Currently a work in progress, but this repo will be refactored to be a consumable module to deploy a Talos Linux Kubernetes cluster.
NB - This module by default uses local state. However, when using this module, you should use a version of remote state that supports encryption since the kubeconfig and talosconfig are sensitive. Not doing so is essentially leaking credentials. The other consideration is the ``talos_machine_secrets` resource. I need to research more, but likely is also sensitive and subject to the same considerations.
- adding
cilium_enable = trueto your config will install Cilium CNI via the Helm Provider. Note that currently, lifecycle is set to:
lifecycle {
prevent_destroy = false
ignore_changes = all
}- This is because I will be managing my Cilium lifecycle in
fluxcd.
| Name | Version |
|---|---|
| helm | 2.12.1 |
| libvirt | >= 0.8.1 |
| random | >= 3.6.3 |
| talos | >= 0.7.0 |
| tls | >= 4.0.6 |
| Name | Version |
|---|---|
| libvirt | >= 0.8.1 |
| talos | >= 0.7.0 |
| Name | Source | Version |
|---|---|---|
| cilium | ./modules/cilium | n/a |
| Name | Type |
|---|---|
| libvirt_domain.cp | resource |
| libvirt_domain.wk | resource |
| libvirt_network.kvm_network | resource |
| libvirt_volume.cp | resource |
| libvirt_volume.wk | resource |
| talos_cluster_kubeconfig.this | resource |
| talos_machine_bootstrap.this | resource |
| talos_machine_configuration_apply.controlplane | resource |
| talos_machine_configuration_apply.worker | resource |
| talos_machine_secrets.this | resource |
| talos_client_configuration.this | data source |
| talos_machine_configuration.controlplane | data source |
| talos_machine_configuration.worker | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cilium_enable | Enable Cilium | bool |
false |
no |
| cilium_lb_first_ip | The first IP address for the Cilium Load Balancer | number |
100 |
no |
| cilium_lb_last_ip | The last IP address for the Cilium Load Balancer | number |
150 |
no |
| cilium_version | n/a | string |
"1.9.1" |
no |
| cluster_endpoint | The virtual IP (VIP) endpoint of the Kubernetes API server. Ensure it is synchronized with the 'cluster_vip' variable. | string |
"https://172.16.16.10:6443" |
no |
| cluster_name | The name of the K8s cluster | string |
"blackhole" |
no |
| cluster_vip | The virtual IP (VIP) address of the Kubernetes API server. Ensure it is synchronized with the 'cluster_endpoint' variable. | string |
"192.168.1.79" |
no |
| config_patch_files | Path to talos config path files that applies to all nodes | list(string) |
[] |
no |
| cp_count | The number of control plane nodes | number |
3 |
no |
| cp_disk_size | The size (GB) of the disk for the control plane nodes | number |
20 |
no |
| cp_first_ip | The first IP address for the control plane nodes | number |
10 |
no |
| cp_memory | The amount (GB) of memory for the control plane nodes | number |
2 |
no |
| cp_suffix | The suffix for the control plane nodes hostnames | string |
"cp" |
no |
| cp_vcpus | The number of vCPUs for the control plane nodes | number |
2 |
no |
| install_disk | The disk to install Talos on | string |
n/a | yes |
| iso_path | The path to the Talos ISO | string |
"/var/lib/libvirt/images/metal-amd64.iso" |
no |
| kubernetes_version | see https://github.com/siderolabs/kubelet/pkgs/container/kubelet https://www.talos.dev/v1.9/introduction/support-matrix/ https://kubernetes.io/releases/ see https://github.com/siderolabs/talos/releases | string |
"1.31.3" |
no |
| kvm_cidr | The CIDR for the KVM network | number |
24 |
no |
| kvm_network_type | The network type for the KVM network (route, nat are supported) | string |
"nat" |
no |
| kvm_subnet | The subnet for the KVM network | string |
"172.16.16" |
no |
| talos_factory_hash | talos factory hash | string |
"dc7b152cb3ea99b821fcb7340ce7168313ce393d663740b791c36f6e95fc8586" |
no |
| talos_factory_installer_base_url | talos factory image base url | string |
"factory.talos.dev/installer/" |
no |
| talos_version | https://www.talos.dev/v1.9/introduction/support-matrix/ https://kubernetes.io/releases/ see https://github.com/siderolabs/talos/releases | string |
"1.9.1" |
no |
| wk_count | The number of worker nodes | number |
2 |
no |
| wk_disk_size | The size (GB) of the disk for the worker nodes | number |
20 |
no |
| wk_first_ip | The first IP address for the worker nodes | number |
20 |
no |
| wk_memory | The amount (GB) of memory for the worker nodes | number |
2 |
no |
| wk_suffix | The suffix for the worker nodes hostnames | string |
"wk" |
no |
| wk_vcpus | The number of vCPUs for the worker nodes | number |
2 |
no |
| Name | Description |
|---|---|
| kubeconfig | n/a |
| talosconfig | n/a |
flowchart TD
subgraph Terraform
data_talos_client_configuration_this["data.talos_client_configuration.this"]
data_talos_machine_configuration_controlplane["data.talos_machine_configuration.controlplane"]
data_talos_machine_configuration_worker["data.talos_machine_configuration.worker"]
libvirt_domain_cp["libvirt_domain.cp"]
libvirt_domain_wk["libvirt_domain.wk"]
libvirt_network_kvm_network["libvirt_network.kvm_network"]
libvirt_volume_cp["libvirt_volume.cp"]
libvirt_volume_wk["libvirt_volume.wk"]
talos_cluster_kubeconfig_this["talos_cluster_kubeconfig.this"]
talos_machine_bootstrap_this["talos_machine_bootstrap.this"]
talos_machine_configuration_apply_controlplane["talos_machine_configuration_apply.controlplane"]
talos_machine_configuration_apply_worker["talos_machine_configuration_apply.worker"]
talos_machine_secrets_this["talos_machine_secrets.this"]
module_cilium_helm_release_cilium["helm_release.cilium"]
end
data_talos_client_configuration_this --> talos_machine_secrets_this
data_talos_machine_configuration_controlplane --> talos_machine_secrets_this
data_talos_machine_configuration_worker --> talos_machine_secrets_this
libvirt_domain_cp --> libvirt_volume_cp
libvirt_domain_wk --> libvirt_volume_wk
talos_cluster_kubeconfig_this --> talos_machine_secrets_this
talos_machine_bootstrap_this --> talos_machine_secrets_this
talos_machine_configuration_apply_controlplane --> data_talos_machine_configuration_controlplane
talos_machine_configuration_apply_worker --> data_talos_machine_configuration_worker
module_cilium_helm_release_cilium --> talos_machine_bootstrap_this
terraform output -raw talosconfig > talosconfigterraform output -raw kubeconfig > kubeconfigtalosctl --talosconfig=talosconfig -e [primary cp node ip] -n [primary cp node ip] dmesgtalosctl --talosconfig=talosconfig -e 172.16.200.10 -n 172.16.200.10 dmesg
kubectl get nodes --kubeconfig=kubeconfig
- Talos Factory page
Your image schematic ID is: dc7b152cb3ea99b821fcb7340ce7168313ce393d663740b791c36f6e95fc8586
customization:
systemExtensions:
officialExtensions:
- siderolabs/iscsi-tools
- siderolabs/qemu-guest-agentHere are the options for the initial boot of Talos Linux on Nocloud:
Disk Image
ISO
PXE boot (iPXE script)
For the initial installation of Talos Linux (not applicable for disk image boot), add the following installer image to the machine configuration: factory.talos.dev/installer/dc7b152cb3ea99b821fcb7340ce7168313ce393d663740b791c36f6e95fc8586:v1.9.1
To upgrade Talos Linux on the machine, use the following image: factory.talos.dev/installer/dc7b152cb3ea99b821fcb7340ce7168313ce393d663740b791c36f6e95fc8586:v1.9.1