedSubnets() []string
	ListenSubnets() []string
}

Etcd defines the requirements for a config that pertains to etcd related options.

type Extension

type Extension interface {
	Image() string
}

Extension defines the system extension.

type ExternalCloudProvider

type ExternalCloudProvider interface {
	// Enabled returns true if external cloud provider is enabled.
	Enabled() bool
	// ManifestURLs returns external cloud provider manifest URLs if it is enabled.
	ManifestURLs() []string
}

ExternalCloudProvider defines settings for external cloud provider.

type ExtraHost

type ExtraHost interface {
	IP() string
	Aliases() []string
}

ExtraHost represents a host entry in /etc/hosts.

type Features

type Features interface {
	RBACEnabled() bool
	StableHostnameEnabled() bool
	KubernetesTalosAPIAccess() KubernetesTalosAPIAccess
	ApidCheckExtKeyUsageEnabled() bool
}

Features describe individual Talos features that can be switched on or off.

type File

type File interface {
	Content() string
	Permissions() os.FileMode
	Path() string
	Op() string
}

File represents a file to write to disk.

type InlineManifest

type InlineManifest interface {
	Name() string
	Contents() string
}

InlineManifest describes inline manifest for the cluster boostrap.

type Install

type Install interface {
	Image() string
	Extensions() []Extension
	Disk() (string, error)
	ExtraKernelArgs() []string
	Zero() bool
	LegacyBIOSSupport() bool
	WithBootloader() bool
}

Install defines the requirements for a config that pertains to install related options.

type Kernel

type Kernel interface {
	Modules() []KernelModule
}

Kernel describes Talos Linux kernel configuration.

type KernelModule

type KernelModule interface {
	Name() string
	Parameters() []string
}

KernelModule describes Linux module to load.

type KubeSpan

type KubeSpan interface {
	Enabled() bool
	ForceRouting() bool
	AdvertiseKubernetesNetworks() bool
	MTU() uint32
	Filters() KubeSpanFilters
}

KubeSpan configures KubeSpan feature.

type KubeSpanFilters

type KubeSpanFilters interface {
	Endpoints() []string
}

KubeSpanFilters configures KubeSpan filters.

type Kubelet

type Kubelet interface {
	Image() string
	ClusterDNS() []string
	ExtraArgs() map[string]string
	ExtraMounts() []specs.Mount
	ExtraConfig() map[string]interface{}
	DefaultRuntimeSeccompProfileEnabled() bool
	RegisterWithFQDN() bool
	NodeIP() KubeletNodeIP
	SkipNodeRegistration() bool
	DisableManifestsDirectory() bool
}

Kubelet defines the requirements for a config that pertains to kubelet related options.

type KubeletNodeIP

type KubeletNodeIP interface {
	ValidSubnets() []string
}

KubeletNodeIP defines the way node IPs are selected for the kubelet.

type KubernetesRegistry

type KubernetesRegistry interface {
	Enabled() bool
}

KubernetesRegistry describes Kubernetes discovery registry.

type KubernetesTalosAPIAccess

type KubernetesTalosAPIAccess interface {
	Enabled() bool
	AllowedRoles() []string
	AllowedKubernetesNamespaces() []string
}

KubernetesTalosAPIAccess describes the Kubernetes Talos API access features.

type Logging

type Logging interface {
	Destinations() []LoggingDestination
}

Logging describes logging configuration.

type LoggingDestination

type LoggingDestination interface {
	Endpoint() *url.URL
	Format() string
}

LoggingDestination describes logging destination.

type MachineConfig

type MachineConfig interface {
	Install() Install
	Security() Security
	Network() MachineNetwork
	Disks() []Disk
	Time() Time
	Env() Env
	Files() ([]File, error)
	Type() machine.Type
	Controlplane() MachineControlPlane
	Pods() []map[string]interface{}
	Kubelet() Kubelet
	Sysctls() map[string]string
	Sysfs() map[string]string
	Registries() Registries
	SystemDiskEncryption() SystemDiskEncryption
	Features() Features
	Udev() UdevConfig
	Logging() Logging
	Kernel() Kernel
	SeccompProfiles() []SeccompProfile
	NodeLabels() NodeLabels
}

MachineConfig defines the requirements for a config that pertains to machine related options.

type MachineControlPlane

type MachineControlPlane interface {
	ControllerManager() MachineControllerManager
	Scheduler() MachineScheduler
}

MachineControlPlane defines the requirements for a config that pertains to Controlplane related options.

type MachineControllerManager

type MachineControllerManager interface {
	Disabled() bool
}

MachineControllerManager defines the requirements for a config that pertains to ControllerManager related options.

type MachineNetwork

type MachineNetwork interface {
	Hostname() string
	Resolvers() []string
	Devices() []Device
	ExtraHosts() []ExtraHost
	KubeSpan() KubeSpan
	DisableSearchDomain() bool
}

MachineNetwork defines the requirements for a config that pertains to network related options.

type MachineScheduler

type MachineScheduler interface {
	Disabled() bool
}

MachineScheduler defines the requirements for a config that pertains to Scheduler related options.

type NetworkDeviceSelector

type NetworkDeviceSelector interface {
	Bus() string
	HardwareAddress() string
	PCIID() string
	KernelDriver() string
}

NetworkDeviceSelector defines the set of fields that can be used to pick network a device.

type NodeLabels

type NodeLabels map[string]string

NodeLabels defines the labels that should be set on a node.

type Partition

type Partition interface {
	Size() uint64
	MountPoint() string
}

Partition represents the options for a device partition.

type Provider

type Provider interface {
	// Config parts accessor.
	Version() string
	Debug() bool
	Persist() bool
	Machine() MachineConfig
	Cluster() ClusterConfig

	// Validate checks configuration and returns warnings and fatal errors (as multierror).
	Validate(RuntimeMode, ...ValidationOption) ([]string, error)

	// Bytes returns source YAML representation (if available) or does default encoding.
	Bytes() ([]byte, error)

	// RedactSecrets returns a copy of the Provider with all secrets replaced with the given string.
	RedactSecrets(string) Provider

	// Encode configuration to YAML using the provided options.
	EncodeString(encoderOptions ...encoder.Option) (string, error)
	EncodeBytes(encoderOptions ...encoder.Option) ([]byte, error)

	// Raw returns internal config representation.
	Raw() interface{}
}

Provider defines the configuration consumption interface.

type ProviderBundle

type ProviderBundle interface {
	Init() Provider
	ControlPlane() Provider
	Worker() Provider
	TalosConfig() *clientconfig.Config
}

ProviderBundle defines the configuration bundle interface.

type Proxy

type Proxy interface {
	Enabled() bool

	Image() string

	// Mode indicates the proxy mode for kube-proxy.  By default, this is `iptables`.  Other options include `ipvs`.
	Mode() string

	// ExtraArgs describe an additional set of arguments to be supplied to the execution of `kube-proxy`
	ExtraArgs() map[string]string
}

Proxy defines the requirements for a config that pertains to the kube-proxy options.

type Registries

type Registries interface {
	// Mirror config by registry host (first part of image reference).
	Mirrors() map[string]RegistryMirrorConfig
	// Registry config (auth, TLS) by hostname.
	Config() map[string]RegistryConfig
}

Registries defines the configuration for image fetching.

type Registry

type Registry struct {
	// contains filtered or unexported fields
}

Registry represents the provider registry.

type RegistryAuthConfig

type RegistryAuthConfig interface {
	Username() string
	Password() string
	Auth() string
	IdentityToken() string
}

RegistryAuthConfig specifies authentication configuration for a registry.

type RegistryConfig

type RegistryConfig interface {
	TLS() RegistryTLSConfig
	Auth() RegistryAuthConfig
}

RegistryConfig specifies auth & TLS config per registry.

type RegistryMirrorConfig

type RegistryMirrorConfig interface {
	Endpoints() []string
	OverridePath() bool
}

RegistryMirrorConfig represents mirror configuration for a registry.

type RegistryTLSConfig

type RegistryTLSConfig interface {
	ClientIdentity() *x509.PEMEncodedCertificateAndKey
	CA() []byte
	InsecureSkipVerify() bool
	GetTLSConfig() (*tls.Config, error)
}

RegistryTLSConfig specifies TLS config for HTTPS registries.

type Route

type Route interface {
	Network() string
	Gateway() string
	Source() string
	Metric() uint32
	MTU() uint32
}

Route represents a network route.

type RuntimeMode

type RuntimeMode interface {
	fmt.Stringer
	RequiresInstall() bool
}

RuntimeMode abstracts current runtime mode.

type STP

type STP interface {
	Enabled() bool
}

STP contains the Spanning Tree Protocol settings for a bridge.

type Scheduler

type Scheduler interface {
	Image() string
	ExtraArgs() map[string]string
	ExtraVolumes() []VolumeMount
	Env() Env
}

Scheduler defines the requirements for a config that pertains to scheduler related options.

type SeccompProfile

type SeccompProfile interface {
	Name() string
	Value() map[string]interface{}
}

SeccompProfile defines the requirements for a config that pertains to seccomp related options.

type Security

type Security interface {
	CA() *x509.PEMEncodedCertificateAndKey
	Token() string
	CertSANs() []string
}

Security defines the requirements for a config that pertains to security related options.

type ServiceRegistry

type ServiceRegistry interface {
	Enabled() bool
	Endpoint() string
}

ServiceRegistry describes external service discovery registry.

type SystemDiskEncryption

type SystemDiskEncryption interface {
	Get(label string) Encryption
}

SystemDiskEncryption accumulates settings for all system partitions encryption.

type Time

type Time interface {
	Disabled() bool
	Servers() []string
	BootTimeout() time.Duration
}

Time defines the requirements for a config that pertains to time related options.

type Token

type Token interface {
	ID() string
	Secret() string
}

Token defines the requirements for a config that pertains to Kubernetes bootstrap token.

type UdevConfig

type UdevConfig interface {
	Rules() []string
}

UdevConfig describes configuration for udev.

type VIPConfig

type VIPConfig interface {
	IP() string
	EquinixMetal() VIPEquinixMetal
	HCloud() VIPHCloud
}

VIPConfig contains settings for the Virtual (shared) IP setup.

type VIPEquinixMetal

type VIPEquinixMetal interface {
	APIToken() string
}

VIPEquinixMetal contains Equinix Metal API VIP settings.

type VIPHCloud

type VIPHCloud interface {
	APIToken() string
}

VIPHCloud contains Hetzner Cloud API VIP settings.

type ValidationOption

type ValidationOption func(opts *ValidationOptions)

ValidationOption represents an additional validation parameter for the config Validate method.

func WithLocal

func WithLocal() ValidationOption

WithLocal enables local flag.

func WithStrict

func WithStrict() ValidationOption

WithStrict enables strict flag.

type ValidationOptions

type ValidationOptions struct {
	// Local should disable part of the validation flow which won't work on the host machine.
	Local bool
	// Strict mode returns warnings as errors.
	Strict bool
}

ValidationOptions additional validation parameters for the config Validate method.

func NewValidationOptions

func NewValidationOptions(options ...ValidationOption) *ValidationOptions

NewValidationOptions creates new validation options.

type VersionContract

type VersionContract struct {
	Major int
	Minor int
}

VersionContract describes Talos version to generate config for.

Config generation only supports backwards compatibility (e.g. Talos 0.9 can generate configs for Talos 0.9 and 0.8). Matching version of the machinery package is required to generate configs for the current version of Talos.

Nil value of *VersionContract always describes current version of Talos.

func ParseContractFromVersion

func ParseContractFromVersion(version string) (*VersionContract, error)

ParseContractFromVersion parses Talos version into VersionContract.

func (*VersionContract) APIServerAuditPolicySupported

func (contract *VersionContract) APIServerAuditPolicySupported() bool

APIServerAuditPolicySupported returns true if kube-apiserver custom audit policy is supported.

func (*VersionContract) ApidExtKeyUsageCheckEnabled

func (contract *VersionContract) ApidExtKeyUsageCheckEnabled() bool

ApidExtKeyUsageCheckEnabled returns true if apid should check ext key usage of client certificates.

func (*VersionContract) ClusterDiscoveryEnabled

func (contract *VersionContract) ClusterDiscoveryEnabled() bool

ClusterDiscoveryEnabled returns true if cluster discovery should be enabled by default.

func (*VersionContract) Greater

func (contract *VersionContract) Greater(other *VersionContract) bool

Greater compares contract to another contract.

func (*VersionContract) KubeletDefaultRuntimeSeccompProfileEnabled

func (contract *VersionContract) KubeletDefaultRuntimeSeccompProfileEnabled() bool

KubeletDefaultRuntimeSeccompProfileEnabled returns true if kubelet seccomp profile should be enabled by default.

func (*VersionContract) KubeletManifestsDirectoryDisabled

func (contract *VersionContract) KubeletManifestsDirectoryDisabled() bool

KubeletManifestsDirectoryDisabled returns true if the manifests directory flag is supported.

func (*VersionContract) KubernetesAllowSchedulingOnControlPlanes

func (contract *VersionContract) KubernetesAllowSchedulingOnControlPlanes() bool

KubernetesAllowSchedulingOnControlPlanes returns true if scheduling on control planes should be enabled by default.

func (*VersionContract) KubernetesAlternateImageRegistries

func (contract *VersionContract) KubernetesAlternateImageRegistries() bool

KubernetesAlternateImageRegistries returns true if alternate image registries should be enabled by default. https://github.com/kubernetes/kubernetes/pull/109938

func (*VersionContract) KubernetesDiscoveryBackendDisabled

func (contract *VersionContract) KubernetesDiscoveryBackendDisabled() bool

KubernetesDiscoveryBackendDisabled returns true if Kubernetes cluster discovery backend should be disabled by default.

func (*VersionContract) PodSecurityAdmissionEnabled

func (contract *VersionContract) PodSecurityAdmissionEnabled() bool

PodSecurityAdmissionEnabled returns true if pod security admission should be enabled by default.

func (*VersionContract) PodSecurityPolicyEnabled

func (contract *VersionContract) PodSecurityPolicyEnabled() bool

PodSecurityPolicyEnabled returns true if pod security policy should be enabled by default.

func (*VersionContract) SecretboxEncryptionSupported

func (contract *VersionContract) SecretboxEncryptionSupported() bool

SecretboxEncryptionSupported returns true if encryption with secretbox is supported.

func (*VersionContract) StableHostnameEnabled

func (contract *VersionContract) StableHostnameEnabled() bool

StableHostnameEnabled returns true if stable hostname generation should be enabled by default.

func (*VersionContract) SupportsAggregatorCA

func (contract *VersionContract) SupportsAggregatorCA() bool

SupportsAggregatorCA returns true if version of Talos supports AggregatorCA in the config.

func (*VersionContract) SupportsDynamicCertSANs

func (contract *VersionContract) SupportsDynamicCertSANs() bool

SupportsDynamicCertSANs returns true if version of Talos supports dynamic certificate generation with SANs provided from resources.

func (*VersionContract) SupportsECDSAKeys

func (contract *VersionContract) SupportsECDSAKeys() bool

SupportsECDSAKeys returns true if version of Talos supports ECDSA keys (vs. RSA keys).

func (*VersionContract) SupportsECDSASHA256

func (contract *VersionContract) SupportsECDSASHA256() bool

SupportsECDSASHA256 returns true if version of Talos supports ECDSA-SHA256 for Kubernetes certificates.

func (*VersionContract) SupportsRBACFeature

func (contract *VersionContract) SupportsRBACFeature() bool

SupportsRBACFeature returns true if version of Talos supports RBAC feature gate.

func (*VersionContract) SupportsServiceAccount

func (contract *VersionContract) SupportsServiceAccount() bool

SupportsServiceAccount returns true if version of Talos supports ServiceAccount in the config.

type Vlan

type Vlan interface {
	Addresses() []string
	Routes() []Route
	DHCP() bool
	ID() uint16
	MTU() uint32
	VIPConfig() VIPConfig
	DHCPOptions() DHCPOptions
}

Vlan represents vlan settings for a device.

type VolumeMount

type VolumeMount interface {
	Name() string
	HostPath() string
	MountPath() string
	ReadOnly() bool
}

VolumeMount describes extra volume mount for the static pods.

type WireguardConfig

type WireguardConfig interface {
	PrivateKey() string
	ListenPort() int
	FirewallMark() int
	Peers() []WireguardPeer
}

WireguardConfig contains settings for configuring Wireguard network interface.

type WireguardPeer

type WireguardPeer interface {
	PublicKey() string
	Endpoint() string
	PersistentKeepaliveInterval() time.Duration
	AllowedIPs() []string
}

WireguardPeer a WireGuard device peer configuration.

Directories

Path Synopsis
Package configloader provides methods to load Talos config.
Package configloader provides methods to load Talos config.
Package configpatcher provides methods to patch Talos config.
Package configpatcher provides methods to patch Talos config.
internal
cis
types
v1alpha1
Package v1alpha1 configuration file contains all the options available for configuring a machine.
Package v1alpha1 configuration file contains all the options available for configuring a machine.
v1alpha1/generate
Package generate provides Talos machine configuration generation and client config generation.
Package generate provides Talos machine configuration generation and client config generation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL