Documentation
¶
Overview ¶
Package talos implements safe Talos API PKI rotation for the cluster.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Rotate ¶
Rotate rotates the Talos API PKI.
The process overview:
- fetch current information
- verify connectivity with the existing PKI
- add new Talos CA as accepted
- verify connectivity with the intermediate PKI
- make new CA issuing, old CA is still accepted
- verify connectivity with the new PKI
- remove old Talos CA
- verify connectivity with the new PKI.
Types ¶
type Options ¶
type Options struct {
// DryRun is the flag to enable dry-run mode.
//
// In dry-run mode, the rotation process will not make any changes to the cluster.
DryRun bool
// CurrentClient is a Talos client for the existing PKI.
CurrentClient *client.Client
// ClusterInfo provides information about cluster topology.
ClusterInfo cluster.Info
// ContextName is the context name for the 'talosconfig'.
ContextName string
// Endpoints is the list of endpoints for the 'talosconfig'.
Endpoints []string
// NewTalosCA is the new CA for Talos API.
NewTalosCA *x509.PEMEncodedCertificateAndKey
// EncoderOption is the option for encoding machine configuration (while patching).
EncoderOption encoder.Option
// Printf is the function used to print messages.
Printf func(format string, args ...any)
}
Options is the input to the Talos API rotation process.
Source Files
Click to show internal directories.
Click to hide internal directories.