This is the multi-page printable view of this section. Click here to print.
Reference
- 1: API
- 2: CLI
- 3: Configuration
- 3.1: block
- 3.1.1: VolumeConfig
- 3.2: extensions
- 3.2.1: ExtensionServiceConfig
- 3.3: network
- 3.3.1: KubeSpanEndpointsConfig
- 3.3.2: NetworkDefaultActionConfig
- 3.3.3: NetworkRuleConfig
- 3.4: runtime
- 3.4.1: EventSinkConfig
- 3.4.2: KmsgLogConfig
- 3.4.3: WatchdogTimerConfig
- 3.5: security
- 3.5.1: TrustedRootsConfig
- 3.6: siderolink
- 3.6.1: SideroLinkConfig
- 3.7: v1alpha1
- 3.7.1: Config
- 4: Kernel
1 - API
Table of Contents
resource/definitions/enums/enums.proto
- BlockEncryptionKeyType
- BlockEncryptionProviderType
- BlockFilesystemType
- BlockVolumePhase
- BlockVolumeType
- KubespanPeerState
- MachineType
- NethelpersADSelect
- NethelpersARPAllTargets
- NethelpersARPValidate
- NethelpersAddressFlag
- NethelpersBondMode
- NethelpersBondXmitHashPolicy
- NethelpersConntrackState
- NethelpersDuplex
- NethelpersFailOverMAC
- NethelpersFamily
- NethelpersLACPRate
- NethelpersLinkType
- NethelpersMatchOperator
- NethelpersNfTablesChainHook
- NethelpersNfTablesChainPriority
- NethelpersNfTablesVerdict
- NethelpersOperationalState
- NethelpersPort
- NethelpersPrimaryReselect
- NethelpersProtocol
- NethelpersRouteFlag
- NethelpersRouteProtocol
- NethelpersRouteType
- NethelpersRoutingTable
- NethelpersScope
- NethelpersVLANProtocol
- NetworkConfigLayer
- NetworkOperator
- RuntimeMachineStage
resource/definitions/k8s/k8s.proto
- APIServerConfigSpec
- APIServerConfigSpec.EnvironmentVariablesEntry
- APIServerConfigSpec.ExtraArgsEntry
- AdmissionControlConfigSpec
- AdmissionPluginSpec
- AuditPolicyConfigSpec
- BootstrapManifestsConfigSpec
- ConfigStatusSpec
- ControllerManagerConfigSpec
- ControllerManagerConfigSpec.EnvironmentVariablesEntry
- ControllerManagerConfigSpec.ExtraArgsEntry
- EndpointSpec
- ExtraManifest
- ExtraManifest.ExtraHeadersEntry
- ExtraManifestsConfigSpec
- ExtraVolume
- KubePrismConfigSpec
- KubePrismEndpoint
- KubePrismEndpointsSpec
- KubePrismStatusesSpec
- KubeletConfigSpec
- KubeletConfigSpec.ExtraArgsEntry
- KubeletSpecSpec
- ManifestSpec
- ManifestStatusSpec
- NodeAnnotationSpecSpec
- NodeIPConfigSpec
- NodeIPSpec
- NodeLabelSpecSpec
- NodeStatusSpec
- NodeStatusSpec.AnnotationsEntry
- NodeStatusSpec.LabelsEntry
- NodeTaintSpecSpec
- NodenameSpec
- Resources
- Resources.LimitsEntry
- Resources.RequestsEntry
- SchedulerConfigSpec
- SchedulerConfigSpec.EnvironmentVariablesEntry
- SchedulerConfigSpec.ExtraArgsEntry
- SecretsStatusSpec
- SingleManifest
- StaticPodServerStatusSpec
- StaticPodSpec
- StaticPodStatusSpec
resource/definitions/network/network.proto
- AddressSpecSpec
- AddressStatusSpec
- BondMasterSpec
- BondSlave
- BridgeMasterSpec
- BridgeSlave
- BridgeVLANSpec
- DHCP4OperatorSpec
- DHCP6OperatorSpec
- DNSResolveCacheSpec
- HardwareAddrSpec
- HostDNSConfigSpec
- HostnameSpecSpec
- HostnameStatusSpec
- LinkRefreshSpec
- LinkSpecSpec
- LinkStatusSpec
- NfTablesAddressMatch
- NfTablesChainSpec
- NfTablesClampMSS
- NfTablesConntrackStateMatch
- NfTablesIfNameMatch
- NfTablesLayer4Match
- NfTablesLimitMatch
- NfTablesMark
- NfTablesPortMatch
- NfTablesRule
- NodeAddressFilterSpec
- NodeAddressSpec
- OperatorSpecSpec
- PortRange
- ProbeSpecSpec
- ProbeStatusSpec
- ResolverSpecSpec
- ResolverStatusSpec
- RouteSpecSpec
- RouteStatusSpec
- STPSpec
- StatusSpec
- TCPProbeSpec
- TimeServerSpecSpec
- TimeServerStatusSpec
- VIPEquinixMetalSpec
- VIPHCloudSpec
- VIPOperatorSpec
- VLANSpec
- WireguardPeer
- WireguardSpec
resource/definitions/runtime/runtime.proto
- DevicesStatusSpec
- DiagnosticSpec
- EventSinkConfigSpec
- ExtensionServiceConfigFile
- ExtensionServiceConfigSpec
- ExtensionServiceConfigStatusSpec
- KernelModuleSpecSpec
- KernelParamSpecSpec
- KernelParamStatusSpec
- KmsgLogConfigSpec
- MachineStatusSpec
- MachineStatusStatus
- MaintenanceServiceConfigSpec
- MetaKeySpec
- MetaLoadedSpec
- MountStatusSpec
- PlatformMetadataSpec
- SecurityStateSpec
- UniqueMachineTokenSpec
- UnmetCondition
- WatchdogTimerConfigSpec
- WatchdogTimerStatusSpec
common/common.proto
Data
Field | Type | Label | Description |
---|---|---|---|
metadata | Metadata | ||
bytes | bytes |
DataResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Data | repeated |
Empty
Field | Type | Label | Description |
---|---|---|---|
metadata | Metadata |
EmptyResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Empty | repeated |
Error
Field | Type | Label | Description |
---|---|---|---|
code | Code | ||
message | string | ||
details | google.protobuf.Any | repeated |
Metadata
Common metadata message nested in all reply message types
Field | Type | Label | Description |
---|---|---|---|
hostname | string | hostname of the server response comes from (injected by proxy) | |
error | string | error is set if request failed to the upstream (rest of response is undefined) | |
status | google.rpc.Status | error as gRPC Status |
NetIP
Field | Type | Label | Description |
---|---|---|---|
ip | bytes |
NetIPPort
Field | Type | Label | Description |
---|---|---|---|
ip | bytes | ||
port | int32 |
NetIPPrefix
Field | Type | Label | Description |
---|---|---|---|
ip | bytes | ||
prefix_length | int32 |
PEMEncodedCertificate
Field | Type | Label | Description |
---|---|---|---|
crt | bytes |
PEMEncodedCertificateAndKey
Field | Type | Label | Description |
---|---|---|---|
crt | bytes | ||
key | bytes |
PEMEncodedKey
Field | Type | Label | Description |
---|---|---|---|
key | bytes |
URL
Field | Type | Label | Description |
---|---|---|---|
full_path | string |
Code
Name | Number | Description |
---|---|---|
FATAL | 0 | |
LOCKED | 1 | |
CANCELED | 2 |
ContainerDriver
Name | Number | Description |
---|---|---|
CONTAINERD | 0 | |
CRI | 1 |
ContainerdNamespace
Name | Number | Description |
---|---|---|
NS_UNKNOWN | 0 | |
NS_SYSTEM | 1 | |
NS_CRI | 2 |
File-level Extensions
Extension | Type | Base | Number | Description |
---|---|---|---|---|
remove_deprecated_enum | string | .google.protobuf.EnumOptions | 93117 | Indicates the Talos version when this deprecated enum will be removed from API. |
remove_deprecated_enum_value | string | .google.protobuf.EnumValueOptions | 93117 | Indicates the Talos version when this deprecated enum value will be removed from API. |
remove_deprecated_field | string | .google.protobuf.FieldOptions | 93117 | Indicates the Talos version when this deprecated filed will be removed from API. |
remove_deprecated_message | string | .google.protobuf.MessageOptions | 93117 | Indicates the Talos version when this deprecated message will be removed from API. |
remove_deprecated_method | string | .google.protobuf.MethodOptions | 93117 | Indicates the Talos version when this deprecated method will be removed from API. |
remove_deprecated_service | string | .google.protobuf.ServiceOptions | 93117 | Indicates the Talos version when this deprecated service will be removed from API. |
resource/definitions/block/block.proto
DeviceSpec
DeviceSpec is the spec for devices status.
Field | Type | Label | Description |
---|---|---|---|
type | string | ||
major | int64 | ||
minor | int64 | ||
partition_name | string | ||
partition_number | int64 | ||
generation | int64 | ||
device_path | string | ||
parent | string |
DiscoveredVolumeSpec
DiscoveredVolumeSpec is the spec for DiscoveredVolumes resource.
Field | Type | Label | Description |
---|---|---|---|
size | uint64 | ||
sector_size | uint64 | ||
io_size | uint64 | ||
name | string | ||
uuid | string | ||
label | string | ||
block_size | uint32 | ||
filesystem_block_size | uint32 | ||
probed_size | uint64 | ||
partition_uuid | string | ||
partition_type | string | ||
partition_label | string | ||
partition_index | uint64 | ||
type | string | ||
device_path | string | ||
parent | string | ||
dev_path | string | ||
parent_dev_path | string | ||
pretty_size | string |
DiscoveryRefreshRequestSpec
DiscoveryRefreshRequestSpec is the spec for DiscoveryRefreshRequest.
Field | Type | Label | Description |
---|---|---|---|
request | int64 |
DiscoveryRefreshStatusSpec
DiscoveryRefreshStatusSpec is the spec for DiscoveryRefreshStatus status.
Field | Type | Label | Description |
---|---|---|---|
request | int64 |
DiskSelector
DiskSelector selects a disk for the volume.
Field | Type | Label | Description |
---|---|---|---|
match | google.api.expr.v1alpha1.CheckedExpr |
DiskSpec
DiskSpec is the spec for Disks status.
Field | Type | Label | Description |
---|---|---|---|
size | uint64 | ||
io_size | uint64 | ||
sector_size | uint64 | ||
readonly | bool | ||
model | string | ||
serial | string | ||
modalias | string | ||
wwid | string | ||
bus_path | string | ||
sub_system | string | ||
transport | string | ||
rotational | bool | ||
cdrom | bool | ||
dev_path | string | ||
pretty_size | string |
EncryptionKey
EncryptionKey is the spec for volume encryption key.
Field | Type | Label | Description |
---|---|---|---|
slot | int64 | ||
type | talos.resource.definitions.enums.BlockEncryptionKeyType | ||
static_passphrase | bytes | ||
kms_endpoint | string | ||
tpm_check_secureboot_status_on_enroll | bool |
EncryptionSpec
EncryptionSpec is the spec for volume encryption.
Field | Type | Label | Description |
---|---|---|---|
provider | talos.resource.definitions.enums.BlockEncryptionProviderType | ||
keys | EncryptionKey | repeated | |
cipher | string | ||
key_size | uint64 | ||
block_size | uint64 | ||
perf_options | string | repeated |
FilesystemSpec
FilesystemSpec is the spec for volume filesystem.
Field | Type | Label | Description |
---|---|---|---|
type | talos.resource.definitions.enums.BlockFilesystemType | ||
label | string |
LocatorSpec
LocatorSpec is the spec for volume locator.
Field | Type | Label | Description |
---|---|---|---|
match | google.api.expr.v1alpha1.CheckedExpr |
MountSpec
MountSpec is the spec for volume mount.
Field | Type | Label | Description |
---|---|---|---|
target_path | string |
PartitionSpec
PartitionSpec is the spec for volume partitioning.
Field | Type | Label | Description |
---|---|---|---|
min_size | uint64 | ||
max_size | uint64 | ||
grow | bool | ||
label | string | ||
type_uuid | string |
ProvisioningSpec
ProvisioningSpec is the spec for volume provisioning.
Field | Type | Label | Description |
---|---|---|---|
disk_selector | DiskSelector | ||
partition_spec | PartitionSpec | ||
wave | int64 | ||
filesystem_spec | FilesystemSpec |
SystemDiskSpec
SystemDiskSpec is the spec for SystemDisks resource.
Field | Type | Label | Description |
---|---|---|---|
disk_id | string | ||
dev_path | string |
UserDiskConfigStatusSpec
UserDiskConfigStatusSpec is the spec for UserDiskConfigStatus resource.
Field | Type | Label | Description |
---|---|---|---|
ready | bool |
VolumeConfigSpec
VolumeConfigSpec is the spec for VolumeConfig resource.
Field | Type | Label | Description |
---|---|---|---|
parent_id | string | ||
type | talos.resource.definitions.enums.BlockVolumeType | ||
provisioning | ProvisioningSpec | ||
locator | LocatorSpec | ||
mount | MountSpec | ||
encryption | EncryptionSpec |
VolumeStatusSpec
VolumeStatusSpec is the spec for VolumeStatus resource.
Field | Type | Label | Description |
---|---|---|---|
phase | talos.resource.definitions.enums.BlockVolumePhase | ||
location | string | ||
error_message | string | ||
uuid | string | ||
partition_uuid | string | ||
pre_fail_phase | talos.resource.definitions.enums.BlockVolumePhase | ||
parent_location | string | ||
partition_index | int64 | ||
size | uint64 | ||
filesystem | talos.resource.definitions.enums.BlockFilesystemType | ||
mount_location | string | ||
encryption_provider | talos.resource.definitions.enums.BlockEncryptionProviderType | ||
pretty_size | string |
resource/definitions/cluster/cluster.proto
AffiliateSpec
AffiliateSpec describes Affiliate state.
Field | Type | Label | Description |
---|---|---|---|
node_id | string | ||
addresses | common.NetIP | repeated | |
hostname | string | ||
nodename | string | ||
operating_system | string | ||
machine_type | talos.resource.definitions.enums.MachineType | ||
kube_span | KubeSpanAffiliateSpec | ||
control_plane | ControlPlane |
ConfigSpec
ConfigSpec describes KubeSpan configuration.
Field | Type | Label | Description |
---|---|---|---|
discovery_enabled | bool | ||
registry_kubernetes_enabled | bool | ||
registry_service_enabled | bool | ||
service_endpoint | string | ||
service_endpoint_insecure | bool | ||
service_encryption_key | bytes | ||
service_cluster_id | string |
ControlPlane
ControlPlane describes ControlPlane data if any.
Field | Type | Label | Description |
---|---|---|---|
api_server_port | int64 |
IdentitySpec
IdentitySpec describes status of rendered secrets.
Note: IdentitySpec is persisted on disk in the STATE partition, so YAML serialization should be kept backwards compatible.
Field | Type | Label | Description |
---|---|---|---|
node_id | string |
InfoSpec
InfoSpec describes cluster information.
Field | Type | Label | Description |
---|---|---|---|
cluster_id | string | ||
cluster_name | string |
KubeSpanAffiliateSpec
KubeSpanAffiliateSpec describes additional information specific for the KubeSpan.
Field | Type | Label | Description |
---|---|---|---|
public_key | string | ||
address | common.NetIP | ||
additional_addresses | common.NetIPPrefix | repeated | |
endpoints | common.NetIPPort | repeated |
MemberSpec
MemberSpec describes Member state.
Field | Type | Label | Description |
---|---|---|---|
node_id | string | ||
addresses | common.NetIP | repeated | |
hostname | string | ||
machine_type | talos.resource.definitions.enums.MachineType | ||
operating_system | string | ||
control_plane | ControlPlane |
resource/definitions/cri/cri.proto
SeccompProfileSpec
SeccompProfileSpec represents the SeccompProfile.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
value | google.protobuf.Struct |
resource/definitions/enums/enums.proto
BlockEncryptionKeyType
BlockEncryptionKeyType describes encryption key type.
Name | Number | Description |
---|---|---|
ENCRYPTION_KEY_STATIC | 0 | |
ENCRYPTION_KEY_NODE_ID | 1 | |
ENCRYPTION_KEY_KMS | 2 | |
ENCRYPTION_KEY_TPM | 3 |
BlockEncryptionProviderType
BlockEncryptionProviderType describes encryption provider type.
Name | Number | Description |
---|---|---|
ENCRYPTION_PROVIDER_NONE | 0 | |
ENCRYPTION_PROVIDER_LUKS2 | 1 |
BlockFilesystemType
BlockFilesystemType describes filesystem type.
Name | Number | Description |
---|---|---|
FILESYSTEM_TYPE_NONE | 0 | |
FILESYSTEM_TYPE_XFS | 1 |
BlockVolumePhase
BlockVolumePhase describes volume phase.
Name | Number | Description |
---|---|---|
VOLUME_PHASE_WAITING | 0 | |
VOLUME_PHASE_FAILED | 1 | |
VOLUME_PHASE_MISSING | 2 | |
VOLUME_PHASE_LOCATED | 3 | |
VOLUME_PHASE_PROVISIONED | 4 | |
VOLUME_PHASE_PREPARED | 5 | |
VOLUME_PHASE_READY | 6 | |
VOLUME_PHASE_CLOSED | 7 |
BlockVolumeType
BlockVolumeType describes volume type.
Name | Number | Description |
---|---|---|
VOLUME_TYPE_PARTITION | 0 | |
VOLUME_TYPE_DISK | 1 | |
VOLUME_TYPE_TMPFS | 2 |
KubespanPeerState
KubespanPeerState is KubeSpan peer current state.
Name | Number | Description |
---|---|---|
PEER_STATE_UNKNOWN | 0 | |
PEER_STATE_UP | 1 | |
PEER_STATE_DOWN | 2 |
MachineType
MachineType represents a machine type.
Name | Number | Description |
---|---|---|
TYPE_UNKNOWN | 0 | TypeUnknown represents undefined node type, when there is no machine configuration yet. |
TYPE_INIT | 1 | TypeInit type designates the first control plane node to come up. You can think of it like a bootstrap node. This node will perform the initial steps to bootstrap the cluster – generation of TLS assets, starting of the control plane, etc. |
TYPE_CONTROL_PLANE | 2 | TypeControlPlane designates the node as a control plane member. This means it will host etcd along with the Kubernetes controlplane components such as API Server, Controller Manager, Scheduler. |
TYPE_WORKER | 3 | TypeWorker designates the node as a worker node. This means it will be an available compute node for scheduling workloads. |
NethelpersADSelect
NethelpersADSelect is ADSelect.
Name | Number | Description |
---|---|---|
AD_SELECT_STABLE | 0 | |
AD_SELECT_BANDWIDTH | 1 | |
AD_SELECT_COUNT | 2 |
NethelpersARPAllTargets
NethelpersARPAllTargets is an ARP targets mode.
Name | Number | Description |
---|---|---|
ARP_ALL_TARGETS_ANY | 0 | |
ARP_ALL_TARGETS_ALL | 1 |
NethelpersARPValidate
NethelpersARPValidate is an ARP Validation mode.
Name | Number | Description |
---|---|---|
ARP_VALIDATE_NONE | 0 | |
ARP_VALIDATE_ACTIVE | 1 | |
ARP_VALIDATE_BACKUP | 2 | |
ARP_VALIDATE_ALL | 3 |
NethelpersAddressFlag
NethelpersAddressFlag wraps IFF_* constants.
Name | Number | Description |
---|---|---|
NETHELPERS_ADDRESSFLAG_UNSPECIFIED | 0 | |
ADDRESS_TEMPORARY | 1 | |
ADDRESS_NO_DAD | 2 | |
ADDRESS_OPTIMISTIC | 4 | |
ADDRESS_DAD_FAILED | 8 | |
ADDRESS_HOME | 16 | |
ADDRESS_DEPRECATED | 32 | |
ADDRESS_TENTATIVE | 64 | |
ADDRESS_PERMANENT | 128 | |
ADDRESS_MANAGEMENT_TEMP | 256 | |
ADDRESS_NO_PREFIX_ROUTE | 512 | |
ADDRESS_MC_AUTO_JOIN | 1024 | |
ADDRESS_STABLE_PRIVACY | 2048 |
NethelpersBondMode
NethelpersBondMode is a bond mode.
Name | Number | Description |
---|---|---|
BOND_MODE_ROUNDROBIN | 0 | |
BOND_MODE_ACTIVE_BACKUP | 1 | |
BOND_MODE_XOR | 2 | |
BOND_MODE_BROADCAST | 3 | |
BOND_MODE8023_AD | 4 | |
BOND_MODE_TLB | 5 | |
BOND_MODE_ALB | 6 |
NethelpersBondXmitHashPolicy
NethelpersBondXmitHashPolicy is a bond hash policy.
Name | Number | Description |
---|---|---|
BOND_XMIT_POLICY_LAYER2 | 0 | |
BOND_XMIT_POLICY_LAYER34 | 1 | |
BOND_XMIT_POLICY_LAYER23 | 2 | |
BOND_XMIT_POLICY_ENCAP23 | 3 | |
BOND_XMIT_POLICY_ENCAP34 | 4 |
NethelpersConntrackState
NethelpersConntrackState is a conntrack state.
Name | Number | Description |
---|---|---|
NETHELPERS_CONNTRACKSTATE_UNSPECIFIED | 0 | |
CONNTRACK_STATE_NEW | 8 | |
CONNTRACK_STATE_RELATED | 4 | |
CONNTRACK_STATE_ESTABLISHED | 2 | |
CONNTRACK_STATE_INVALID | 1 |
NethelpersDuplex
NethelpersDuplex wraps ethtool.Duplex for YAML marshaling.
Name | Number | Description |
---|---|---|
HALF | 0 | |
FULL | 1 | |
UNKNOWN | 255 |
NethelpersFailOverMAC
NethelpersFailOverMAC is a MAC failover mode.
Name | Number | Description |
---|---|---|
FAIL_OVER_MAC_NONE | 0 | |
FAIL_OVER_MAC_ACTIVE | 1 | |
FAIL_OVER_MAC_FOLLOW | 2 |
NethelpersFamily
NethelpersFamily is a network family.
Name | Number | Description |
---|---|---|
NETHELPERS_FAMILY_UNSPECIFIED | 0 | |
FAMILY_INET4 | 2 | |
FAMILY_INET6 | 10 |
NethelpersLACPRate
NethelpersLACPRate is a LACP rate.
Name | Number | Description |
---|---|---|
LACP_RATE_SLOW | 0 | |
LACP_RATE_FAST | 1 |
NethelpersLinkType
NethelpersLinkType is a link type.
Name | Number | Description |
---|---|---|
LINK_NETROM | 0 | |
LINK_ETHER | 1 | |
LINK_EETHER | 2 | |
LINK_AX25 | 3 | |
LINK_PRONET | 4 | |
LINK_CHAOS | 5 | |
LINK_IEE802 | 6 | |
LINK_ARCNET | 7 | |
LINK_ATALK | 8 | |
LINK_DLCI | 15 | |
LINK_ATM | 19 | |
LINK_METRICOM | 23 | |
LINK_IEEE1394 | 24 | |
LINK_EUI64 | 27 | |
LINK_INFINIBAND | 32 | |
LINK_SLIP | 256 | |
LINK_CSLIP | 257 | |
LINK_SLIP6 | 258 | |
LINK_CSLIP6 | 259 | |
LINK_RSRVD | 260 | |
LINK_ADAPT | 264 | |
LINK_ROSE | 270 | |
LINK_X25 | 271 | |
LINK_HWX25 | 272 | |
LINK_CAN | 280 | |
LINK_PPP | 512 | |
LINK_CISCO | 513 | |
LINK_HDLC | 513 | |
LINK_LAPB | 516 | |
LINK_DDCMP | 517 | |
LINK_RAWHDLC | 518 | |
LINK_TUNNEL | 768 | |
LINK_TUNNEL6 | 769 | |
LINK_FRAD | 770 | |
LINK_SKIP | 771 | |
LINK_LOOPBCK | 772 | |
LINK_LOCALTLK | 773 | |
LINK_FDDI | 774 | |
LINK_BIF | 775 | |
LINK_SIT | 776 | |
LINK_IPDDP | 777 | |
LINK_IPGRE | 778 | |
LINK_PIMREG | 779 | |
LINK_HIPPI | 780 | |
LINK_ASH | 781 | |
LINK_ECONET | 782 | |
LINK_IRDA | 783 | |
LINK_FCPP | 784 | |
LINK_FCAL | 785 | |
LINK_FCPL | 786 | |
LINK_FCFABRIC | 787 | |
LINK_FCFABRIC1 | 788 | |
LINK_FCFABRIC2 | 789 | |
LINK_FCFABRIC3 | 790 | |
LINK_FCFABRIC4 | 791 | |
LINK_FCFABRIC5 | 792 | |
LINK_FCFABRIC6 | 793 | |
LINK_FCFABRIC7 | 794 | |
LINK_FCFABRIC8 | 795 | |
LINK_FCFABRIC9 | 796 | |
LINK_FCFABRIC10 | 797 | |
LINK_FCFABRIC11 | 798 | |
LINK_FCFABRIC12 | 799 | |
LINK_IEE802TR | 800 | |
LINK_IEE80211 | 801 | |
LINK_IEE80211PRISM | 802 | |
LINK_IEE80211_RADIOTAP | 803 | |
LINK_IEE8021154 | 804 | |
LINK_IEE8021154MONITOR | 805 | |
LINK_PHONET | 820 | |
LINK_PHONETPIPE | 821 | |
LINK_CAIF | 822 | |
LINK_IP6GRE | 823 | |
LINK_NETLINK | 824 | |
LINK6_LOWPAN | 825 | |
LINK_VOID | 65535 | |
LINK_NONE | 65534 |
NethelpersMatchOperator
NethelpersMatchOperator is a netfilter match operator.
Name | Number | Description |
---|---|---|
OPERATOR_EQUAL | 0 | |
OPERATOR_NOT_EQUAL | 1 |
NethelpersNfTablesChainHook
NethelpersNfTablesChainHook wraps nftables.ChainHook for YAML marshaling.
Name | Number | Description |
---|---|---|
CHAIN_HOOK_PREROUTING | 0 | |
CHAIN_HOOK_INPUT | 1 | |
CHAIN_HOOK_FORWARD | 2 | |
CHAIN_HOOK_OUTPUT | 3 | |
CHAIN_HOOK_POSTROUTING | 4 |
NethelpersNfTablesChainPriority
NethelpersNfTablesChainPriority wraps nftables.ChainPriority for YAML marshaling.
Name | Number | Description |
---|---|---|
NETHELPERS_NFTABLESCHAINPRIORITY_UNSPECIFIED | 0 | |
CHAIN_PRIORITY_FIRST | -2147483648 | |
CHAIN_PRIORITY_CONNTRACK_DEFRAG | -400 | |
CHAIN_PRIORITY_RAW | -300 | |
CHAIN_PRIORITY_SE_LINUX_FIRST | -225 | |
CHAIN_PRIORITY_CONNTRACK | -200 | |
CHAIN_PRIORITY_MANGLE | -150 | |
CHAIN_PRIORITY_NAT_DEST | -100 | |
CHAIN_PRIORITY_FILTER | 0 | |
CHAIN_PRIORITY_SECURITY | 50 | |
CHAIN_PRIORITY_NAT_SOURCE | 100 | |
CHAIN_PRIORITY_SE_LINUX_LAST | 225 | |
CHAIN_PRIORITY_CONNTRACK_HELPER | 300 | |
CHAIN_PRIORITY_LAST | 2147483647 |
NethelpersNfTablesVerdict
NethelpersNfTablesVerdict wraps nftables.Verdict for YAML marshaling.
Name | Number | Description |
---|---|---|
VERDICT_DROP | 0 | |
VERDICT_ACCEPT | 1 |
NethelpersOperationalState
NethelpersOperationalState wraps rtnetlink.OperationalState for YAML marshaling.
Name | Number | Description |
---|---|---|
OPER_STATE_UNKNOWN | 0 | |
OPER_STATE_NOT_PRESENT | 1 | |
OPER_STATE_DOWN | 2 | |
OPER_STATE_LOWER_LAYER_DOWN | 3 | |
OPER_STATE_TESTING | 4 | |
OPER_STATE_DORMANT | 5 | |
OPER_STATE_UP | 6 |
NethelpersPort
NethelpersPort wraps ethtool.Port for YAML marshaling.
Name | Number | Description |
---|---|---|
TWISTED_PAIR | 0 | |
AUI | 1 | |
MII | 2 | |
FIBRE | 3 | |
BNC | 4 | |
DIRECT_ATTACH | 5 | |
NONE | 239 | |
OTHER | 255 |
NethelpersPrimaryReselect
NethelpersPrimaryReselect is an ARP targets mode.
Name | Number | Description |
---|---|---|
PRIMARY_RESELECT_ALWAYS | 0 | |
PRIMARY_RESELECT_BETTER | 1 | |
PRIMARY_RESELECT_FAILURE | 2 |
NethelpersProtocol
NethelpersProtocol is a inet protocol.
Name | Number | Description |
---|---|---|
NETHELPERS_PROTOCOL_UNSPECIFIED | 0 | |
PROTOCOL_ICMP | 1 | |
PROTOCOL_TCP | 6 | |
PROTOCOL_UDP | 17 | |
PROTOCOL_ICM_PV6 | 58 |
NethelpersRouteFlag
NethelpersRouteFlag wraps RTM_F_* constants.
Name | Number | Description |
---|---|---|
NETHELPERS_ROUTEFLAG_UNSPECIFIED | 0 | |
ROUTE_NOTIFY | 256 | |
ROUTE_CLONED | 512 | |
ROUTE_EQUALIZE | 1024 | |
ROUTE_PREFIX | 2048 | |
ROUTE_LOOKUP_TABLE | 4096 | |
ROUTE_FIB_MATCH | 8192 | |
ROUTE_OFFLOAD | 16384 | |
ROUTE_TRAP | 32768 |
NethelpersRouteProtocol
NethelpersRouteProtocol is a routing protocol.
Name | Number | Description |
---|---|---|
PROTOCOL_UNSPEC | 0 | |
PROTOCOL_REDIRECT | 1 | |
PROTOCOL_KERNEL | 2 | |
PROTOCOL_BOOT | 3 | |
PROTOCOL_STATIC | 4 | |
PROTOCOL_RA | 9 | |
PROTOCOL_MRT | 10 | |
PROTOCOL_ZEBRA | 11 | |
PROTOCOL_BIRD | 12 | |
PROTOCOL_DNROUTED | 13 | |
PROTOCOL_XORP | 14 | |
PROTOCOL_NTK | 15 | |
PROTOCOL_DHCP | 16 | |
PROTOCOL_MRTD | 17 | |
PROTOCOL_KEEPALIVED | 18 | |
PROTOCOL_BABEL | 42 | |
PROTOCOL_OPENR | 99 | |
PROTOCOL_BGP | 186 | |
PROTOCOL_ISIS | 187 | |
PROTOCOL_OSPF | 188 | |
PROTOCOL_RIP | 189 | |
PROTOCOL_EIGRP | 192 |
NethelpersRouteType
NethelpersRouteType is a route type.
Name | Number | Description |
---|---|---|
TYPE_UNSPEC | 0 | |
TYPE_UNICAST | 1 | |
TYPE_LOCAL | 2 | |
TYPE_BROADCAST | 3 | |
TYPE_ANYCAST | 4 | |
TYPE_MULTICAST | 5 | |
TYPE_BLACKHOLE | 6 | |
TYPE_UNREACHABLE | 7 | |
TYPE_PROHIBIT | 8 | |
TYPE_THROW | 9 | |
TYPE_NAT | 10 | |
TYPE_X_RESOLVE | 11 |
NethelpersRoutingTable
NethelpersRoutingTable is a routing table ID.
Name | Number | Description |
---|---|---|
TABLE_UNSPEC | 0 | |
TABLE_DEFAULT | 253 | |
TABLE_MAIN | 254 | |
TABLE_LOCAL | 255 |
NethelpersScope
NethelpersScope is an address scope.
Name | Number | Description |
---|---|---|
SCOPE_GLOBAL | 0 | |
SCOPE_SITE | 200 | |
SCOPE_LINK | 253 | |
SCOPE_HOST | 254 | |
SCOPE_NOWHERE | 255 |
NethelpersVLANProtocol
NethelpersVLANProtocol is a VLAN protocol.
Name | Number | Description |
---|---|---|
NETHELPERS_VLANPROTOCOL_UNSPECIFIED | 0 | |
VLAN_PROTOCOL8021_Q | 33024 | |
VLAN_PROTOCOL8021_AD | 34984 |
NetworkConfigLayer
NetworkConfigLayer describes network configuration layers, with lowest priority first.
Name | Number | Description |
---|---|---|
CONFIG_DEFAULT | 0 | |
CONFIG_CMDLINE | 1 | |
CONFIG_PLATFORM | 2 | |
CONFIG_OPERATOR | 3 | |
CONFIG_MACHINE_CONFIGURATION | 4 |
NetworkOperator
NetworkOperator enumerates Talos network operators.
Name | Number | Description |
---|---|---|
OPERATOR_DHCP4 | 0 | |
OPERATOR_DHCP6 | 1 | |
OPERATOR_VIP | 2 |
RuntimeMachineStage
RuntimeMachineStage describes the stage of the machine boot/run process.
Name | Number | Description |
---|---|---|
MACHINE_STAGE_UNKNOWN | 0 | |
MACHINE_STAGE_BOOTING | 1 | |
MACHINE_STAGE_INSTALLING | 2 | |
MACHINE_STAGE_MAINTENANCE | 3 | |
MACHINE_STAGE_RUNNING | 4 | |
MACHINE_STAGE_REBOOTING | 5 | |
MACHINE_STAGE_SHUTTING_DOWN | 6 | |
MACHINE_STAGE_RESETTING | 7 | |
MACHINE_STAGE_UPGRADING | 8 |
resource/definitions/etcd/etcd.proto
ConfigSpec
ConfigSpec describes (some) configuration settings of etcd.
Field | Type | Label | Description |
---|---|---|---|
advertise_valid_subnets | string | repeated | |
advertise_exclude_subnets | string | repeated | |
image | string | ||
extra_args | ConfigSpec.ExtraArgsEntry | repeated | |
listen_valid_subnets | string | repeated | |
listen_exclude_subnets | string | repeated |
ConfigSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
MemberSpec
MemberSpec holds information about an etcd member.
Field | Type | Label | Description |
---|---|---|---|
member_id | string |
PKIStatusSpec
PKIStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
ready | bool | ||
version | string |
SpecSpec
SpecSpec describes (some) Specuration settings of etcd.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
advertised_addresses | common.NetIP | repeated | |
image | string | ||
extra_args | SpecSpec.ExtraArgsEntry | repeated | |
listen_peer_addresses | common.NetIP | repeated | |
listen_client_addresses | common.NetIP | repeated |
SpecSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
resource/definitions/extensions/extensions.proto
Compatibility
Compatibility describes extension compatibility.
Field | Type | Label | Description |
---|---|---|---|
talos | Constraint |
Constraint
Constraint describes compatibility constraint.
Field | Type | Label | Description |
---|---|---|---|
version | string |
Layer
Layer defines overlay mount layer.
Field | Type | Label | Description |
---|---|---|---|
image | string | ||
metadata | Metadata |
Metadata
Metadata describes base extension metadata.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
version | string | ||
author | string | ||
description | string | ||
compatibility | Compatibility | ||
extra_info | string |
resource/definitions/files/files.proto
EtcFileSpecSpec
EtcFileSpecSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
contents | bytes | ||
mode | uint32 |
EtcFileStatusSpec
EtcFileStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
spec_version | string |
resource/definitions/hardware/hardware.proto
MemoryModuleSpec
MemoryModuleSpec represents a single Memory.
Field | Type | Label | Description |
---|---|---|---|
size | uint32 | ||
device_locator | string | ||
bank_locator | string | ||
speed | uint32 | ||
manufacturer | string | ||
serial_number | string | ||
asset_tag | string | ||
product_name | string |
PCIDeviceSpec
PCIDeviceSpec represents a single processor.
Field | Type | Label | Description |
---|---|---|---|
class | string | ||
subclass | string | ||
vendor | string | ||
product | string | ||
class_id | string | ||
subclass_id | string | ||
vendor_id | string | ||
product_id | string |
ProcessorSpec
ProcessorSpec represents a single processor.
Field | Type | Label | Description |
---|---|---|---|
socket | string | ||
manufacturer | string | ||
product_name | string | ||
max_speed | uint32 | ||
boot_speed | uint32 | ||
status | uint32 | ||
serial_number | string | ||
asset_tag | string | ||
part_number | string | ||
core_count | uint32 | ||
core_enabled | uint32 | ||
thread_count | uint32 |
SystemInformationSpec
SystemInformationSpec represents the system information obtained from smbios.
Field | Type | Label | Description |
---|---|---|---|
manufacturer | string | ||
product_name | string | ||
version | string | ||
serial_number | string | ||
uuid | string | ||
wake_up_type | string | ||
sku_number | string |
resource/definitions/k8s/k8s.proto
APIServerConfigSpec
APIServerConfigSpec is configuration for kube-apiserver.
Field | Type | Label | Description |
---|---|---|---|
image | string | ||
cloud_provider | string | ||
control_plane_endpoint | string | ||
etcd_servers | string | repeated | |
local_port | int64 | ||
service_cid_rs | string | repeated | |
extra_args | APIServerConfigSpec.ExtraArgsEntry | repeated | |
extra_volumes | ExtraVolume | repeated | |
environment_variables | APIServerConfigSpec.EnvironmentVariablesEntry | repeated | |
pod_security_policy_enabled | bool | ||
advertised_address | string | ||
resources | Resources |
APIServerConfigSpec.EnvironmentVariablesEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
APIServerConfigSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
AdmissionControlConfigSpec
AdmissionControlConfigSpec is configuration for kube-apiserver.
Field | Type | Label | Description |
---|---|---|---|
config | AdmissionPluginSpec | repeated |
AdmissionPluginSpec
AdmissionPluginSpec is a single admission plugin configuration Admission Control plugins.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
configuration | google.protobuf.Struct |
AuditPolicyConfigSpec
AuditPolicyConfigSpec is audit policy configuration for kube-apiserver.
Field | Type | Label | Description |
---|---|---|---|
config | google.protobuf.Struct |
BootstrapManifestsConfigSpec
BootstrapManifestsConfigSpec is configuration for bootstrap manifests.
Field | Type | Label | Description |
---|---|---|---|
server | string | ||
cluster_domain | string | ||
pod_cid_rs | string | repeated | |
proxy_enabled | bool | ||
proxy_image | string | ||
proxy_args | string | repeated | |
core_dns_enabled | bool | ||
core_dns_image | string | ||
dns_service_ip | string | ||
dns_service_i_pv6 | string | ||
flannel_enabled | bool | ||
flannel_image | string | ||
pod_security_policy_enabled | bool | ||
talos_api_service_enabled | bool | ||
flannel_extra_args | string | repeated | |
flannel_kube_service_host | string | ||
flannel_kube_service_port | string |
ConfigStatusSpec
ConfigStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
ready | bool | ||
version | string |
ControllerManagerConfigSpec
ControllerManagerConfigSpec is configuration for kube-controller-manager.
Field | Type | Label | Description |
---|---|---|---|
enabled | bool | ||
image | string | ||
cloud_provider | string | ||
pod_cid_rs | string | repeated | |
service_cid_rs | string | repeated | |
extra_args | ControllerManagerConfigSpec.ExtraArgsEntry | repeated | |
extra_volumes | ExtraVolume | repeated | |
environment_variables | ControllerManagerConfigSpec.EnvironmentVariablesEntry | repeated | |
resources | Resources |
ControllerManagerConfigSpec.EnvironmentVariablesEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
ControllerManagerConfigSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
EndpointSpec
EndpointSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
addresses | common.NetIP | repeated |
ExtraManifest
ExtraManifest defines a single extra manifest to download.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
url | string | ||
priority | string | ||
extra_headers | ExtraManifest.ExtraHeadersEntry | repeated | |
inline_manifest | string |
ExtraManifest.ExtraHeadersEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
ExtraManifestsConfigSpec
ExtraManifestsConfigSpec is configuration for extra bootstrap manifests.
Field | Type | Label | Description |
---|---|---|---|
extra_manifests | ExtraManifest | repeated |
ExtraVolume
ExtraVolume is a configuration of extra volume.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
host_path | string | ||
mount_path | string | ||
read_only | bool |
KubePrismConfigSpec
KubePrismConfigSpec describes KubePrismConfig data.
Field | Type | Label | Description |
---|---|---|---|
host | string | ||
port | int64 | ||
endpoints | KubePrismEndpoint | repeated |
KubePrismEndpoint
KubePrismEndpoint holds data for control plane endpoint.
Field | Type | Label | Description |
---|---|---|---|
host | string | ||
port | uint32 |
KubePrismEndpointsSpec
KubePrismEndpointsSpec describes KubePrismEndpoints configuration.
Field | Type | Label | Description |
---|---|---|---|
endpoints | KubePrismEndpoint | repeated |
KubePrismStatusesSpec
KubePrismStatusesSpec describes KubePrismStatuses data.
Field | Type | Label | Description |
---|---|---|---|
host | string | ||
healthy | bool |
KubeletConfigSpec
KubeletConfigSpec holds the source of kubelet configuration.
Field | Type | Label | Description |
---|---|---|---|
image | string | ||
cluster_dns | string | repeated | |
cluster_domain | string | ||
extra_args | KubeletConfigSpec.ExtraArgsEntry | repeated | |
extra_mounts | talos.resource.definitions.proto.Mount | repeated | |
extra_config | google.protobuf.Struct | ||
cloud_provider_external | bool | ||
default_runtime_seccomp_enabled | bool | ||
skip_node_registration | bool | ||
static_pod_list_url | string | ||
disable_manifests_directory | bool | ||
enable_fs_quota_monitoring | bool | ||
credential_provider_config | google.protobuf.Struct |
KubeletConfigSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
KubeletSpecSpec
KubeletSpecSpec holds the source of kubelet configuration.
Field | Type | Label | Description |
---|---|---|---|
image | string | ||
args | string | repeated | |
extra_mounts | talos.resource.definitions.proto.Mount | repeated | |
expected_nodename | string | ||
config | google.protobuf.Struct | ||
credential_provider_config | google.protobuf.Struct |
ManifestSpec
ManifestSpec holds the Kubernetes resources spec.
Field | Type | Label | Description |
---|---|---|---|
items | SingleManifest | repeated |
ManifestStatusSpec
ManifestStatusSpec describes manifest application status.
Field | Type | Label | Description |
---|---|---|---|
manifests_applied | string | repeated |
NodeAnnotationSpecSpec
NodeAnnotationSpecSpec represents an annoation that’s attached to a Talos node.
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
NodeIPConfigSpec
NodeIPConfigSpec holds the Node IP specification.
Field | Type | Label | Description |
---|---|---|---|
valid_subnets | string | repeated | |
exclude_subnets | string | repeated |
NodeIPSpec
NodeIPSpec holds the Node IP specification.
Field | Type | Label | Description |
---|---|---|---|
addresses | common.NetIP | repeated |
NodeLabelSpecSpec
NodeLabelSpecSpec represents a label that’s attached to a Talos node.
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
NodeStatusSpec
NodeStatusSpec describes Kubernetes NodeStatus.
Field | Type | Label | Description |
---|---|---|---|
nodename | string | ||
node_ready | bool | ||
unschedulable | bool | ||
labels | NodeStatusSpec.LabelsEntry | repeated | |
annotations | NodeStatusSpec.AnnotationsEntry | repeated |
NodeStatusSpec.AnnotationsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
NodeStatusSpec.LabelsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
NodeTaintSpecSpec
NodeTaintSpecSpec represents a label that’s attached to a Talos node.
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
effect | string | ||
value | string |
NodenameSpec
NodenameSpec describes Kubernetes nodename.
Field | Type | Label | Description |
---|---|---|---|
nodename | string | ||
hostname_version | string | ||
skip_node_registration | bool |
Resources
Resources is a configuration of cpu and memory resources.
Field | Type | Label | Description |
---|---|---|---|
requests | Resources.RequestsEntry | repeated | |
limits | Resources.LimitsEntry | repeated |
Resources.LimitsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
Resources.RequestsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
SchedulerConfigSpec
SchedulerConfigSpec is configuration for kube-scheduler.
Field | Type | Label | Description |
---|---|---|---|
enabled | bool | ||
image | string | ||
extra_args | SchedulerConfigSpec.ExtraArgsEntry | repeated | |
extra_volumes | ExtraVolume | repeated | |
environment_variables | SchedulerConfigSpec.EnvironmentVariablesEntry | repeated | |
resources | Resources | ||
config | google.protobuf.Struct |
SchedulerConfigSpec.EnvironmentVariablesEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
SchedulerConfigSpec.ExtraArgsEntry
Field | Type | Label | Description |
---|---|---|---|
key | string | ||
value | string |
SecretsStatusSpec
SecretsStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
ready | bool | ||
version | string |
SingleManifest
SingleManifest is a single manifest.
Field | Type | Label | Description |
---|---|---|---|
object | google.protobuf.Struct |
StaticPodServerStatusSpec
StaticPodServerStatusSpec describes static pod spec, it contains marshaled *v1.Pod spec.
Field | Type | Label | Description |
---|---|---|---|
url | string |
StaticPodSpec
StaticPodSpec describes static pod spec, it contains marshaled *v1.Pod spec.
Field | Type | Label | Description |
---|---|---|---|
pod | google.protobuf.Struct |
StaticPodStatusSpec
StaticPodStatusSpec describes kubelet static pod status.
Field | Type | Label | Description |
---|---|---|---|
pod_status | google.protobuf.Struct |
resource/definitions/kubeaccess/kubeaccess.proto
ConfigSpec
ConfigSpec describes KubeSpan configuration..
Field | Type | Label | Description |
---|---|---|---|
enabled | bool | ||
allowed_api_roles | string | repeated | |
allowed_kubernetes_namespaces | string | repeated |
resource/definitions/kubespan/kubespan.proto
ConfigSpec
ConfigSpec describes KubeSpan configuration..
Field | Type | Label | Description |
---|---|---|---|
enabled | bool | ||
cluster_id | string | ||
shared_secret | string | ||
force_routing | bool | ||
advertise_kubernetes_networks | bool | ||
mtu | uint32 | ||
endpoint_filters | string | repeated | |
harvest_extra_endpoints | bool | ||
extra_endpoints | common.NetIPPort | repeated |
EndpointSpec
EndpointSpec describes Endpoint state.
Field | Type | Label | Description |
---|---|---|---|
affiliate_id | string | ||
endpoint | common.NetIPPort |
IdentitySpec
IdentitySpec describes KubeSpan keys and address.
Note: IdentitySpec is persisted on disk in the STATE partition, so YAML serialization should be kept backwards compatible.
Field | Type | Label | Description |
---|---|---|---|
address | common.NetIPPrefix | ||
subnet | common.NetIPPrefix | ||
private_key | string | ||
public_key | string |
PeerSpecSpec
PeerSpecSpec describes PeerSpec state.
Field | Type | Label | Description |
---|---|---|---|
address | common.NetIP | ||
allowed_ips | common.NetIPPrefix | repeated | |
endpoints | common.NetIPPort | repeated | |
label | string |
PeerStatusSpec
PeerStatusSpec describes PeerStatus state.
Field | Type | Label | Description |
---|---|---|---|
endpoint | common.NetIPPort | ||
label | string | ||
state | talos.resource.definitions.enums.KubespanPeerState | ||
receive_bytes | int64 | ||
transmit_bytes | int64 | ||
last_handshake_time | google.protobuf.Timestamp | ||
last_used_endpoint | common.NetIPPort | ||
last_endpoint_change | google.protobuf.Timestamp |
resource/definitions/network/network.proto
AddressSpecSpec
AddressSpecSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
address | common.NetIPPrefix | ||
link_name | string | ||
family | talos.resource.definitions.enums.NethelpersFamily | ||
scope | talos.resource.definitions.enums.NethelpersScope | ||
flags | uint32 | ||
announce_with_arp | bool | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
AddressStatusSpec
AddressStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
address | common.NetIPPrefix | ||
local | common.NetIP | ||
broadcast | common.NetIP | ||
anycast | common.NetIP | ||
multicast | common.NetIP | ||
link_index | uint32 | ||
link_name | string | ||
family | talos.resource.definitions.enums.NethelpersFamily | ||
scope | talos.resource.definitions.enums.NethelpersScope | ||
flags | uint32 |
BondMasterSpec
BondMasterSpec describes bond settings if Kind == “bond”.
Field | Type | Label | Description |
---|---|---|---|
mode | talos.resource.definitions.enums.NethelpersBondMode | ||
hash_policy | talos.resource.definitions.enums.NethelpersBondXmitHashPolicy | ||
lacp_rate | talos.resource.definitions.enums.NethelpersLACPRate | ||
arp_validate | talos.resource.definitions.enums.NethelpersARPValidate | ||
arp_all_targets | talos.resource.definitions.enums.NethelpersARPAllTargets | ||
primary_index | uint32 | ||
primary_reselect | talos.resource.definitions.enums.NethelpersPrimaryReselect | ||
fail_over_mac | talos.resource.definitions.enums.NethelpersFailOverMAC | ||
ad_select | talos.resource.definitions.enums.NethelpersADSelect | ||
mii_mon | uint32 | ||
up_delay | uint32 | ||
down_delay | uint32 | ||
arp_interval | uint32 | ||
resend_igmp | uint32 | ||
min_links | uint32 | ||
lp_interval | uint32 | ||
packets_per_slave | uint32 | ||
num_peer_notif | fixed32 | ||
tlb_dynamic_lb | fixed32 | ||
all_slaves_active | fixed32 | ||
use_carrier | bool | ||
ad_actor_sys_prio | fixed32 | ||
ad_user_port_key | fixed32 | ||
peer_notify_delay | uint32 |
BondSlave
BondSlave contains a bond’s master name and slave index.
Field | Type | Label | Description |
---|---|---|---|
master_name | string | ||
slave_index | int64 |
BridgeMasterSpec
BridgeMasterSpec describes bridge settings if Kind == “bridge”.
Field | Type | Label | Description |
---|---|---|---|
stp | STPSpec | ||
vlan | BridgeVLANSpec |
BridgeSlave
BridgeSlave contains a bond’s master name and slave index.
Field | Type | Label | Description |
---|---|---|---|
master_name | string |
BridgeVLANSpec
BridgeVLANSpec describes VLAN settings of a bridge.
Field | Type | Label | Description |
---|---|---|---|
filtering_enabled | bool |
DHCP4OperatorSpec
DHCP4OperatorSpec describes DHCP4 operator options.
Field | Type | Label | Description |
---|---|---|---|
route_metric | uint32 | ||
skip_hostname_request | bool |
DHCP6OperatorSpec
DHCP6OperatorSpec describes DHCP6 operator options.
Field | Type | Label | Description |
---|---|---|---|
duid | string | ||
route_metric | uint32 | ||
skip_hostname_request | bool |
DNSResolveCacheSpec
DNSResolveCacheSpec describes DNS servers status.
Field | Type | Label | Description |
---|---|---|---|
status | string |
HardwareAddrSpec
HardwareAddrSpec describes spec for the link.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
hardware_addr | bytes |
HostDNSConfigSpec
HostDNSConfigSpec describes host DNS config.
Field | Type | Label | Description |
---|---|---|---|
enabled | bool | ||
listen_addresses | common.NetIPPort | repeated | |
service_host_dns_address | common.NetIP | ||
resolve_member_names | bool |
HostnameSpecSpec
HostnameSpecSpec describes node hostname.
Field | Type | Label | Description |
---|---|---|---|
hostname | string | ||
domainname | string | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
HostnameStatusSpec
HostnameStatusSpec describes node hostname.
Field | Type | Label | Description |
---|---|---|---|
hostname | string | ||
domainname | string |
LinkRefreshSpec
LinkRefreshSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
generation | int64 |
LinkSpecSpec
LinkSpecSpec describes spec for the link.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
logical | bool | ||
up | bool | ||
mtu | uint32 | ||
kind | string | ||
type | talos.resource.definitions.enums.NethelpersLinkType | ||
parent_name | string | ||
bond_slave | BondSlave | ||
bridge_slave | BridgeSlave | ||
vlan | VLANSpec | ||
bond_master | BondMasterSpec | ||
bridge_master | BridgeMasterSpec | ||
wireguard | WireguardSpec | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
LinkStatusSpec
LinkStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
index | uint32 | ||
type | talos.resource.definitions.enums.NethelpersLinkType | ||
link_index | uint32 | ||
flags | uint32 | ||
hardware_addr | bytes | ||
broadcast_addr | bytes | ||
mtu | uint32 | ||
queue_disc | string | ||
master_index | uint32 | ||
operational_state | talos.resource.definitions.enums.NethelpersOperationalState | ||
kind | string | ||
slave_kind | string | ||
bus_path | string | ||
pciid | string | ||
driver | string | ||
driver_version | string | ||
firmware_version | string | ||
product_id | string | ||
vendor_id | string | ||
product | string | ||
vendor | string | ||
link_state | bool | ||
speed_megabits | int64 | ||
port | talos.resource.definitions.enums.NethelpersPort | ||
duplex | talos.resource.definitions.enums.NethelpersDuplex | ||
vlan | VLANSpec | ||
bridge_master | BridgeMasterSpec | ||
bond_master | BondMasterSpec | ||
wireguard | WireguardSpec | ||
permanent_addr | bytes |
NfTablesAddressMatch
NfTablesAddressMatch describes the match on the IP address.
Field | Type | Label | Description |
---|---|---|---|
include_subnets | common.NetIPPrefix | repeated | |
exclude_subnets | common.NetIPPrefix | repeated | |
invert | bool |
NfTablesChainSpec
NfTablesChainSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
type | string | ||
hook | talos.resource.definitions.enums.NethelpersNfTablesChainHook | ||
priority | talos.resource.definitions.enums.NethelpersNfTablesChainPriority | ||
rules | NfTablesRule | repeated | |
policy | talos.resource.definitions.enums.NethelpersNfTablesVerdict |
NfTablesClampMSS
NfTablesClampMSS describes the TCP MSS clamping operation.
MSS is limited by the MaxMTU
so that:
- IPv4: MSS = MaxMTU - 40
- IPv6: MSS = MaxMTU - 60.
Field | Type | Label | Description |
---|---|---|---|
mtu | fixed32 |
NfTablesConntrackStateMatch
NfTablesConntrackStateMatch describes the match on the connection tracking state.
Field | Type | Label | Description |
---|---|---|---|
states | talos.resource.definitions.enums.NethelpersConntrackState | repeated |
NfTablesIfNameMatch
NfTablesIfNameMatch describes the match on the interface name.
Field | Type | Label | Description |
---|---|---|---|
operator | talos.resource.definitions.enums.NethelpersMatchOperator | ||
interface_names | string | repeated |
NfTablesLayer4Match
NfTablesLayer4Match describes the match on the transport layer protocol.
Field | Type | Label | Description |
---|---|---|---|
protocol | talos.resource.definitions.enums.NethelpersProtocol | ||
match_source_port | NfTablesPortMatch | ||
match_destination_port | NfTablesPortMatch |
NfTablesLimitMatch
NfTablesLimitMatch describes the match on the packet rate.
Field | Type | Label | Description |
---|---|---|---|
packet_rate_per_second | uint64 |
NfTablesMark
NfTablesMark encodes packet mark match/update operation.
When used as a match computes the following condition: (mark & mask) ^ xor == value
When used as an update computes the following operation: mark = (mark & mask) ^ xor.
Field | Type | Label | Description |
---|---|---|---|
mask | uint32 | ||
xor | uint32 | ||
value | uint32 |
NfTablesPortMatch
NfTablesPortMatch describes the match on the transport layer port.
Field | Type | Label | Description |
---|---|---|---|
ranges | PortRange | repeated |
NfTablesRule
NfTablesRule describes a single rule in the nftables chain.
Field | Type | Label | Description |
---|---|---|---|
match_o_if_name | NfTablesIfNameMatch | ||
verdict | talos.resource.definitions.enums.NethelpersNfTablesVerdict | ||
match_mark | NfTablesMark | ||
set_mark | NfTablesMark | ||
match_source_address | NfTablesAddressMatch | ||
match_destination_address | NfTablesAddressMatch | ||
match_layer4 | NfTablesLayer4Match | ||
match_i_if_name | NfTablesIfNameMatch | ||
clamp_mss | NfTablesClampMSS | ||
match_limit | NfTablesLimitMatch | ||
match_conntrack_state | NfTablesConntrackStateMatch | ||
anon_counter | bool |
NodeAddressFilterSpec
NodeAddressFilterSpec describes a filter for NodeAddresses.
Field | Type | Label | Description |
---|---|---|---|
include_subnets | common.NetIPPrefix | repeated | |
exclude_subnets | common.NetIPPrefix | repeated |
NodeAddressSpec
NodeAddressSpec describes a set of node addresses.
Field | Type | Label | Description |
---|---|---|---|
addresses | common.NetIPPrefix | repeated |
OperatorSpecSpec
OperatorSpecSpec describes DNS resolvers.
Field | Type | Label | Description |
---|---|---|---|
operator | talos.resource.definitions.enums.NetworkOperator | ||
link_name | string | ||
require_up | bool | ||
dhcp4 | DHCP4OperatorSpec | ||
dhcp6 | DHCP6OperatorSpec | ||
vip | VIPOperatorSpec | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
PortRange
PortRange describes a range of ports.
Range is [lo, hi].
Field | Type | Label | Description |
---|---|---|---|
lo | fixed32 | ||
hi | fixed32 |
ProbeSpecSpec
ProbeSpecSpec describes the Probe.
Field | Type | Label | Description |
---|---|---|---|
interval | google.protobuf.Duration | ||
failure_threshold | int64 | ||
tcp | TCPProbeSpec | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
ProbeStatusSpec
ProbeStatusSpec describes the Probe.
Field | Type | Label | Description |
---|---|---|---|
success | bool | ||
last_error | string |
ResolverSpecSpec
ResolverSpecSpec describes DNS resolvers.
Field | Type | Label | Description |
---|---|---|---|
dns_servers | common.NetIP | repeated | |
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
ResolverStatusSpec
ResolverStatusSpec describes DNS resolvers.
Field | Type | Label | Description |
---|---|---|---|
dns_servers | common.NetIP | repeated |
RouteSpecSpec
RouteSpecSpec describes the route.
Field | Type | Label | Description |
---|---|---|---|
family | talos.resource.definitions.enums.NethelpersFamily | ||
destination | common.NetIPPrefix | ||
source | common.NetIP | ||
gateway | common.NetIP | ||
out_link_name | string | ||
table | talos.resource.definitions.enums.NethelpersRoutingTable | ||
priority | uint32 | ||
scope | talos.resource.definitions.enums.NethelpersScope | ||
type | talos.resource.definitions.enums.NethelpersRouteType | ||
flags | uint32 | ||
protocol | talos.resource.definitions.enums.NethelpersRouteProtocol | ||
config_layer | talos.resource.definitions.enums.NetworkConfigLayer | ||
mtu | uint32 |
RouteStatusSpec
RouteStatusSpec describes status of rendered secrets.
Field | Type | Label | Description |
---|---|---|---|
family | talos.resource.definitions.enums.NethelpersFamily | ||
destination | common.NetIPPrefix | ||
source | common.NetIP | ||
gateway | common.NetIP | ||
out_link_index | uint32 | ||
out_link_name | string | ||
table | talos.resource.definitions.enums.NethelpersRoutingTable | ||
priority | uint32 | ||
scope | talos.resource.definitions.enums.NethelpersScope | ||
type | talos.resource.definitions.enums.NethelpersRouteType | ||
flags | uint32 | ||
protocol | talos.resource.definitions.enums.NethelpersRouteProtocol | ||
mtu | uint32 |
STPSpec
STPSpec describes Spanning Tree Protocol (STP) settings of a bridge.
Field | Type | Label | Description |
---|---|---|---|
enabled | bool |
StatusSpec
StatusSpec describes network state.
Field | Type | Label | Description |
---|---|---|---|
address_ready | bool | ||
connectivity_ready | bool | ||
hostname_ready | bool | ||
etc_files_ready | bool |
TCPProbeSpec
TCPProbeSpec describes the TCP Probe.
Field | Type | Label | Description |
---|---|---|---|
endpoint | string | ||
timeout | google.protobuf.Duration |
TimeServerSpecSpec
TimeServerSpecSpec describes NTP servers.
Field | Type | Label | Description |
---|---|---|---|
ntp_servers | string | repeated | |
config_layer | talos.resource.definitions.enums.NetworkConfigLayer |
TimeServerStatusSpec
TimeServerStatusSpec describes NTP servers.
Field | Type | Label | Description |
---|---|---|---|
ntp_servers | string | repeated |
VIPEquinixMetalSpec
VIPEquinixMetalSpec describes virtual (elastic) IP settings for Equinix Metal.
Field | Type | Label | Description |
---|---|---|---|
project_id | string | ||
device_id | string | ||
api_token | string |
VIPHCloudSpec
VIPHCloudSpec describes virtual (elastic) IP settings for Hetzner Cloud.
Field | Type | Label | Description |
---|---|---|---|
device_id | int64 | ||
network_id | int64 | ||
api_token | string |
VIPOperatorSpec
VIPOperatorSpec describes virtual IP operator options.
Field | Type | Label | Description |
---|---|---|---|
ip | common.NetIP | ||
gratuitous_arp | bool | ||
equinix_metal | VIPEquinixMetalSpec | ||
h_cloud | VIPHCloudSpec |
VLANSpec
VLANSpec describes VLAN settings if Kind == “vlan”.
Field | Type | Label | Description |
---|---|---|---|
vid | fixed32 | ||
protocol | talos.resource.definitions.enums.NethelpersVLANProtocol |
WireguardPeer
WireguardPeer describes a single peer.
Field | Type | Label | Description |
---|---|---|---|
public_key | string | ||
preshared_key | string | ||
endpoint | string | ||
persistent_keepalive_interval | google.protobuf.Duration | ||
allowed_ips | common.NetIPPrefix | repeated |
WireguardSpec
WireguardSpec describes Wireguard settings if Kind == “wireguard”.
Field | Type | Label | Description |
---|---|---|---|
private_key | string | ||
public_key | string | ||
listen_port | int64 | ||
firewall_mark | int64 | ||
peers | WireguardPeer | repeated |
resource/definitions/perf/perf.proto
CPUSpec
CPUSpec represents the last CPU stats snapshot.
Field | Type | Label | Description |
---|---|---|---|
cpu | CPUStat | repeated | |
cpu_total | CPUStat | ||
irq_total | uint64 | ||
context_switches | uint64 | ||
process_created | uint64 | ||
process_running | uint64 | ||
process_blocked | uint64 | ||
soft_irq_total | uint64 |
CPUStat
CPUStat represents a single cpu stat.
Field | Type | Label | Description |
---|---|---|---|
user | double | ||
nice | double | ||
system | double | ||
idle | double | ||
iowait | double | ||
irq | double | ||
soft_irq | double | ||
steal | double | ||
guest | double | ||
guest_nice | double |
MemorySpec
MemorySpec represents the last Memory stats snapshot.
Field | Type | Label | Description |
---|---|---|---|
mem_total | uint64 | ||
mem_used | uint64 | ||
mem_available | uint64 | ||
buffers | uint64 | ||
cached | uint64 | ||
swap_cached | uint64 | ||
active | uint64 | ||
inactive | uint64 | ||
active_anon | uint64 | ||
inactive_anon | uint64 | ||
active_file | uint64 | ||
inactive_file | uint64 | ||
unevictable | uint64 | ||
mlocked | uint64 | ||
swap_total | uint64 | ||
swap_free | uint64 | ||
dirty | uint64 | ||
writeback | uint64 | ||
anon_pages | uint64 | ||
mapped | uint64 | ||
shmem | uint64 | ||
slab | uint64 | ||
s_reclaimable | uint64 | ||
s_unreclaim | uint64 | ||
kernel_stack | uint64 | ||
page_tables | uint64 | ||
nf_sunstable | uint64 | ||
bounce | uint64 | ||
writeback_tmp | uint64 | ||
commit_limit | uint64 | ||
committed_as | uint64 | ||
vmalloc_total | uint64 | ||
vmalloc_used | uint64 | ||
vmalloc_chunk | uint64 | ||
hardware_corrupted | uint64 | ||
anon_huge_pages | uint64 | ||
shmem_huge_pages | uint64 | ||
shmem_pmd_mapped | uint64 | ||
cma_total | uint64 | ||
cma_free | uint64 | ||
huge_pages_total | uint64 | ||
huge_pages_free | uint64 | ||
huge_pages_rsvd | uint64 | ||
huge_pages_surp | uint64 | ||
hugepagesize | uint64 | ||
direct_map4k | uint64 | ||
direct_map2m | uint64 | ||
direct_map1g | uint64 |
resource/definitions/proto/proto.proto
LinuxIDMapping
LinuxIDMapping specifies UID/GID mappings.
Field | Type | Label | Description |
---|---|---|---|
container_id | uint32 | ||
host_id | uint32 | ||
size | uint32 |
Mount
Mount specifies a mount for a container.
Field | Type | Label | Description |
---|---|---|---|
destination | string | ||
type | string | ||
source | string | ||
options | string | repeated | |
uid_mappings | LinuxIDMapping | repeated | |
gid_mappings | LinuxIDMapping | repeated |
resource/definitions/runtime/runtime.proto
DevicesStatusSpec
DevicesStatusSpec is the spec for devices status.
Field | Type | Label | Description |
---|---|---|---|
ready | bool |
DiagnosticSpec
DiagnosticSpec is the spec for devices status.
Field | Type | Label | Description |
---|---|---|---|
message | string | ||
details | string | repeated |
EventSinkConfigSpec
EventSinkConfigSpec describes configuration of Talos event log streaming.
Field | Type | Label | Description |
---|---|---|---|
endpoint | string |
ExtensionServiceConfigFile
ExtensionServiceConfigFile describes extensions service config files.
Field | Type | Label | Description |
---|---|---|---|
content | string | ||
mount_path | string |
ExtensionServiceConfigSpec
ExtensionServiceConfigSpec describes status of rendered extensions service config files.
Field | Type | Label | Description |
---|---|---|---|
files | ExtensionServiceConfigFile | repeated | |
environment | string | repeated |
ExtensionServiceConfigStatusSpec
ExtensionServiceConfigStatusSpec describes status of rendered extensions service config files.
Field | Type | Label | Description |
---|---|---|---|
spec_version | string |
KernelModuleSpecSpec
KernelModuleSpecSpec describes Linux kernel module to load.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
parameters | string | repeated |
KernelParamSpecSpec
KernelParamSpecSpec describes status of the defined sysctls.
Field | Type | Label | Description |
---|---|---|---|
value | string | ||
ignore_errors | bool |
KernelParamStatusSpec
KernelParamStatusSpec describes status of the defined sysctls.
Field | Type | Label | Description |
---|---|---|---|
current | string | ||
default | string | ||
unsupported | bool |
KmsgLogConfigSpec
KmsgLogConfigSpec describes configuration for kmsg log streaming.
Field | Type | Label | Description |
---|---|---|---|
destinations | common.URL | repeated |
MachineStatusSpec
MachineStatusSpec describes status of the defined sysctls.
Field | Type | Label | Description |
---|---|---|---|
stage | talos.resource.definitions.enums.RuntimeMachineStage | ||
status | MachineStatusStatus |
MachineStatusStatus
MachineStatusStatus describes machine current status at the stage.
Field | Type | Label | Description |
---|---|---|---|
ready | bool | ||
unmet_conditions | UnmetCondition | repeated |
MaintenanceServiceConfigSpec
MaintenanceServiceConfigSpec describes configuration for maintenance service API.
Field | Type | Label | Description |
---|---|---|---|
listen_address | string | ||
reachable_addresses | common.NetIP | repeated |
MetaKeySpec
MetaKeySpec describes status of the defined sysctls.
Field | Type | Label | Description |
---|---|---|---|
value | string |
MetaLoadedSpec
MetaLoadedSpec is the spec for meta loaded. The Done field is always true when resource exists.
Field | Type | Label | Description |
---|---|---|---|
done | bool |
MountStatusSpec
MountStatusSpec describes status of the defined sysctls.
Field | Type | Label | Description |
---|---|---|---|
source | string | ||
target | string | ||
filesystem_type | string | ||
options | string | repeated | |
encrypted | bool | ||
encryption_providers | string | repeated |
PlatformMetadataSpec
PlatformMetadataSpec describes platform metadata properties.
Field | Type | Label | Description |
---|---|---|---|
platform | string | ||
hostname | string | ||
region | string | ||
zone | string | ||
instance_type | string | ||
instance_id | string | ||
provider_id | string | ||
spot | bool | ||
internal_dns | string | ||
external_dns | string |
SecurityStateSpec
SecurityStateSpec describes the security state resource properties.
Field | Type | Label | Description |
---|---|---|---|
secure_boot | bool | ||
uki_signing_key_fingerprint | string | ||
pcr_signing_key_fingerprint | string |
UniqueMachineTokenSpec
UniqueMachineTokenSpec is the spec for the machine unique token. Token can be empty if machine wasn’t assigned any.
Field | Type | Label | Description |
---|---|---|---|
token | string |
UnmetCondition
UnmetCondition is a failure which prevents machine from being ready at the stage.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
reason | string |
WatchdogTimerConfigSpec
WatchdogTimerConfigSpec describes configuration of watchdog timer.
Field | Type | Label | Description |
---|---|---|---|
device | string | ||
timeout | google.protobuf.Duration |
WatchdogTimerStatusSpec
WatchdogTimerStatusSpec describes configuration of watchdog timer.
Field | Type | Label | Description |
---|---|---|---|
device | string | ||
timeout | google.protobuf.Duration | ||
feed_interval | google.protobuf.Duration |
resource/definitions/secrets/secrets.proto
APICertsSpec
APICertsSpec describes etcd certs secrets.
Field | Type | Label | Description |
---|---|---|---|
client | common.PEMEncodedCertificateAndKey | ||
server | common.PEMEncodedCertificateAndKey | ||
accepted_c_as | common.PEMEncodedCertificate | repeated |
CertSANSpec
CertSANSpec describes fields of the cert SANs.
Field | Type | Label | Description |
---|---|---|---|
i_ps | common.NetIP | repeated | |
dns_names | string | repeated | |
fqdn | string |
EtcdCertsSpec
EtcdCertsSpec describes etcd certs secrets.
Field | Type | Label | Description |
---|---|---|---|
etcd | common.PEMEncodedCertificateAndKey | ||
etcd_peer | common.PEMEncodedCertificateAndKey | ||
etcd_admin | common.PEMEncodedCertificateAndKey | ||
etcd_api_server | common.PEMEncodedCertificateAndKey |
EtcdRootSpec
EtcdRootSpec describes etcd CA secrets.
Field | Type | Label | Description |
---|---|---|---|
etcd_ca | common.PEMEncodedCertificateAndKey |
KubeletSpec
KubeletSpec describes root Kubernetes secrets.
Field | Type | Label | Description |
---|---|---|---|
endpoint | common.URL | ||
bootstrap_token_id | string | ||
bootstrap_token_secret | string | ||
accepted_c_as | common.PEMEncodedCertificate | repeated |
KubernetesCertsSpec
KubernetesCertsSpec describes generated Kubernetes certificates.
Field | Type | Label | Description |
---|---|---|---|
scheduler_kubeconfig | string | ||
controller_manager_kubeconfig | string | ||
localhost_admin_kubeconfig | string | ||
admin_kubeconfig | string |
KubernetesDynamicCertsSpec
KubernetesDynamicCertsSpec describes generated KubernetesCerts certificates.
Field | Type | Label | Description |
---|---|---|---|
api_server | common.PEMEncodedCertificateAndKey | ||
api_server_kubelet_client | common.PEMEncodedCertificateAndKey | ||
front_proxy | common.PEMEncodedCertificateAndKey |
KubernetesRootSpec
KubernetesRootSpec describes root Kubernetes secrets.
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
endpoint | common.URL | ||
local_endpoint | common.URL | ||
cert_sa_ns | string | repeated | |
dns_domain | string | ||
issuing_ca | common.PEMEncodedCertificateAndKey | ||
service_account | common.PEMEncodedKey | ||
aggregator_ca | common.PEMEncodedCertificateAndKey | ||
aescbc_encryption_secret | string | ||
bootstrap_token_id | string | ||
bootstrap_token_secret | string | ||
secretbox_encryption_secret | string | ||
api_server_ips | common.NetIP | repeated | |
accepted_c_as | common.PEMEncodedCertificate | repeated |
MaintenanceRootSpec
MaintenanceRootSpec describes maintenance service CA.
Field | Type | Label | Description |
---|---|---|---|
ca | common.PEMEncodedCertificateAndKey |
MaintenanceServiceCertsSpec
MaintenanceServiceCertsSpec describes maintenance service certs secrets.
Field | Type | Label | Description |
---|---|---|---|
ca | common.PEMEncodedCertificateAndKey | ||
server | common.PEMEncodedCertificateAndKey |
OSRootSpec
OSRootSpec describes operating system CA.
Field | Type | Label | Description |
---|---|---|---|
issuing_ca | common.PEMEncodedCertificateAndKey | ||
cert_sani_ps | common.NetIP | repeated | |
cert_sandns_names | string | repeated | |
token | string | ||
accepted_c_as | common.PEMEncodedCertificate | repeated |
TrustdCertsSpec
TrustdCertsSpec describes etcd certs secrets.
Field | Type | Label | Description |
---|---|---|---|
server | common.PEMEncodedCertificateAndKey | ||
accepted_c_as | common.PEMEncodedCertificate | repeated |
resource/definitions/siderolink/siderolink.proto
ConfigSpec
ConfigSpec describes Siderolink configuration.
Field | Type | Label | Description |
---|---|---|---|
api_endpoint | string | ||
host | string | ||
join_token | string | ||
insecure | bool | ||
tunnel | bool |
StatusSpec
StatusSpec describes Siderolink status.
Field | Type | Label | Description |
---|---|---|---|
host | string | ||
connected | bool |
TunnelSpec
TunnelSpec describes Siderolink GRPC Tunnel configuration.
Field | Type | Label | Description |
---|---|---|---|
api_endpoint | string | ||
link_name | string | ||
mtu | int64 | ||
node_address | common.NetIPPort |
resource/definitions/time/time.proto
AdjtimeStatusSpec
AdjtimeStatusSpec describes Linux internal adjtime state.
Field | Type | Label | Description |
---|---|---|---|
offset | google.protobuf.Duration | ||
frequency_adjustment_ratio | double | ||
max_error | google.protobuf.Duration | ||
est_error | google.protobuf.Duration | ||
status | string | ||
constant | int64 | ||
sync_status | bool | ||
state | string |
StatusSpec
StatusSpec describes time sync state.
Field | Type | Label | Description |
---|---|---|---|
synced | bool | ||
epoch | int64 | ||
sync_disabled | bool |
resource/definitions/v1alpha1/v1alpha1.proto
ServiceSpec
ServiceSpec describe service state.
Field | Type | Label | Description |
---|---|---|---|
running | bool | ||
healthy | bool | ||
unknown | bool |
inspect/inspect.proto
ControllerDependencyEdge
Field | Type | Label | Description |
---|---|---|---|
controller_name | string | ||
edge_type | DependencyEdgeType | ||
resource_namespace | string | ||
resource_type | string | ||
resource_id | string |
ControllerRuntimeDependenciesResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ControllerRuntimeDependency | repeated |
ControllerRuntimeDependency
The ControllerRuntimeDependency message contains the graph of controller-resource dependencies.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
edges | ControllerDependencyEdge | repeated |
DependencyEdgeType
Name | Number | Description |
---|---|---|
OUTPUT_EXCLUSIVE | 0 | |
OUTPUT_SHARED | 3 | |
INPUT_STRONG | 1 | |
INPUT_WEAK | 2 | |
INPUT_DESTROY_READY | 4 |
InspectService
The inspect service definition.
InspectService provides auxiliary API to inspect OS internals.
Method Name | Request Type | Response Type | Description |
---|---|---|---|
ControllerRuntimeDependencies | .google.protobuf.Empty | ControllerRuntimeDependenciesResponse |
machine/machine.proto
AddressEvent
AddressEvent reports node endpoints aggregated from k8s.Endpoints and network.Hostname.
Field | Type | Label | Description |
---|---|---|---|
hostname | string | ||
addresses | string | repeated |
ApplyConfiguration
ApplyConfigurationResponse describes the response to a configuration request.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
warnings | string | repeated | Configuration validation warnings. |
mode | ApplyConfigurationRequest.Mode | States which mode was actually chosen. | |
mode_details | string | Human-readable message explaining the result of the apply configuration call. |
ApplyConfigurationRequest
rpc applyConfiguration ApplyConfiguration describes a request to assert a new configuration upon a node.
Field | Type | Label | Description |
---|---|---|---|
data | bytes | ||
mode | ApplyConfigurationRequest.Mode | ||
dry_run | bool | ||
try_mode_timeout | google.protobuf.Duration |
ApplyConfigurationResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ApplyConfiguration | repeated |
BPFInstruction
Field | Type | Label | Description |
---|---|---|---|
op | uint32 | ||
jt | uint32 | ||
jf | uint32 | ||
k | uint32 |
Bootstrap
The bootstrap message containing the bootstrap status.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
BootstrapRequest
rpc Bootstrap
Field | Type | Label | Description |
---|---|---|---|
recover_etcd | bool | Enable etcd recovery from the snapshot. Snapshot should be uploaded before this call via EtcdRecover RPC. | |
recover_skip_hash_check | bool | Skip hash check on the snapshot (etcd). Enable this when recovering from data directory copy to skip integrity check. |
BootstrapResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Bootstrap | repeated |
CNIConfig
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
urls | string | repeated |
CPUInfo
Field | Type | Label | Description |
---|---|---|---|
processor | uint32 | ||
vendor_id | string | ||
cpu_family | string | ||
model | string | ||
model_name | string | ||
stepping | string | ||
microcode | string | ||
cpu_mhz | double | ||
cache_size | string | ||
physical_id | string | ||
siblings | uint32 | ||
core_id | string | ||
cpu_cores | uint32 | ||
apic_id | string | ||
initial_apic_id | string | ||
fpu | string | ||
fpu_exception | string | ||
cpu_id_level | uint32 | ||
wp | string | ||
flags | string | repeated | |
bugs | string | repeated | |
bogo_mips | double | ||
cl_flush_size | uint32 | ||
cache_alignment | uint32 | ||
address_sizes | string | ||
power_management | string |
CPUInfoResponse
Field | Type | Label | Description |
---|---|---|---|
messages | CPUsInfo | repeated |
CPUStat
Field | Type | Label | Description |
---|---|---|---|
user | double | ||
nice | double | ||
system | double | ||
idle | double | ||
iowait | double | ||
irq | double | ||
soft_irq | double | ||
steal | double | ||
guest | double | ||
guest_nice | double |
CPUsInfo
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
cpu_info | CPUInfo | repeated |
ClusterConfig
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
control_plane | ControlPlaneConfig | ||
cluster_network | ClusterNetworkConfig | ||
allow_scheduling_on_control_planes | bool |
ClusterNetworkConfig
Field | Type | Label | Description |
---|---|---|---|
dns_domain | string | ||
cni_config | CNIConfig |
ConfigLoadErrorEvent
ConfigLoadErrorEvent is reported when the config loading has failed.
Field | Type | Label | Description |
---|---|---|---|
error | string |
ConfigValidationErrorEvent
ConfigValidationErrorEvent is reported when config validation has failed.
Field | Type | Label | Description |
---|---|---|---|
error | string |
ConnectRecord
Field | Type | Label | Description |
---|---|---|---|
l4proto | string | ||
localip | string | ||
localport | uint32 | ||
remoteip | string | ||
remoteport | uint32 | ||
state | ConnectRecord.State | ||
txqueue | uint64 | ||
rxqueue | uint64 | ||
tr | ConnectRecord.TimerActive | ||
timerwhen | uint64 | ||
retrnsmt | uint64 | ||
uid | uint32 | ||
timeout | uint64 | ||
inode | uint64 | ||
ref | uint64 | ||
pointer | uint64 | ||
process | ConnectRecord.Process | ||
netns | string |
ConnectRecord.Process
Field | Type | Label | Description |
---|---|---|---|
pid | uint32 | ||
name | string |
Container
The messages message containing the requested containers.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
containers | ContainerInfo | repeated |
ContainerInfo
The messages message containing the requested containers.
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
id | string | ||
image | string | ||
pid | uint32 | ||
status | string | ||
pod_id | string | ||
name | string | ||
network_namespace | string |
ContainersRequest
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
driver | common.ContainerDriver | driver might be default “containerd” or “cri” |
ContainersResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Container | repeated |
ControlPlaneConfig
Field | Type | Label | Description |
---|---|---|---|
endpoint | string |
CopyRequest
CopyRequest describes a request to copy data out of Talos node
Copy produces .tar.gz archive which is streamed back to the caller
Field | Type | Label | Description |
---|---|---|---|
root_path | string | Root path to start copying data out, it might be either a file or directory |
DHCPOptionsConfig
Field | Type | Label | Description |
---|---|---|---|
route_metric | uint32 |
DiskStat
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
read_completed | uint64 | ||
read_merged | uint64 | ||
read_sectors | uint64 | ||
read_time_ms | uint64 | ||
write_completed | uint64 | ||
write_merged | uint64 | ||
write_sectors | uint64 | ||
write_time_ms | uint64 | ||
io_in_progress | uint64 | ||
io_time_ms | uint64 | ||
io_time_weighted_ms | uint64 | ||
discard_completed | uint64 | ||
discard_merged | uint64 | ||
discard_sectors | uint64 | ||
discard_time_ms | uint64 |
DiskStats
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
total | DiskStat | ||
devices | DiskStat | repeated |
DiskStatsResponse
Field | Type | Label | Description |
---|---|---|---|
messages | DiskStats | repeated |
DiskUsageInfo
DiskUsageInfo describes a file or directory’s information for du command
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
name | string | Name is the name (including prefixed path) of the file or directory | |
size | int64 | Size indicates the number of bytes contained within the file | |
error | string | Error describes any error encountered while trying to read the file information. | |
relative_name | string | RelativeName is the name of the file or directory relative to the RootPath |
DiskUsageRequest
DiskUsageRequest describes a request to list disk usage of directories and regular files
Field | Type | Label | Description |
---|---|---|---|
recursion_depth | int32 | RecursionDepth indicates how many levels of subdirectories should be recursed. The default (0) indicates that no limit should be enforced. | |
all | bool | All write sizes for all files, not just directories. | |
threshold | int64 | Threshold exclude entries smaller than SIZE if positive, or entries greater than SIZE if negative. | |
paths | string | repeated | DiskUsagePaths is the list of directories to calculate disk usage for. |
DmesgRequest
dmesg
Field | Type | Label | Description |
---|---|---|---|
follow | bool | ||
tail | bool |
EtcdAlarm
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
member_alarms | EtcdMemberAlarm | repeated |
EtcdAlarmDisarm
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
member_alarms | EtcdMemberAlarm | repeated |
EtcdAlarmDisarmResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdAlarmDisarm | repeated |
EtcdAlarmListResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdAlarm | repeated |
EtcdDefragment
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
EtcdDefragmentResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdDefragment | repeated |
EtcdForfeitLeadership
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
member | string |
EtcdForfeitLeadershipRequest
EtcdForfeitLeadershipResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdForfeitLeadership | repeated |
EtcdLeaveCluster
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
EtcdLeaveClusterRequest
EtcdLeaveClusterResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdLeaveCluster | repeated |
EtcdMember
EtcdMember describes a single etcd member.
Field | Type | Label | Description |
---|---|---|---|
id | uint64 | member ID. | |
hostname | string | human-readable name of the member. | |
peer_urls | string | repeated | the list of URLs the member exposes to clients for communication. |
client_urls | string | repeated | the list of URLs the member exposes to the cluster for communication. |
is_learner | bool | learner flag |
EtcdMemberAlarm
Field | Type | Label | Description |
---|---|---|---|
member_id | uint64 | ||
alarm | EtcdMemberAlarm.AlarmType |
EtcdMemberListRequest
Field | Type | Label | Description |
---|---|---|---|
query_local | bool |
EtcdMemberListResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdMembers | repeated |
EtcdMemberStatus
Field | Type | Label | Description |
---|---|---|---|
member_id | uint64 | ||
protocol_version | string | ||
db_size | int64 | ||
db_size_in_use | int64 | ||
leader | uint64 | ||
raft_index | uint64 | ||
raft_term | uint64 | ||
raft_applied_index | uint64 | ||
errors | string | repeated | |
is_learner | bool |
EtcdMembers
EtcdMembers contains the list of members registered on the host.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
legacy_members | string | repeated | list of member hostnames. |
members | EtcdMember | repeated | the list of etcd members registered on the node. |
EtcdRecover
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
EtcdRecoverResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdRecover | repeated |
EtcdRemoveMember
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
EtcdRemoveMemberByID
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
EtcdRemoveMemberByIDRequest
Field | Type | Label | Description |
---|---|---|---|
member_id | uint64 |
EtcdRemoveMemberByIDResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdRemoveMemberByID | repeated |
EtcdRemoveMemberRequest
Field | Type | Label | Description |
---|---|---|---|
member | string |
EtcdRemoveMemberResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdRemoveMember | repeated |
EtcdSnapshotRequest
EtcdStatus
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
member_status | EtcdMemberStatus |
EtcdStatusResponse
Field | Type | Label | Description |
---|---|---|---|
messages | EtcdStatus | repeated |
Event
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
data | google.protobuf.Any | ||
id | string | ||
actor_id | string |
EventsRequest
Field | Type | Label | Description |
---|---|---|---|
tail_events | int32 | ||
tail_id | string | ||
tail_seconds | int32 | ||
with_actor_id | string |
FeaturesInfo
FeaturesInfo describes individual Talos features that can be switched on or off.
Field | Type | Label | Description |
---|---|---|---|
rbac | bool | RBAC is true if role-based access control is enabled. |
FileInfo
FileInfo describes a file or directory’s information
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
name | string | Name is the name (including prefixed path) of the file or directory | |
size | int64 | Size indicates the number of bytes contained within the file | |
mode | uint32 | Mode is the bitmap of UNIX mode/permission flags of the file | |
modified | int64 | Modified indicates the UNIX timestamp at which the file was last modified | |
is_dir | bool | IsDir indicates that the file is a directory | |
error | string | Error describes any error encountered while trying to read the file information. | |
link | string | Link is filled with symlink target | |
relative_name | string | RelativeName is the name of the file or directory relative to the RootPath | |
uid | uint32 | Owner uid | |
gid | uint32 | Owner gid | |
xattrs | Xattr | repeated | Extended attributes (if present and requested) |
GenerateClientConfiguration
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
ca | bytes | PEM-encoded CA certificate. | |
crt | bytes | PEM-encoded generated client certificate. | |
key | bytes | PEM-encoded generated client key. | |
talosconfig | bytes | Client configuration (talosconfig) file content. |
GenerateClientConfigurationRequest
Field | Type | Label | Description |
---|---|---|---|
roles | string | repeated | Roles in the generated client certificate. |
crt_ttl | google.protobuf.Duration | Client certificate TTL. |
GenerateClientConfigurationResponse
Field | Type | Label | Description |
---|---|---|---|
messages | GenerateClientConfiguration | repeated |
GenerateConfiguration
GenerateConfiguration describes the response to a generate configuration request.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
data | bytes | repeated | |
talosconfig | bytes |
GenerateConfigurationRequest
GenerateConfigurationRequest describes a request to generate a new configuration on a node.
Field | Type | Label | Description |
---|---|---|---|
config_version | string | ||
cluster_config | ClusterConfig | ||
machine_config | MachineConfig | ||
override_time | google.protobuf.Timestamp |
GenerateConfigurationResponse
Field | Type | Label | Description |
---|---|---|---|
messages | GenerateConfiguration | repeated |
Hostname
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
hostname | string |
HostnameResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Hostname | repeated |
ImageListRequest
Field | Type | Label | Description |
---|---|---|---|
namespace | common.ContainerdNamespace | Containerd namespace to use. |
ImageListResponse
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
name | string | ||
digest | string | ||
size | int64 | ||
created_at | google.protobuf.Timestamp |
ImagePull
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
ImagePullRequest
Field | Type | Label | Description |
---|---|---|---|
namespace | common.ContainerdNamespace | Containerd namespace to use. | |
reference | string | Image reference to pull. |
ImagePullResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ImagePull | repeated |
InstallConfig
Field | Type | Label | Description |
---|---|---|---|
install_disk | string | ||
install_image | string |
ListRequest
ListRequest describes a request to list the contents of a directory.
Field | Type | Label | Description |
---|---|---|---|
root | string | Root indicates the root directory for the list. If not indicated, ‘/’ is presumed. | |
recurse | bool | Recurse indicates that subdirectories should be recursed. | |
recursion_depth | int32 | RecursionDepth indicates how many levels of subdirectories should be recursed. The default (0) indicates that no limit should be enforced. | |
types | ListRequest.Type | repeated | Types indicates what file type should be returned. If not indicated, all files will be returned. |
report_xattrs | bool | Report xattrs |
LoadAvg
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
load1 | double | ||
load5 | double | ||
load15 | double |
LoadAvgResponse
Field | Type | Label | Description |
---|---|---|---|
messages | LoadAvg | repeated |
LogsContainer
LogsContainer desribes all avalaible registered log containers.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
ids | string | repeated |
LogsContainersResponse
Field | Type | Label | Description |
---|---|---|---|
messages | LogsContainer | repeated |
LogsRequest
rpc logs The request message containing the process name.
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
id | string | ||
driver | common.ContainerDriver | driver might be default “containerd” or “cri” | |
follow | bool | ||
tail_lines | int32 |
MachineConfig
Field | Type | Label | Description |
---|---|---|---|
type | MachineConfig.MachineType | ||
install_config | InstallConfig | ||
network_config | NetworkConfig | ||
kubernetes_version | string |
MachineStatusEvent
MachineStatusEvent reports changes to the MachineStatus resource.
Field | Type | Label | Description |
---|---|---|---|
stage | MachineStatusEvent.MachineStage | ||
status | MachineStatusEvent.MachineStatus |
MachineStatusEvent.MachineStatus
Field | Type | Label | Description |
---|---|---|---|
ready | bool | ||
unmet_conditions | MachineStatusEvent.MachineStatus.UnmetCondition | repeated |
MachineStatusEvent.MachineStatus.UnmetCondition
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
reason | string |
MemInfo
Field | Type | Label | Description |
---|---|---|---|
memtotal | uint64 | ||
memfree | uint64 | ||
memavailable | uint64 | ||
buffers | uint64 | ||
cached | uint64 | ||
swapcached | uint64 | ||
active | uint64 | ||
inactive | uint64 | ||
activeanon | uint64 | ||
inactiveanon | uint64 | ||
activefile | uint64 | ||
inactivefile | uint64 | ||
unevictable | uint64 | ||
mlocked | uint64 | ||
swaptotal | uint64 | ||
swapfree | uint64 | ||
dirty | uint64 | ||
writeback | uint64 | ||
anonpages | uint64 | ||
mapped | uint64 | ||
shmem | uint64 | ||
slab | uint64 | ||
sreclaimable | uint64 | ||
sunreclaim | uint64 | ||
kernelstack | uint64 | ||
pagetables | uint64 | ||
nfsunstable | uint64 | ||
bounce | uint64 | ||
writebacktmp | uint64 | ||
commitlimit | uint64 | ||
committedas | uint64 | ||
vmalloctotal | uint64 | ||
vmallocused | uint64 | ||
vmallocchunk | uint64 | ||
hardwarecorrupted | uint64 | ||
anonhugepages | uint64 | ||
shmemhugepages | uint64 | ||
shmempmdmapped | uint64 | ||
cmatotal | uint64 | ||
cmafree | uint64 | ||
hugepagestotal | uint64 | ||
hugepagesfree | uint64 | ||
hugepagesrsvd | uint64 | ||
hugepagessurp | uint64 | ||
hugepagesize | uint64 | ||
directmap4k | uint64 | ||
directmap2m | uint64 | ||
directmap1g | uint64 |
Memory
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
meminfo | MemInfo |
MemoryResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Memory | repeated |
MetaDelete
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
MetaDeleteRequest
Field | Type | Label | Description |
---|---|---|---|
key | uint32 |
MetaDeleteResponse
Field | Type | Label | Description |
---|---|---|---|
messages | MetaDelete | repeated |
MetaWrite
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
MetaWriteRequest
Field | Type | Label | Description |
---|---|---|---|
key | uint32 | ||
value | bytes |
MetaWriteResponse
Field | Type | Label | Description |
---|---|---|---|
messages | MetaWrite | repeated |
MountStat
The messages message containing the requested processes.
Field | Type | Label | Description |
---|---|---|---|
filesystem | string | ||
size | uint64 | ||
available | uint64 | ||
mounted_on | string |
Mounts
The messages message containing the requested df stats.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
stats | MountStat | repeated |
MountsResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Mounts | repeated |
NetDev
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
rx_bytes | uint64 | ||
rx_packets | uint64 | ||
rx_errors | uint64 | ||
rx_dropped | uint64 | ||
rx_fifo | uint64 | ||
rx_frame | uint64 | ||
rx_compressed | uint64 | ||
rx_multicast | uint64 | ||
tx_bytes | uint64 | ||
tx_packets | uint64 | ||
tx_errors | uint64 | ||
tx_dropped | uint64 | ||
tx_fifo | uint64 | ||
tx_collisions | uint64 | ||
tx_carrier | uint64 | ||
tx_compressed | uint64 |
Netstat
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
connectrecord | ConnectRecord | repeated |
NetstatRequest
Field | Type | Label | Description |
---|---|---|---|
filter | NetstatRequest.Filter | ||
feature | NetstatRequest.Feature | ||
l4proto | NetstatRequest.L4proto | ||
netns | NetstatRequest.NetNS |
NetstatRequest.Feature
Field | Type | Label | Description |
---|---|---|---|
pid | bool |
NetstatRequest.L4proto
Field | Type | Label | Description |
---|---|---|---|
tcp | bool | ||
tcp6 | bool | ||
udp | bool | ||
udp6 | bool | ||
udplite | bool | ||
udplite6 | bool | ||
raw | bool | ||
raw6 | bool |
NetstatRequest.NetNS
Field | Type | Label | Description |
---|---|---|---|
hostnetwork | bool | ||
netns | string | repeated | |
allnetns | bool |
NetstatResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Netstat | repeated |
NetworkConfig
Field | Type | Label | Description |
---|---|---|---|
hostname | string | ||
interfaces | NetworkDeviceConfig | repeated |
NetworkDeviceConfig
Field | Type | Label | Description |
---|---|---|---|
interface | string | ||
cidr | string | ||
mtu | int32 | ||
dhcp | bool | ||
ignore | bool | ||
dhcp_options | DHCPOptionsConfig | ||
routes | RouteConfig | repeated |
NetworkDeviceStats
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
total | NetDev | ||
devices | NetDev | repeated |
NetworkDeviceStatsResponse
Field | Type | Label | Description |
---|---|---|---|
messages | NetworkDeviceStats | repeated |
PacketCaptureRequest
Field | Type | Label | Description |
---|---|---|---|
interface | string | Interface name to perform packet capture on. | |
promiscuous | bool | Enable promiscuous mode. | |
snap_len | uint32 | Snap length in bytes. | |
bpf_filter | BPFInstruction | repeated | BPF filter. |
PhaseEvent
Field | Type | Label | Description |
---|---|---|---|
phase | string | ||
action | PhaseEvent.Action |
PlatformInfo
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
mode | string |
Process
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
processes | ProcessInfo | repeated |
ProcessInfo
Field | Type | Label | Description |
---|---|---|---|
pid | int32 | ||
ppid | int32 | ||
state | string | ||
threads | int32 | ||
cpu_time | double | ||
virtual_memory | uint64 | ||
resident_memory | uint64 | ||
command | string | ||
executable | string | ||
args | string | ||
label | string |
ProcessesResponse
rpc processes
Field | Type | Label | Description |
---|---|---|---|
messages | Process | repeated |
ReadRequest
Field | Type | Label | Description |
---|---|---|---|
path | string |
Reboot
The reboot message containing the reboot status.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
actor_id | string |
RebootRequest
rpc reboot
Field | Type | Label | Description |
---|---|---|---|
mode | RebootRequest.Mode |
RebootResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Reboot | repeated |
Reset
The reset message containing the restart status.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
actor_id | string |
ResetPartitionSpec
rpc reset
Field | Type | Label | Description |
---|---|---|---|
label | string | ||
wipe | bool |
ResetRequest
Field | Type | Label | Description |
---|---|---|---|
graceful | bool | Graceful indicates whether node should leave etcd before the upgrade, it also enforces etcd checks before leaving. | |
reboot | bool | Reboot indicates whether node should reboot or halt after resetting. | |
system_partitions_to_wipe | ResetPartitionSpec | repeated | System_partitions_to_wipe lists specific system disk partitions to be reset (wiped). If system_partitions_to_wipe is empty, all the partitions are erased. |
user_disks_to_wipe | string | repeated | UserDisksToWipe lists specific connected block devices to be reset (wiped). |
mode | ResetRequest.WipeMode | WipeMode defines which devices should be wiped. |
ResetResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Reset | repeated |
Restart
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
RestartEvent
Field | Type | Label | Description |
---|---|---|---|
cmd | int64 |
RestartRequest
rpc restart The request message containing the process to restart.
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
id | string | ||
driver | common.ContainerDriver | driver might be default “containerd” or “cri” |
RestartResponse
The messages message containing the restart status.
Field | Type | Label | Description |
---|---|---|---|
messages | Restart | repeated |
Rollback
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata |
RollbackRequest
rpc rollback
RollbackResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Rollback | repeated |
RouteConfig
Field | Type | Label | Description |
---|---|---|---|
network | string | ||
gateway | string | ||
metric | uint32 |
SequenceEvent
rpc events
Field | Type | Label | Description |
---|---|---|---|
sequence | string | ||
action | SequenceEvent.Action | ||
error | common.Error |
ServiceEvent
Field | Type | Label | Description |
---|---|---|---|
msg | string | ||
state | string | ||
ts | google.protobuf.Timestamp |
ServiceEvents
Field | Type | Label | Description |
---|---|---|---|
events | ServiceEvent | repeated |
ServiceHealth
Field | Type | Label | Description |
---|---|---|---|
unknown | bool | ||
healthy | bool | ||
last_message | string | ||
last_change | google.protobuf.Timestamp |
ServiceInfo
Field | Type | Label | Description |
---|---|---|---|
id | string | ||
state | string | ||
events | ServiceEvents | ||
health | ServiceHealth |
ServiceList
rpc servicelist
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
services | ServiceInfo | repeated |
ServiceListResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ServiceList | repeated |
ServiceRestart
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
resp | string |
ServiceRestartRequest
Field | Type | Label | Description |
---|---|---|---|
id | string |
ServiceRestartResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ServiceRestart | repeated |
ServiceStart
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
resp | string |
ServiceStartRequest
rpc servicestart
Field | Type | Label | Description |
---|---|---|---|
id | string |
ServiceStartResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ServiceStart | repeated |
ServiceStateEvent
Field | Type | Label | Description |
---|---|---|---|
service | string | ||
action | ServiceStateEvent.Action | ||
message | string | ||
health | ServiceHealth |
ServiceStop
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
resp | string |
ServiceStopRequest
Field | Type | Label | Description |
---|---|---|---|
id | string |
ServiceStopResponse
Field | Type | Label | Description |
---|---|---|---|
messages | ServiceStop | repeated |
Shutdown
rpc shutdown The messages message containing the shutdown status.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
actor_id | string |
ShutdownRequest
Field | Type | Label | Description |
---|---|---|---|
force | bool | Force indicates whether node should shutdown without first cordening and draining |
ShutdownResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Shutdown | repeated |
SoftIRQStat
Field | Type | Label | Description |
---|---|---|---|
hi | uint64 | ||
timer | uint64 | ||
net_tx | uint64 | ||
net_rx | uint64 | ||
block | uint64 | ||
block_io_poll | uint64 | ||
tasklet | uint64 | ||
sched | uint64 | ||
hrtimer | uint64 | ||
rcu | uint64 |
Stat
The messages message containing the requested stat.
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
id | string | ||
memory_usage | uint64 | ||
cpu_usage | uint64 | ||
pod_id | string | ||
name | string |
Stats
The messages message containing the requested stats.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
stats | Stat | repeated |
StatsRequest
The request message containing the containerd namespace.
Field | Type | Label | Description |
---|---|---|---|
namespace | string | ||
driver | common.ContainerDriver | driver might be default “containerd” or “cri” |
StatsResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Stats | repeated |
SystemStat
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
boot_time | uint64 | ||
cpu_total | CPUStat | ||
cpu | CPUStat | repeated | |
irq_total | uint64 | ||
irq | uint64 | repeated | |
context_switches | uint64 | ||
process_created | uint64 | ||
process_running | uint64 | ||
process_blocked | uint64 | ||
soft_irq_total | uint64 | ||
soft_irq | SoftIRQStat |
SystemStatResponse
Field | Type | Label | Description |
---|---|---|---|
messages | SystemStat | repeated |
TaskEvent
Field | Type | Label | Description |
---|---|---|---|
task | string | ||
action | TaskEvent.Action |
Upgrade
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
ack | string | ||
actor_id | string |
UpgradeRequest
rpc upgrade
Field | Type | Label | Description |
---|---|---|---|
image | string | ||
preserve | bool | ||
stage | bool | ||
force | bool | ||
reboot_mode | UpgradeRequest.RebootMode |
UpgradeResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Upgrade | repeated |
Version
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
version | VersionInfo | ||
platform | PlatformInfo | ||
features | FeaturesInfo | Features describe individual Talos features that can be switched on or off. |
VersionInfo
Field | Type | Label | Description |
---|---|---|---|
tag | string | ||
sha | string | ||
built | string | ||
go_version | string | ||
os | string | ||
arch | string |
VersionResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Version | repeated |
Xattr
Field | Type | Label | Description |
---|---|---|---|
name | string | ||
data | bytes |
ApplyConfigurationRequest.Mode
Name | Number | Description |
---|---|---|
REBOOT | 0 | |
AUTO | 1 | |
NO_REBOOT | 2 | |
STAGED | 3 | |
TRY | 4 |
ConnectRecord.State
Name | Number | Description |
---|---|---|
RESERVED | 0 | |
ESTABLISHED | 1 | |
SYN_SENT | 2 | |
SYN_RECV | 3 | |
FIN_WAIT1 | 4 | |
FIN_WAIT2 | 5 | |
TIME_WAIT | 6 | |
CLOSE | 7 | |
CLOSEWAIT | 8 | |
LASTACK | 9 | |
LISTEN | 10 | |
CLOSING | 11 |
ConnectRecord.TimerActive
Name | Number | Description |
---|---|---|
OFF | 0 | |
ON | 1 | |
KEEPALIVE | 2 | |
TIMEWAIT | 3 | |
PROBE | 4 |
EtcdMemberAlarm.AlarmType
Name | Number | Description |
---|---|---|
NONE | 0 | |
NOSPACE | 1 | |
CORRUPT | 2 |
ListRequest.Type
File type.
Name | Number | Description |
---|---|---|
REGULAR | 0 | Regular file (not directory, symlink, etc). |
DIRECTORY | 1 | Directory. |
SYMLINK | 2 | Symbolic link. |
MachineConfig.MachineType
Name | Number | Description |
---|---|---|
TYPE_UNKNOWN | 0 | |
TYPE_INIT | 1 | |
TYPE_CONTROL_PLANE | 2 | |
TYPE_WORKER | 3 |
MachineStatusEvent.MachineStage
Name | Number | Description |
---|---|---|
UNKNOWN | 0 | |
BOOTING | 1 | |
INSTALLING | 2 | |
MAINTENANCE | 3 | |
RUNNING | 4 | |
REBOOTING | 5 | |
SHUTTING_DOWN | 6 | |
RESETTING | 7 | |
UPGRADING | 8 |
NetstatRequest.Filter
Name | Number | Description |
---|---|---|
ALL | 0 | |
CONNECTED | 1 | |
LISTENING | 2 |
PhaseEvent.Action
Name | Number | Description |
---|---|---|
START | 0 | |
STOP | 1 |
RebootRequest.Mode
Name | Number | Description |
---|---|---|
DEFAULT | 0 | |
POWERCYCLE | 1 |
ResetRequest.WipeMode
Name | Number | Description |
---|---|---|
ALL | 0 | |
SYSTEM_DISK | 1 | |
USER_DISKS | 2 |
SequenceEvent.Action
Name | Number | Description |
---|---|---|
NOOP | 0 | |
START | 1 | |
STOP | 2 |
ServiceStateEvent.Action
Name | Number | Description |
---|---|---|
INITIALIZED | 0 | |
PREPARING | 1 | |
WAITING | 2 | |
RUNNING | 3 | |
STOPPING | 4 | |
FINISHED | 5 | |
FAILED | 6 | |
SKIPPED | 7 | |
STARTING | 8 |
TaskEvent.Action
Name | Number | Description |
---|---|---|
START | 0 | |
STOP | 1 |
UpgradeRequest.RebootMode
Name | Number | Description |
---|---|---|
DEFAULT | 0 | |
POWERCYCLE | 1 |
MachineService
The machine service definition.
Method Name | Request Type | Response Type | Description |
---|---|---|---|
ApplyConfiguration | ApplyConfigurationRequest | ApplyConfigurationResponse | |
Bootstrap | BootstrapRequest | BootstrapResponse | Bootstrap method makes control plane node enter etcd bootstrap mode. Node aborts etcd join sequence and creates single-node etcd cluster. If recover_etcd argument is specified, etcd is recovered from a snapshot uploaded with EtcdRecover. |
Containers | ContainersRequest | ContainersResponse | |
Copy | CopyRequest | .common.Data stream | |
CPUInfo | .google.protobuf.Empty | CPUInfoResponse | |
DiskStats | .google.protobuf.Empty | DiskStatsResponse | |
Dmesg | DmesgRequest | .common.Data stream | |
Events | EventsRequest | Event stream | |
EtcdMemberList | EtcdMemberListRequest | EtcdMemberListResponse | |
EtcdRemoveMemberByID | EtcdRemoveMemberByIDRequest | EtcdRemoveMemberByIDResponse | EtcdRemoveMemberByID removes a member from the etcd cluster identified by member ID. This API should be used to remove members which don’t have an associated Talos node anymore. To remove a member with a running Talos node, use EtcdLeaveCluster API on the node to be removed. |
EtcdLeaveCluster | EtcdLeaveClusterRequest | EtcdLeaveClusterResponse | |
EtcdForfeitLeadership | EtcdForfeitLeadershipRequest | EtcdForfeitLeadershipResponse | |
EtcdRecover | .common.Data stream | EtcdRecoverResponse | EtcdRecover method uploads etcd data snapshot created with EtcdSnapshot to the node. Snapshot can be later used to recover the cluster via Bootstrap method. |
EtcdSnapshot | EtcdSnapshotRequest | .common.Data stream | EtcdSnapshot method creates etcd data snapshot (backup) from the local etcd instance and streams it back to the client. This method is available only on control plane nodes (which run etcd). |
EtcdAlarmList | .google.protobuf.Empty | EtcdAlarmListResponse | EtcdAlarmList lists etcd alarms for the current node. This method is available only on control plane nodes (which run etcd). |
EtcdAlarmDisarm | .google.protobuf.Empty | EtcdAlarmDisarmResponse | EtcdAlarmDisarm disarms etcd alarms for the current node. This method is available only on control plane nodes (which run etcd). |
EtcdDefragment | .google.protobuf.Empty | EtcdDefragmentResponse | EtcdDefragment defragments etcd data directory for the current node. Defragmentation is a resource-heavy operation, so it should only run on a specific node. This method is available only on control plane nodes (which run etcd). |
EtcdStatus | .google.protobuf.Empty | EtcdStatusResponse | EtcdStatus returns etcd status for the current member. This method is available only on control plane nodes (which run etcd). |
GenerateConfiguration | GenerateConfigurationRequest | GenerateConfigurationResponse | |
Hostname | .google.protobuf.Empty | HostnameResponse | |
Kubeconfig | .google.protobuf.Empty | .common.Data stream | |
List | ListRequest | FileInfo stream | |
DiskUsage | DiskUsageRequest | DiskUsageInfo stream | |
LoadAvg | .google.protobuf.Empty | LoadAvgResponse | |
Logs | LogsRequest | .common.Data stream | |
LogsContainers | .google.protobuf.Empty | LogsContainersResponse | |
Memory | .google.protobuf.Empty | MemoryResponse | |
Mounts | .google.protobuf.Empty | MountsResponse | |
NetworkDeviceStats | .google.protobuf.Empty | NetworkDeviceStatsResponse | |
Processes | .google.protobuf.Empty | ProcessesResponse | |
Read | ReadRequest | .common.Data stream | |
Reboot | RebootRequest | RebootResponse | |
Restart | RestartRequest | RestartResponse | |
Rollback | RollbackRequest | RollbackResponse | |
Reset | ResetRequest | ResetResponse | |
ServiceList | .google.protobuf.Empty | ServiceListResponse | |
ServiceRestart | ServiceRestartRequest | ServiceRestartResponse | |
ServiceStart | ServiceStartRequest | ServiceStartResponse | |
ServiceStop | ServiceStopRequest | ServiceStopResponse | |
Shutdown | ShutdownRequest | ShutdownResponse | |
Stats | StatsRequest | StatsResponse | |
SystemStat | .google.protobuf.Empty | SystemStatResponse | |
Upgrade | UpgradeRequest | UpgradeResponse | |
Version | .google.protobuf.Empty | VersionResponse | |
GenerateClientConfiguration | GenerateClientConfigurationRequest | GenerateClientConfigurationResponse | GenerateClientConfiguration generates talosctl client configuration (talosconfig). |
PacketCapture | PacketCaptureRequest | .common.Data stream | PacketCapture performs packet capture and streams back pcap file. |
Netstat | NetstatRequest | NetstatResponse | Netstat provides information about network connections. |
MetaWrite | MetaWriteRequest | MetaWriteResponse | MetaWrite writes a META key-value pair. |
MetaDelete | MetaDeleteRequest | MetaDeleteResponse | MetaDelete deletes a META key. |
ImageList | ImageListRequest | ImageListResponse stream | ImageList lists images in the CRI. |
ImagePull | ImagePullRequest | ImagePullResponse | ImagePull pulls an image into the CRI. |
security/security.proto
CertificateRequest
The request message containing the certificate signing request.
Field | Type | Label | Description |
---|---|---|---|
csr | bytes | Certificate Signing Request in PEM format. |
CertificateResponse
The response message containing signed certificate.
Field | Type | Label | Description |
---|---|---|---|
ca | bytes | Certificate of the CA that signed the requested certificate in PEM format. | |
crt | bytes | Signed X.509 requested certificate in PEM format. |
SecurityService
The security service definition.
Method Name | Request Type | Response Type | Description |
---|---|---|---|
Certificate | CertificateRequest | CertificateResponse |
storage/storage.proto
Disk
Disk represents a disk.
Field | Type | Label | Description |
---|---|---|---|
size | uint64 | Size indicates the disk size in bytes. | |
model | string | Model idicates the disk model. | |
device_name | string | DeviceName indicates the disk name (e.g. sda ). | |
name | string | Name as in /sys/block/<dev>/device/name . | |
serial | string | Serial as in /sys/block/<dev>/device/serial . | |
modalias | string | Modalias as in /sys/block/<dev>/device/modalias . | |
uuid | string | Uuid as in /sys/block/<dev>/device/uuid . | |
wwid | string | Wwid as in /sys/block/<dev>/device/wwid . | |
type | Disk.DiskType | Type is a type of the disk: nvme, ssd, hdd, sd card. | |
bus_path | string | BusPath is the bus path of the disk. | |
system_disk | bool | SystemDisk indicates that the disk is used as Talos system disk. | |
subsystem | string | Subsystem is the symlink path in the /sys/block/<dev>/subsystem . | |
readonly | bool | Readonly specifies if the disk is read only. |
Disks
DisksResponse represents the response of the Disks
RPC.
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
disks | Disk | repeated |
DisksResponse
Field | Type | Label | Description |
---|---|---|---|
messages | Disks | repeated |
Disk.DiskType
Name | Number | Description |
---|---|---|
UNKNOWN | 0 | |
SSD | 1 | |
HDD | 2 | |
NVME | 3 | |
SD | 4 | |
CD | 5 |
StorageService
StorageService represents the storage service.
Method Name | Request Type | Response Type | Description |
---|---|---|---|
Disks | .google.protobuf.Empty | DisksResponse |
time/time.proto
Time
Field | Type | Label | Description |
---|---|---|---|
metadata | common.Metadata | ||
server | string | ||
localtime | google.protobuf.Timestamp | ||
remotetime | google.protobuf.Timestamp |
TimeRequest
The response message containing the ntp server
Field | Type | Label | Description |
---|---|---|---|
server | string |
TimeResponse
The response message containing the ntp server, time, and offset
Field | Type | Label | Description |
---|---|---|---|
messages | Time | repeated |
TimeService
The time service definition.
Method Name | Request Type | Response Type | Description |
---|---|---|---|
Time | .google.protobuf.Empty | TimeResponse | |
TimeCheck | TimeRequest | TimeResponse |
Scalar Value Types
.proto Type | Notes | C++ | Java | Python | Go | C# | PHP | Ruby |
---|---|---|---|---|---|---|---|---|
double | double | double | float | float64 | double | float | Float | |
float | float | float | float | float32 | float | float | Float | |
int32 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint32 instead. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
int64 | Uses variable-length encoding. Inefficient for encoding negative numbers – if your field is likely to have negative values, use sint64 instead. | int64 | long | int/long | int64 | long | integer/string | Bignum |
uint32 | Uses variable-length encoding. | uint32 | int | int/long | uint32 | uint | integer | Bignum or Fixnum (as required) |
uint64 | Uses variable-length encoding. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum or Fixnum (as required) |
sint32 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int32s. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sint64 | Uses variable-length encoding. Signed int value. These more efficiently encode negative numbers than regular int64s. | int64 | long | int/long | int64 | long | integer/string | Bignum |
fixed32 | Always four bytes. More efficient than uint32 if values are often greater than 2^28. | uint32 | int | int | uint32 | uint | integer | Bignum or Fixnum (as required) |
fixed64 | Always eight bytes. More efficient than uint64 if values are often greater than 2^56. | uint64 | long | int/long | uint64 | ulong | integer/string | Bignum |
sfixed32 | Always four bytes. | int32 | int | int | int32 | int | integer | Bignum or Fixnum (as required) |
sfixed64 | Always eight bytes. | int64 | long | int/long | int64 | long | integer/string | Bignum |
bool | bool | boolean | boolean | bool | bool | boolean | TrueClass/FalseClass | |
string | A string must always contain UTF-8 encoded or 7-bit ASCII text. | string | String | str/unicode | string | string | string | String (UTF-8) |
bytes | May contain any arbitrary sequence of bytes. | string | ByteString | str | []byte | ByteString | string | String (ASCII-8BIT) |
2 - CLI
talosctl apply-config
Apply a new configuration to a node
talosctl apply-config [flags]
Options
--cert-fingerprint strings list of server certificate fingeprints to accept (defaults to no check)
-p, --config-patch strings the list of config patches to apply to the local config file before sending it to the node
--dry-run check how the config change will be applied in dry-run mode
-f, --file string the filename of the updated configuration
-h, --help help for apply-config
-i, --insecure apply the config using the insecure (encrypted with no auth) maintenance service
-m, --mode auto, interactive, no-reboot, reboot, staged, try apply config mode (default auto)
--timeout duration the config will be rolled back after specified timeout (if try mode is selected) (default 1m0s)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl bootstrap
Bootstrap the etcd cluster on the specified node.
Synopsis
When Talos cluster is created etcd service on control plane nodes enter the join loop waiting to join etcd peers from other control plane nodes. One node should be picked as the boostrap node. When boostrap command is issued, the node aborts join process and bootstraps etcd cluster as a single node cluster. Other control plane nodes will join etcd cluster once Kubernetes is boostrapped on the bootstrap node.
This command should not be used when “init” type node are used.
Talos etcd cluster can be recovered from a known snapshot with ‘–recover-from=’ flag.
talosctl bootstrap [flags]
Options
-h, --help help for bootstrap
--recover-from string recover etcd cluster from the snapshot
--recover-skip-hash-check skip integrity check when recovering etcd (use when recovering from data directory copy)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl cluster create
Creates a local docker-based or QEMU-based kubernetes cluster
talosctl cluster create [flags]
Options
--arch string cluster architecture (default "amd64")
--bad-rtc launch VM with bad RTC state (QEMU only)
--cidr string CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24")
--cni-bin-path strings search path for CNI binaries (VM only) (default [/home/user/.talos/cni/bin])
--cni-bundle-url string URL to download CNI bundle from (VM only) (default "https://github.com/siderolabs/talos/releases/download/v1.8.0-alpha.2/talosctl-cni-bundle-${ARCH}.tar.gz")
--cni-cache-dir string CNI cache directory path (VM only) (default "/home/user/.talos/cni/cache")
--cni-conf-dir string CNI config directory path (VM only) (default "/home/user/.talos/cni/conf.d")
--config-patch stringArray patch generated machineconfigs (applied to all node types), use @file to read a patch from file
--config-patch-control-plane stringArray patch generated machineconfigs (applied to 'init' and 'controlplane' types)
--config-patch-worker stringArray patch generated machineconfigs (applied to 'worker' type)
--control-plane-port int control plane port (load balancer and local API port, QEMU only) (default 6443)
--controlplanes int the number of controlplanes to create (default 1)
--cpus string the share of CPUs as fraction (each control plane/VM) (default "2.0")
--cpus-workers string the share of CPUs as fraction (each worker/VM) (default "2.0")
--crashdump print debug crashdump to stderr when cluster startup fails
--custom-cni-url string install custom CNI from the URL (Talos cluster)
--disable-dhcp-hostname skip announcing hostname via DHCP (QEMU only)
--disk int default limit on disk size in MB (each VM) (default 6144)
--disk-encryption-key-types stringArray encryption key types to use for disk encryption (uuid, kms) (default [uuid])
--disk-image-path string disk image to use
--disk-preallocate whether disk space should be preallocated (default true)
--dns-domain string the dns domain to use for cluster (default "cluster.local")
--docker-disable-ipv6 skip enabling IPv6 in containers (Docker only)
--docker-host-ip string Host IP to forward exposed ports to (Docker provisioner only) (default "0.0.0.0")
--encrypt-ephemeral enable ephemeral partition encryption
--encrypt-state enable state partition encryption
--endpoint string use endpoint instead of provider defaults
-p, --exposed-ports string Comma-separated list of ports/protocols to expose on init node. Ex -p <hostPort>:<containerPort>/<protocol (tcp or udp)> (Docker provisioner only)
--extra-boot-kernel-args string add extra kernel args to the initial boot from vmlinuz and initramfs (QEMU only)
--extra-disks int number of extra disks to create for each worker VM
--extra-disks-drivers strings driver for each extra disk (virtio, ide, ahci, scsi, nvme)
--extra-disks-size int default limit on disk size in MB (each VM) (default 5120)
--extra-uefi-search-paths strings additional search paths for UEFI firmware (only applies when UEFI is enabled)
-h, --help help for create
--image string the image to use (default "ghcr.io/siderolabs/talos:latest")
--init-node-as-endpoint use init node as endpoint instead of any load balancer endpoint
--initrd-path string initramfs image to use (default "_out/initramfs-${ARCH}.xz")
-i, --input-dir string location of pre-generated config files
--install-image string the installer image to use (default "ghcr.io/siderolabs/installer:latest")
--ipv4 enable IPv4 network in the cluster (default true)
--ipv6 enable IPv6 network in the cluster (QEMU provisioner only)
--ipxe-boot-script string iPXE boot script (URL) to use
--iso-path string the ISO path to use for the initial boot (VM only)
--kubeprism-port int KubePrism port (set to 0 to disable) (default 7445)
--kubernetes-version string desired kubernetes version to run (default "1.31.1")
--memory int the limit on memory usage in MB (each control plane/VM) (default 2048)
--memory-workers int the limit on memory usage in MB (each worker/VM) (default 2048)
--mtu int MTU of the cluster network (default 1500)
--nameservers strings list of nameservers to use (default [8.8.8.8,1.1.1.1,2001:4860:4860::8888,2606:4700:4700::1111])
--no-masquerade-cidrs strings list of CIDRs to exclude from NAT (QEMU provisioner only)
--registry-insecure-skip-verify strings list of registry hostnames to skip TLS verification for
--registry-mirror strings list of registry mirrors to use in format: <registry host>=<mirror URL>
--skip-injecting-config skip injecting config from embedded metadata server, write config files to current directory
--skip-k8s-node-readiness-check skip k8s node readiness checks
--skip-kubeconfig skip merging kubeconfig from the created cluster
--talos-version string the desired Talos version to generate config for (if not set, defaults to image version)
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
--use-vip use a virtual IP for the controlplane endpoint instead of the loadbalancer
--user-disk strings list of disks to create for each VM in format: <mount_point1>:<size1>:<mount_point2>:<size2>
--vmlinuz-path string the compressed kernel image to use (default "_out/vmlinuz-${ARCH}")
--wait wait for the cluster to be ready before returning (default true)
--wait-timeout duration timeout to wait for the cluster to be ready (default 20m0s)
--wireguard-cidr string CIDR of the wireguard network
--with-apply-config enable apply config when the VM is starting in maintenance mode
--with-bootloader enable bootloader to load kernel and initramfs from disk image after install (default true)
--with-cluster-discovery enable cluster discovery (default true)
--with-debug enable debug in Talos config to send service logs to the console
--with-firewall string inject firewall rules into the cluster, value is default policy - accept/block (QEMU only)
--with-init-node create the cluster with an init node
--with-kubespan enable KubeSpan system
--with-network-bandwidth int specify bandwidth restriction (in kbps) on the bridge interface when creating a qemu cluster
--with-network-chaos enable to use network chaos parameters when creating a qemu cluster
--with-network-jitter duration specify jitter on the bridge interface when creating a qemu cluster
--with-network-latency duration specify latency on the bridge interface when creating a qemu cluster
--with-network-packet-corrupt float specify percent of corrupt packets on the bridge interface when creating a qemu cluster. e.g. 50% = 0.50 (default: 0.0)
--with-network-packet-loss float specify percent of packet loss on the bridge interface when creating a qemu cluster. e.g. 50% = 0.50 (default: 0.0)
--with-network-packet-reorder float specify percent of reordered packets on the bridge interface when creating a qemu cluster. e.g. 50% = 0.50 (default: 0.0)
--with-siderolink true enables the use of siderolink agent as configuration apply mechanism. true or `wireguard` enables the agent, `tunnel` enables the agent with grpc tunneling (default none)
--with-tpm2 enable TPM2 emulation support using swtpm
--with-uefi enable UEFI on x86_64 architecture (default true)
--with-uuid-hostnames use machine UUIDs as default hostnames (QEMU only)
--workers int the number of workers to create (default 1)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--name string the name of the cluster (default "talos-default")
-n, --nodes strings target the specified nodes
--provisioner string Talos cluster provisioner to use (default "docker")
--state string directory path to store cluster state (default "/home/user/.talos/clusters")
SEE ALSO
- talosctl cluster - A collection of commands for managing local docker-based or QEMU-based clusters
talosctl cluster destroy
Destroys a local docker-based or firecracker-based kubernetes cluster
talosctl cluster destroy [flags]
Options
-f, --force force deletion of cluster directory if there were errors
-h, --help help for destroy
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--name string the name of the cluster (default "talos-default")
-n, --nodes strings target the specified nodes
--provisioner string Talos cluster provisioner to use (default "docker")
--state string directory path to store cluster state (default "/home/user/.talos/clusters")
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl cluster - A collection of commands for managing local docker-based or QEMU-based clusters
talosctl cluster show
Shows info about a local provisioned kubernetes cluster
talosctl cluster show [flags]
Options
-h, --help help for show
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--name string the name of the cluster (default "talos-default")
-n, --nodes strings target the specified nodes
--provisioner string Talos cluster provisioner to use (default "docker")
--state string directory path to store cluster state (default "/home/user/.talos/clusters")
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl cluster - A collection of commands for managing local docker-based or QEMU-based clusters
talosctl cluster
A collection of commands for managing local docker-based or QEMU-based clusters
Options
-h, --help help for cluster
--name string the name of the cluster (default "talos-default")
--provisioner string Talos cluster provisioner to use (default "docker")
--state string directory path to store cluster state (default "/home/user/.talos/clusters")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl cluster create - Creates a local docker-based or QEMU-based kubernetes cluster
- talosctl cluster destroy - Destroys a local docker-based or firecracker-based kubernetes cluster
- talosctl cluster show - Shows info about a local provisioned kubernetes cluster
talosctl completion
Output shell completion code for the specified shell (bash, fish or zsh)
Synopsis
Output shell completion code for the specified shell (bash, fish or zsh). The shell code must be evaluated to provide interactive completion of talosctl commands. This can be done by sourcing it from the .bash_profile.
Note for zsh users: [1] zsh completions are only supported in versions of zsh >= 5.2
talosctl completion SHELL [flags]
Examples
# Installing bash completion on macOS using homebrew
## If running Bash 3.2 included with macOS
brew install bash-completion
## or, if running Bash 4.1+
brew install bash-completion@2
## If talosctl is installed via homebrew, this should start working immediately.
## If you've installed via other means, you may need add the completion to your completion directory
talosctl completion bash > $(brew --prefix)/etc/bash_completion.d/talosctl
# Installing bash completion on Linux
## If bash-completion is not installed on Linux, please install the 'bash-completion' package
## via your distribution's package manager.
## Load the talosctl completion code for bash into the current shell
source <(talosctl completion bash)
## Write bash completion code to a file and source if from .bash_profile
talosctl completion bash > ~/.talos/completion.bash.inc
printf "
# talosctl shell completion
source '$HOME/.talos/completion.bash.inc'
" >> $HOME/.bash_profile
source $HOME/.bash_profile
# Load the talosctl completion code for fish[1] into the current shell
talosctl completion fish | source
# Set the talosctl completion code for fish[1] to autoload on startup
talosctl completion fish > ~/.config/fish/completions/talosctl.fish
# Load the talosctl completion code for zsh[1] into the current shell
source <(talosctl completion zsh)
# Set the talosctl completion code for zsh[1] to autoload on startup
talosctl completion zsh > "${fpath[1]}/_talosctl"
Options
-h, --help help for completion
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl config add
Add a new context
talosctl config add <context> [flags]
Options
--ca string the path to the CA certificate
--crt string the path to the certificate
-h, --help help for add
--key string the path to the key
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config context
Set the current context
talosctl config context <context> [flags]
Options
-h, --help help for context
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config contexts
List defined contexts
talosctl config contexts [flags]
Options
-h, --help help for contexts
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config endpoint
Set the endpoint(s) for the current context
talosctl config endpoint <endpoint>... [flags]
Options
-h, --help help for endpoint
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config info
Show information about the current context
talosctl config info [flags]
Options
-h, --help help for info
-o, --output string output format (json|yaml|text). Default text. (default "text")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config merge
Merge additional contexts from another client configuration file
Synopsis
Contexts with the same name are renamed while merging configs.
talosctl config merge <from> [flags]
Options
-h, --help help for merge
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config new
Generate a new client configuration file
talosctl config new [<path>] [flags]
Options
--crt-ttl duration certificate TTL (default 8760h0m0s)
-h, --help help for new
--roles strings roles (default [os:admin])
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config node
Set the node(s) for the current context
talosctl config node <endpoint>... [flags]
Options
-h, --help help for node
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config remove
Remove contexts
talosctl config remove <context> [flags]
Options
--dry-run dry run
-h, --help help for remove
-y, --noconfirm do not ask for confirmation
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl config - Manage the client configuration file (talosconfig)
talosctl config
Manage the client configuration file (talosconfig)
Options
-h, --help help for config
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl config add - Add a new context
- talosctl config context - Set the current context
- talosctl config contexts - List defined contexts
- talosctl config endpoint - Set the endpoint(s) for the current context
- talosctl config info - Show information about the current context
- talosctl config merge - Merge additional contexts from another client configuration file
- talosctl config new - Generate a new client configuration file
- talosctl config node - Set the node(s) for the current context
- talosctl config remove - Remove contexts
talosctl conformance kubernetes
Run Kubernetes conformance tests
talosctl conformance kubernetes [flags]
Options
-h, --help help for kubernetes
--mode string conformance test mode: [fast, certified] (default "fast")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl conformance - Run conformance tests
talosctl conformance
Run conformance tests
Options
-h, --help help for conformance
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl conformance kubernetes - Run Kubernetes conformance tests
talosctl containers
List containers
talosctl containers [flags]
Options
-h, --help help for containers
-k, --kubernetes use the k8s.io containerd namespace
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl copy
Copy data out from the node
Synopsis
Creates an .tar.gz archive at the node starting at
If ‘-’ is given for
talosctl copy <src-path> -|<local-path> [flags]
Options
-h, --help help for copy
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl dashboard
Cluster dashboard with node overview, logs and real-time metrics
Synopsis
Provide a text-based UI to navigate node overview, logs and real-time metrics.
Keyboard shortcuts:
- h, <Left> - switch one node to the left
- l, <Right> - switch one node to the right
- j, <Down> - scroll logs/process list down
- k, <Up> - scroll logs/process list up
- <C-d> - scroll logs/process list half page down
- <C-u> - scroll logs/process list half page up
- <C-f> - scroll logs/process list one page down
- <C-b> - scroll logs/process list one page up
talosctl dashboard [flags]
Options
-h, --help help for dashboard
-d, --update-interval duration interval between updates (default 3s)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl disks
Get the list of disks from /sys/block on the machine
talosctl disks [flags]
Options
-h, --help help for disks
-i, --insecure get disks using the insecure (encrypted with no auth) maintenance service
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl dmesg
Retrieve kernel logs
talosctl dmesg [flags]
Options
-f, --follow specify if the kernel log should be streamed
-h, --help help for dmesg
--tail specify if only new messages should be sent (makes sense only when combined with --follow)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl edit
Edit a resource from the default editor.
Synopsis
The edit command allows you to directly edit any API resource you can retrieve via the command line tools.
It will open the editor defined by your TALOS_EDITOR, or EDITOR environment variables, or fall back to ‘vi’ for Linux or ’notepad’ for Windows.
talosctl edit <type> [<id>] [flags]
Options
--dry-run do not apply the change after editing and print the change summary instead
-h, --help help for edit
-m, --mode auto, no-reboot, reboot, staged, try apply config mode (default auto)
--namespace string resource namespace (default is to use default namespace per resource)
--timeout duration the config will be rolled back after specified timeout (if try mode is selected) (default 1m0s)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl etcd alarm disarm
Disarm the etcd alarms for the node.
talosctl etcd alarm disarm [flags]
Options
-h, --help help for disarm
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd alarm - Manage etcd alarms
talosctl etcd alarm list
List the etcd alarms for the node.
talosctl etcd alarm list [flags]
Options
-h, --help help for list
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd alarm - Manage etcd alarms
talosctl etcd alarm
Manage etcd alarms
Options
-h, --help help for alarm
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
- talosctl etcd alarm disarm - Disarm the etcd alarms for the node.
- talosctl etcd alarm list - List the etcd alarms for the node.
talosctl etcd defrag
Defragment etcd database on the node
Synopsis
Defragmentation is a maintenance operation that releases unused space from the etcd database file. Defragmentation is a resource heavy operation and should be performed only when necessary on a single node at a time.
talosctl etcd defrag [flags]
Options
-h, --help help for defrag
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd forfeit-leadership
Tell node to forfeit etcd cluster leadership
talosctl etcd forfeit-leadership [flags]
Options
-h, --help help for forfeit-leadership
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd leave
Tell nodes to leave etcd cluster
talosctl etcd leave [flags]
Options
-h, --help help for leave
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd members
Get the list of etcd cluster members
talosctl etcd members [flags]
Options
-h, --help help for members
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd remove-member
Remove the node from etcd cluster
Synopsis
Use this command only if you want to remove a member which is in broken state. If there is no access to the node, or the node can’t access etcd to call etcd leave. Always prefer etcd leave over this command.
talosctl etcd remove-member <member ID> [flags]
Options
-h, --help help for remove-member
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd snapshot
Stream snapshot of the etcd node to the path.
talosctl etcd snapshot <path> [flags]
Options
-h, --help help for snapshot
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd status
Get the status of etcd cluster member
Synopsis
Returns the status of etcd member on the node, use multiple nodes to get status of all members.
talosctl etcd status [flags]
Options
-h, --help help for status
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl etcd - Manage etcd
talosctl etcd
Manage etcd
Options
-h, --help help for etcd
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl etcd alarm - Manage etcd alarms
- talosctl etcd defrag - Defragment etcd database on the node
- talosctl etcd forfeit-leadership - Tell node to forfeit etcd cluster leadership
- talosctl etcd leave - Tell nodes to leave etcd cluster
- talosctl etcd members - Get the list of etcd cluster members
- talosctl etcd remove-member - Remove the node from etcd cluster
- talosctl etcd snapshot - Stream snapshot of the etcd node to the path.
- talosctl etcd status - Get the status of etcd cluster member
talosctl events
Stream runtime events
talosctl events [flags]
Options
--actor-id string filter events by the specified actor ID (default is no filter)
--duration duration show events for the past duration interval (one second resolution, default is to show no history)
-h, --help help for events
--since string show events after the specified event ID (default is to show no history)
--tail int32 show specified number of past events (use -1 to show full history, default is to show no history)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl gen ca
Generates a self-signed X.509 certificate authority
talosctl gen ca [flags]
Options
-h, --help help for ca
--hours int the hours from now on which the certificate validity period ends (default 87600)
--organization string X.509 distinguished name for the Organization
--rsa generate in RSA format
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen config
Generates a set of configuration files for Talos cluster
Synopsis
The cluster endpoint is the URL for the Kubernetes API. If you decide to use a control plane node, common in a single node control plane setup, use port 6443 as this is the port that the API server binds to on every control plane node. For an HA setup, usually involving a load balancer, use the IP and port of the load balancer.
talosctl gen config <cluster name> <cluster endpoint> [flags]
Options
--additional-sans strings additional Subject-Alt-Names for the APIServer certificate
--config-patch stringArray patch generated machineconfigs (applied to all node types), use @file to read a patch from file
--config-patch-control-plane stringArray patch generated machineconfigs (applied to 'init' and 'controlplane' types)
--config-patch-worker stringArray patch generated machineconfigs (applied to 'worker' type)
--dns-domain string the dns domain to use for cluster (default "cluster.local")
-h, --help help for config
--install-disk string the disk to install to (default "/dev/sda")
--install-image string the image used to perform an installation (default "ghcr.io/siderolabs/installer:latest")
--kubernetes-version string desired kubernetes version to run (default "1.31.1")
-o, --output string destination to output generated files. when multiple output types are specified, it must be a directory. for a single output type, it must either be a file path, or "-" for stdout
-t, --output-types strings types of outputs to be generated. valid types are: ["controlplane" "worker" "talosconfig"] (default [controlplane,worker,talosconfig])
-p, --persist the desired persist value for configs (default true)
--registry-mirror strings list of registry mirrors to use in format: <registry host>=<mirror URL>
--talos-version string the desired Talos version to generate config for (backwards compatibility, e.g. v0.8)
--version string the desired machine config version to generate (default "v1alpha1")
--with-cluster-discovery enable cluster discovery feature (default true)
--with-docs renders all machine configs adding the documentation for each field (default true)
--with-examples renders all machine configs with the commented examples (default true)
--with-kubespan enable KubeSpan feature
--with-secrets string use a secrets file generated using 'gen secrets'
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen crt
Generates an X.509 Ed25519 certificate
talosctl gen crt [flags]
Options
--ca string path to the PEM encoded CERTIFICATE
--csr string path to the PEM encoded CERTIFICATE REQUEST
-h, --help help for crt
--hours int the hours from now on which the certificate validity period ends (default 24)
--name string the basename of the generated file
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen csr
Generates a CSR using an Ed25519 private key
talosctl gen csr [flags]
Options
-h, --help help for csr
--ip string generate the certificate for this IP address
--key string path to the PEM encoded EC or RSA PRIVATE KEY
--roles strings roles (default [os:admin])
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen key
Generates an Ed25519 private key
talosctl gen key [flags]
Options
-h, --help help for key
--name string the basename of the generated file
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen keypair
Generates an X.509 Ed25519 key pair
talosctl gen keypair [flags]
Options
-h, --help help for keypair
--ip string generate the certificate for this IP address
--organization string X.509 distinguished name for the Organization
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen secrets
Generates a secrets bundle file which can later be used to generate a config
talosctl gen secrets [flags]
Options
--from-controlplane-config string use the provided controlplane Talos machine configuration as input
-p, --from-kubernetes-pki string use a Kubernetes PKI directory (e.g. /etc/kubernetes/pki) as input
-h, --help help for secrets
-t, --kubernetes-bootstrap-token string use the provided bootstrap token as input
-o, --output-file string path of the output file (default "secrets.yaml")
--talos-version string the desired Talos version to generate secrets bundle for (backwards compatibility, e.g. v0.8)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
talosctl gen secureboot database
Generates a UEFI database to enroll the signing certificate
talosctl gen secureboot database [flags]
Options
--enrolled-certificate string path to the certificate to enroll (default "_out/uki-signing-cert.pem")
-h, --help help for database
--include-well-known-uefi-certs include well-known UEFI (Microsoft) certificates in the database
--signing-certificate string path to the certificate used to sign the database (default "_out/uki-signing-cert.pem")
--signing-key string path to the key used to sign the database (default "_out/uki-signing-key.pem")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
-o, --output string path to the directory storing the generated files (default "_out")
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen secureboot - Generates secrets for the SecureBoot process
talosctl gen secureboot pcr
Generates a key which is used to sign TPM PCR values
talosctl gen secureboot pcr [flags]
Options
-h, --help help for pcr
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
-o, --output string path to the directory storing the generated files (default "_out")
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen secureboot - Generates secrets for the SecureBoot process
talosctl gen secureboot uki
Generates a certificate which is used to sign boot assets (UKI)
talosctl gen secureboot uki [flags]
Options
--common-name string common name for the certificate (default "Test UKI Signing Key")
-h, --help help for uki
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
-o, --output string path to the directory storing the generated files (default "_out")
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen secureboot - Generates secrets for the SecureBoot process
talosctl gen secureboot
Generates secrets for the SecureBoot process
Options
-h, --help help for secureboot
-o, --output string path to the directory storing the generated files (default "_out")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-f, --force will overwrite existing files
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl gen - Generate CAs, certificates, and private keys
- talosctl gen secureboot database - Generates a UEFI database to enroll the signing certificate
- talosctl gen secureboot pcr - Generates a key which is used to sign TPM PCR values
- talosctl gen secureboot uki - Generates a certificate which is used to sign boot assets (UKI)
talosctl gen
Generate CAs, certificates, and private keys
Options
-f, --force will overwrite existing files
-h, --help help for gen
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl gen ca - Generates a self-signed X.509 certificate authority
- talosctl gen config - Generates a set of configuration files for Talos cluster
- talosctl gen crt - Generates an X.509 Ed25519 certificate
- talosctl gen csr - Generates a CSR using an Ed25519 private key
- talosctl gen key - Generates an Ed25519 private key
- talosctl gen keypair - Generates an X.509 Ed25519 key pair
- talosctl gen secrets - Generates a secrets bundle file which can later be used to generate a config
- talosctl gen secureboot - Generates secrets for the SecureBoot process
talosctl get
Get a specific resource or list of resources (use ’talosctl get rd’ to see all available resource types).
Synopsis
Similar to ‘kubectl get’, ’talosctl get’ returns a set of resources from the OS. To get a list of all available resource definitions, issue ’talosctl get rd’
talosctl get <type> [<id>] [flags]
Options
-h, --help help for get
-i, --insecure get resources using the insecure (encrypted with no auth) maintenance service
--namespace string resource namespace (default is to use default namespace per resource)
-o, --output string output mode (json, table, yaml, jsonpath) (default "table")
-w, --watch watch resource changes
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl health
Check cluster health
talosctl health [flags]
Options
--control-plane-nodes strings specify IPs of control plane nodes
-h, --help help for health
--init-node string specify IPs of init node
--k8s-endpoint string use endpoint instead of kubeconfig default
--run-e2e run Kubernetes e2e test
--server run server-side check (default true)
--wait-timeout duration timeout to wait for the cluster to be ready (default 20m0s)
--worker-nodes strings specify IPs of worker nodes
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl image default
List the default images used by Talos
talosctl image default [flags]
Options
-h, --help help for default
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--namespace system namespace to use: system (etcd and kubelet images) or `cri` for all Kubernetes workloads (default "cri")
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl image - Manage CRI containter images
talosctl image list
List CRI images
talosctl image list [flags]
Options
-h, --help help for list
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--namespace system namespace to use: system (etcd and kubelet images) or `cri` for all Kubernetes workloads (default "cri")
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl image - Manage CRI containter images
talosctl image pull
Pull an image into CRI
talosctl image pull [flags]
Options
-h, --help help for pull
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
--namespace system namespace to use: system (etcd and kubelet images) or `cri` for all Kubernetes workloads (default "cri")
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl image - Manage CRI containter images
talosctl image
Manage CRI containter images
Options
-h, --help help for image
--namespace system namespace to use: system (etcd and kubelet images) or `cri` for all Kubernetes workloads (default "cri")
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl image default - List the default images used by Talos
- talosctl image list - List CRI images
- talosctl image pull - Pull an image into CRI
talosctl inject serviceaccount
Inject Talos API ServiceAccount into Kubernetes manifests
talosctl inject serviceaccount [--roles='<ROLE_1>,<ROLE_2>'] -f <manifest.yaml> [flags]
Examples
talosctl inject serviceaccount --roles="os:admin" -f deployment.yaml > deployment-injected.yaml
Alternatively, stdin can be piped to the command:
cat deployment.yaml | talosctl inject serviceaccount --roles="os:admin" -f - > deployment-injected.yaml
Options
-f, --file string file with Kubernetes manifests to be injected with ServiceAccount
-h, --help help for serviceaccount
-r, --roles strings roles to add to the generated ServiceAccount manifests (default [os:reader])
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl inject - Inject Talos API resources into Kubernetes manifests
talosctl inject
Inject Talos API resources into Kubernetes manifests
Options
-h, --help help for inject
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl inject serviceaccount - Inject Talos API ServiceAccount into Kubernetes manifests
talosctl inspect dependencies
Inspect controller-resource dependencies as graphviz graph.
Synopsis
Inspect controller-resource dependencies as graphviz graph.
Pipe the output of the command through the “dot” program (part of graphviz package) to render the graph:
talosctl inspect dependencies | dot -Tpng > graph.png
talosctl inspect dependencies [flags]
Options
-h, --help help for dependencies
--with-resources display live resource information with dependencies
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl inspect - Inspect internals of Talos
talosctl inspect
Inspect internals of Talos
Options
-h, --help help for inspect
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl inspect dependencies - Inspect controller-resource dependencies as graphviz graph.
talosctl kubeconfig
Download the admin kubeconfig from the node
Synopsis
Download the admin kubeconfig from the node. If merge flag is defined, config will be merged with ~/.kube/config or [local-path] if specified. Otherwise kubeconfig will be written to PWD or [local-path] if specified.
talosctl kubeconfig [local-path] [flags]
Options
-f, --force Force overwrite of kubeconfig if already present, force overwrite on kubeconfig merge
--force-context-name string Force context name for kubeconfig merge
-h, --help help for kubeconfig
-m, --merge Merge with existing kubeconfig (default true)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl list
Retrieve a directory listing
talosctl list [path] [flags]
Options
-d, --depth int32 maximum recursion depth (default 1)
-h, --help help for list
-H, --humanize humanize size and time in the output
-l, --long display additional file details
-r, --recurse recurse into subdirectories
-t, --type strings filter by specified types:
f regular file
d directory
l, L symbolic link
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl logs
Retrieve logs for a service
talosctl logs <service name> [flags]
Options
-f, --follow specify if the logs should be streamed
-h, --help help for logs
-k, --kubernetes use the k8s.io containerd namespace
--tail int32 lines of log file to display (default is to show from the beginning) (default -1)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl machineconfig gen
Generates a set of configuration files for Talos cluster
Synopsis
The cluster endpoint is the URL for the Kubernetes API. If you decide to use a control plane node, common in a single node control plane setup, use port 6443 as this is the port that the API server binds to on every control plane node. For an HA setup, usually involving a load balancer, use the IP and port of the load balancer.
talosctl machineconfig gen <cluster name> <cluster endpoint> [flags]
Options
-h, --help help for gen
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl machineconfig - Machine config related commands
talosctl machineconfig patch
Patch a machine config
talosctl machineconfig patch <machineconfig-file> [flags]
Options
-h, --help help for patch
-o, --output string output destination. if not specified, output will be printed to stdout
-p, --patch stringArray patch generated machineconfigs (applied to all node types), use @file to read a patch from file
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl machineconfig - Machine config related commands
talosctl machineconfig
Machine config related commands
Options
-h, --help help for machineconfig
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl machineconfig gen - Generates a set of configuration files for Talos cluster
- talosctl machineconfig patch - Patch a machine config
talosctl memory
Show memory usage
talosctl memory [flags]
Options
-h, --help help for memory
-v, --verbose display extended memory statistics
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl meta delete
Delete a key from the META partition.
talosctl meta delete key [flags]
Options
-h, --help help for delete
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl meta - Write and delete keys in the META partition
talosctl meta write
Write a key-value pair to the META partition.
talosctl meta write key value [flags]
Options
-h, --help help for write
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl meta - Write and delete keys in the META partition
talosctl meta
Write and delete keys in the META partition
Options
-h, --help help for meta
-i, --insecure write|delete meta using the insecure (encrypted with no auth) maintenance service
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
- talosctl meta delete - Delete a key from the META partition.
- talosctl meta write - Write a key-value pair to the META partition.
talosctl mounts
List mounts
talosctl mounts [flags]
Options
-h, --help help for mounts
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl netstat
Show network connections and sockets
Synopsis
Show network connections and sockets.
You can pass an optional argument to view a specific pod’s connections. To do this, format the argument as “namespace/pod”. Note that only pods with a pod network namespace are allowed. If you don’t pass an argument, the command will show host connections.
talosctl netstat [flags]
Options
-a, --all display all sockets states (default: connected)
-x, --extend show detailed socket information
-h, --help help for netstat
-4, --ipv4 display only ipv4 sockets
-6, --ipv6 display only ipv6 sockets
-l, --listening display listening server sockets
-k, --pods show sockets used by Kubernetes pods
-p, --programs show process using socket
-w, --raw display only RAW sockets
-t, --tcp display only TCP sockets
-o, --timers display timers
-u, --udp display only UDP sockets
-U, --udplite display only UDPLite sockets
-v, --verbose display sockets of all supported transport protocols
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl patch
Update field(s) of a resource using a JSON patch.
talosctl patch <type> [<id>] [flags]
Options
--dry-run print the change summary and patch preview without applying the changes
-h, --help help for patch
-m, --mode auto, no-reboot, reboot, staged, try apply config mode (default auto)
--namespace string resource namespace (default is to use default namespace per resource)
-p, --patch stringArray the patch to be applied to the resource file, use @file to read a patch from file.
--patch-file string a file containing a patch to be applied to the resource.
--timeout duration the config will be rolled back after specified timeout (if try mode is selected) (default 1m0s)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl pcap
Capture the network packets from the node.
Synopsis
The command launches packet capture on the node and streams back the packets as raw pcap file.
Default behavior is to decode the packets with internal decoder to stdout:
talosctl pcap -i eth0
Raw pcap file can be saved with --output
flag:
talosctl pcap -i eth0 --output eth0.pcap
Output can be piped to tcpdump:
talosctl pcap -i eth0 -o - | tcpdump -vvv -r -
BPF filter can be applied, but it has to compiled to BPF instructions first using tcpdump. Correct link type should be specified for the tcpdump: EN10MB for Ethernet links and RAW for e.g. Wireguard tunnels:
talosctl pcap -i eth0 --bpf-filter "$(tcpdump -dd -y EN10MB 'tcp and dst port 80')"
talosctl pcap -i kubespan --bpf-filter "$(tcpdump -dd -y RAW 'port 50000')"
As packet capture is transmitted over the network, it is recommended to filter out the Talos API traffic, e.g. by excluding packets with the port 50000.
talosctl pcap [flags]
Options
--bpf-filter string bpf filter to apply, tcpdump -dd format
--duration duration duration of the capture
-h, --help help for pcap
-i, --interface string interface name to capture packets on (default "eth0")
-o, --output string if not set, decode packets to stdout; if set write raw pcap data to a file, use '-' for stdout
--promiscuous put interface into promiscuous mode
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl processes
List running processes
talosctl processes [flags]
Options
-h, --help help for processes
-s, --sort string Column to sort output by. [rss|cpu] (default "rss")
-w, --watch Stream running processes
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl read
Read a file on the machine
talosctl read <path> [flags]
Options
-h, --help help for read
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl reboot
Reboot a node
talosctl reboot [flags]
Options
--debug debug operation from kernel logs. --wait is set to true when this flag is set
-h, --help help for reboot
-m, --mode string select the reboot mode: "default", "powercycle" (skips kexec) (default "default")
--timeout duration time to wait for the operation is complete if --debug or --wait is set (default 30m0s)
--wait wait for the operation to complete, tracking its progress. always set to true when --debug is set (default true)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl reset
Reset a node
talosctl reset [flags]
Options
--debug debug operation from kernel logs. --wait is set to true when this flag is set
--graceful if true, attempt to cordon/drain node and leave etcd (if applicable) (default true)
-h, --help help for reset
--insecure reset using the insecure (encrypted with no auth) maintenance service
--reboot if true, reboot the node after resetting instead of shutting down
--system-labels-to-wipe strings if set, just wipe selected system disk partitions by label but keep other partitions intact
--timeout duration time to wait for the operation is complete if --debug or --wait is set (default 30m0s)
--user-disks-to-wipe strings if set, wipes defined devices in the list
--wait wait for the operation to complete, tracking its progress. always set to true when --debug is set (default true)
--wipe-mode all, system-disk, user-disks disk reset mode (default all)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl restart
Restart a process
talosctl restart <id> [flags]
Options
-h, --help help for restart
-k, --kubernetes use the k8s.io containerd namespace
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl rollback
Rollback a node to the previous installation
talosctl rollback [flags]
Options
-h, --help help for rollback
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl rotate-ca
Rotate cluster CAs (Talos and Kubernetes APIs).
Synopsis
The command can rotate both Talos and Kubernetes root CAs (for the API). By default both CAs are rotated, but you can choose to rotate just one or another. The command starts by generating new CAs, and gracefully applying it to the cluster.
For Kubernetes, the command only rotates the API server issuing CA, and other Kubernetes PKI can be rotated by applying machine config changes to the controlplane nodes.
talosctl rotate-ca [flags]
Options
--control-plane-nodes strings specify IPs of control plane nodes
--dry-run dry-run mode (no changes to the cluster) (default true)
-h, --help help for rotate-ca
--init-node string specify IPs of init node
--k8s-endpoint string use endpoint instead of kubeconfig default
--kubernetes rotate Kubernetes API CA (default true)
-o, --output talosconfig path to the output new talosconfig (default "talosconfig")
--talos rotate Talos API CA (default true)
--with-docs patch all machine configs adding the documentation for each field (default true)
--with-examples patch all machine configs with the commented examples (default true)
--worker-nodes strings specify IPs of worker nodes
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl service
Retrieve the state of a service (or all services), control service state
Synopsis
Service control command. If run without arguments, lists all the services and their state. If service ID is specified, default action ‘status’ is executed which shows status of a single list service. With actions ‘start’, ‘stop’, ‘restart’, service state is updated respectively.
talosctl service [<id> [start|stop|restart|status]] [flags]
Options
-h, --help help for service
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl shutdown
Shutdown a node
talosctl shutdown [flags]
Options
--debug debug operation from kernel logs. --wait is set to true when this flag is set
--force if true, force a node to shutdown without a cordon/drain
-h, --help help for shutdown
--timeout duration time to wait for the operation is complete if --debug or --wait is set (default 30m0s)
--wait wait for the operation to complete, tracking its progress. always set to true when --debug is set (default true)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl stats
Get container stats
talosctl stats [flags]
Options
-h, --help help for stats
-k, --kubernetes use the k8s.io containerd namespace
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl support
Dump debug information about the cluster
Synopsis
Generated bundle contains the following debug information:
For each node:
- Kernel logs.
- All Talos internal services logs.
- All kube-system pods logs.
- Talos COSI resources without secrets.
- COSI runtime state graph.
- Processes snapshot.
- IO pressure snapshot.
- Mounts list.
- PCI devices info.
- Talos version.
For the cluster:
- Kubernetes nodes and kube-system pods manifests.
talosctl support [flags]
Options
-h, --help help for support
-w, --num-workers int number of workers per node (default 1)
-O, --output string output file to write support archive to
-v, --verbose verbose output
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl time
Gets current server time
talosctl time [--check server] [flags]
Options
-c, --check string checks server time against specified ntp server
-h, --help help for time
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl upgrade
Upgrade Talos on the target node
talosctl upgrade [flags]
Options
--debug debug operation from kernel logs. --wait is set to true when this flag is set
-f, --force force the upgrade (skip checks on etcd health and members, might lead to data loss)
-h, --help help for upgrade
-i, --image string the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.8.0-alpha.2")
--insecure upgrade using the insecure (encrypted with no auth) maintenance service
-m, --reboot-mode string select the reboot mode during upgrade. Mode "powercycle" bypasses kexec. Valid values are: ["default" "powercycle"]. (default "default")
-s, --stage stage the upgrade to perform it after a reboot
--timeout duration time to wait for the operation is complete if --debug or --wait is set (default 30m0s)
--wait wait for the operation to complete, tracking its progress. always set to true when --debug is set (default true)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl upgrade-k8s
Upgrade Kubernetes control plane in the Talos cluster.
Synopsis
Command runs upgrade of Kubernetes control plane components between specified versions.
talosctl upgrade-k8s [flags]
Options
--apiserver-image string kube-apiserver image to use (default "registry.k8s.io/kube-apiserver")
--controller-manager-image string kube-controller-manager image to use (default "registry.k8s.io/kube-controller-manager")
--dry-run skip the actual upgrade and show the upgrade plan instead
--endpoint string the cluster control plane endpoint
--from string the Kubernetes control plane version to upgrade from
-h, --help help for upgrade-k8s
--kubelet-image string kubelet image to use (default "ghcr.io/siderolabs/kubelet")
--pre-pull-images pre-pull images before upgrade (default true)
--proxy-image string kube-proxy image to use (default "registry.k8s.io/kube-proxy")
--scheduler-image string kube-scheduler image to use (default "registry.k8s.io/kube-scheduler")
--to string the Kubernetes control plane version to upgrade to (default "1.31.1")
--upgrade-kubelet upgrade kubelet service (default true)
--with-docs patch all machine configs adding the documentation for each field (default true)
--with-examples patch all machine configs with the commented examples (default true)
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl usage
Retrieve a disk usage
talosctl usage [path1] [path2] ... [pathN] [flags]
Options
-a, --all write counts for all files, not just directories
-d, --depth int32 maximum recursion depth
-h, --help help for usage
-H, --humanize humanize size and time in the output
-t, --threshold int threshold exclude entries smaller than SIZE if positive, or entries greater than SIZE if negative
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl validate
Validate config
talosctl validate [flags]
Options
-c, --config string the path of the config file
-h, --help help for validate
-m, --mode string the mode to validate the config for (valid values are metal, cloud, and container)
--strict treat validation warnings as errors
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl version
Prints the version
talosctl version [flags]
Options
--client Print client version only
-h, --help help for version
-i, --insecure use Talos maintenance mode API
--short Print the short version
Options inherited from parent commands
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl - A CLI for out-of-band management of Kubernetes nodes created by Talos
talosctl
A CLI for out-of-band management of Kubernetes nodes created by Talos
Options
--cluster string Cluster to connect to if a proxy endpoint is used.
--context string Context to be used in command
-e, --endpoints strings override default endpoints in Talos configuration
-h, --help help for talosctl
-n, --nodes strings target the specified nodes
--talosconfig string The path to the Talos configuration file. Defaults to 'TALOSCONFIG' env variable if set, otherwise '$HOME/.talos/config' and '/var/run/secrets/talos.dev/config' in order.
SEE ALSO
- talosctl apply-config - Apply a new configuration to a node
- talosctl bootstrap - Bootstrap the etcd cluster on the specified node.
- talosctl cluster - A collection of commands for managing local docker-based or QEMU-based clusters
- talosctl completion - Output shell completion code for the specified shell (bash, fish or zsh)
- talosctl config - Manage the client configuration file (talosconfig)
- talosctl conformance - Run conformance tests
- talosctl containers - List containers
- talosctl copy - Copy data out from the node
- talosctl dashboard - Cluster dashboard with node overview, logs and real-time metrics
- talosctl disks - Get the list of disks from /sys/block on the machine
- talosctl dmesg - Retrieve kernel logs
- talosctl edit - Edit a resource from the default editor.
- talosctl etcd - Manage etcd
- talosctl events - Stream runtime events
- talosctl gen - Generate CAs, certificates, and private keys
- talosctl get - Get a specific resource or list of resources (use ’talosctl get rd’ to see all available resource types).
- talosctl health - Check cluster health
- talosctl image - Manage CRI containter images
- talosctl inject - Inject Talos API resources into Kubernetes manifests
- talosctl inspect - Inspect internals of Talos
- talosctl kubeconfig - Download the admin kubeconfig from the node
- talosctl list - Retrieve a directory listing
- talosctl logs - Retrieve logs for a service
- talosctl machineconfig - Machine config related commands
- talosctl memory - Show memory usage
- talosctl meta - Write and delete keys in the META partition
- talosctl mounts - List mounts
- talosctl netstat - Show network connections and sockets
- talosctl patch - Update field(s) of a resource using a JSON patch.
- talosctl pcap - Capture the network packets from the node.
- talosctl processes - List running processes
- talosctl read - Read a file on the machine
- talosctl reboot - Reboot a node
- talosctl reset - Reset a node
- talosctl restart - Restart a process
- talosctl rollback - Rollback a node to the previous installation
- talosctl rotate-ca - Rotate cluster CAs (Talos and Kubernetes APIs).
- talosctl service - Retrieve the state of a service (or all services), control service state
- talosctl shutdown - Shutdown a node
- talosctl stats - Get container stats
- talosctl support - Dump debug information about the cluster
- talosctl time - Gets current server time
- talosctl upgrade - Upgrade Talos on the target node
- talosctl upgrade-k8s - Upgrade Kubernetes control plane in the Talos cluster.
- talosctl usage - Retrieve a disk usage
- talosctl validate - Validate config
- talosctl version - Prints the version
3 - Configuration
Talos Linux machine is fully configured via a single YAML file called machine configuration.
The file might contain one or more configuration documents separated by ---
(three dashes) lines.
At the moment, majority of the configuration options are within the v1alpha1 document, so
this is the only mandatory document in the configuration file.
Configuration documents might be named (contain a name:
field) or unnamed.
Unnamed documents can be supplied to the machine configuration file only once, while named documents can be supplied multiple times with unique names.
The v1alpha1
document has its own (legacy) structure, while every other document has the following set of fields:
apiVersion: v1alpha1 # version of the document
kind: NetworkRuleConfig # type of document
name: rule1 # only for named documents
This section contains the configuration reference, to learn more about Talos Linux machine configuration management, please see:
3.1 - block
3.1.1 - VolumeConfig
apiVersion: v1alpha1
kind: VolumeConfig
name: EPHEMERAL # Name of the volume.
# The provisioning describes how the volume is provisioned.
provisioning:
# The disk selector expression.
diskSelector:
match: disk.transport == "nvme" # The Common Expression Language (CEL) expression to match the disk.
maxSize: 50GiB # The maximum size of the volume, if not specified the volume can grow to the size of the
# # The minimum size of the volume.
# minSize: 2.5GiB
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the volume. | |
provisioning | ProvisioningSpec | The provisioning describes how the volume is provisioned. |
provisioning
ProvisioningSpec describes how the volume is provisioned.
Field | Type | Description | Value(s) |
---|---|---|---|
diskSelector | DiskSelector | The disk selector expression. | |
grow | bool | Should the volume grow to the size of the disk (if possible). | |
minSize | ByteSize | The minimum size of the volume.Size is specified in bytes, but can be expressed in human readable format, e.g. 100MB. Show example(s)
| |
maxSize | ByteSize | The maximum size of the volume, if not specified the volume can grow to the size of thedisk.Size is specified in bytes, but can be expressed in human readable format, e.g. 100MB. Show example(s)
|
diskSelector
DiskSelector selects a disk for the volume.
Field | Type | Description | Value(s) |
---|---|---|---|
match | Expression | The Common Expression Language (CEL) expression to match the disk. Show example(s)
|
3.2 - extensions
3.2.1 - ExtensionServiceConfig
apiVersion: v1alpha1
kind: ExtensionServiceConfig
name: nut-client # Name of the extension service.
# The config files for the extension service.
configFiles:
- content: MONITOR ${upsmonHost} 1 remote username password # The content of the extension service config file.
mountPath: /usr/local/etc/nut/upsmon.conf # The mount path of the extension service config file.
# The environment for the extension service.
environment:
- NUT_UPS=upsname
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the extension service. | |
configFiles | []ConfigFile | The config files for the extension service. | |
environment | []string | The environment for the extension service. |
configFiles[]
ConfigFile is a config file for extension services.
Field | Type | Description | Value(s) |
---|---|---|---|
content | string | The content of the extension service config file. | |
mountPath | string | The mount path of the extension service config file. |
3.3 - network
3.3.1 - KubeSpanEndpointsConfig
apiVersion: v1alpha1
kind: KubeSpanEndpointsConfig
# A list of extra Wireguard endpoints to announce from this machine.
extraAnnouncedEndpoints:
- 192.168.13.46:52000
Field | Type | Description | Value(s) |
---|---|---|---|
extraAnnouncedEndpoints | []AddrPort | A list of extra Wireguard endpoints to announce from this machine.Talos automatically adds endpoints based on machine addresses, public IP, etc. This field allows to add extra endpoints which are managed outside of Talos, e.g. NAT mapping. |
3.3.2 - NetworkDefaultActionConfig
apiVersion: v1alpha1
kind: NetworkDefaultActionConfig
ingress: accept # Default action for all not explicitly configured ingress traffic: accept or block.
Field | Type | Description | Value(s) |
---|---|---|---|
ingress | DefaultAction | Default action for all not explicitly configured ingress traffic: accept or block. | accept block |
3.3.3 - NetworkRuleConfig
apiVersion: v1alpha1
kind: NetworkRuleConfig
name: ingress-apid # Name of the config document.
# Port selector defines which ports and protocols on the host are affected by the rule.
portSelector:
# Ports defines a list of port ranges or single ports.
ports:
- 50000
protocol: tcp # Protocol defines traffic protocol (e.g. TCP or UDP).
# Ingress defines which source subnets are allowed to access the host ports/protocols defined by the `portSelector`.
ingress:
- subnet: 192.168.0.0/16 # Subnet defines a source subnet.
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the config document. | |
portSelector | RulePortSelector | Port selector defines which ports and protocols on the host are affected by the rule. | |
ingress | []IngressRule | Ingress defines which source subnets are allowed to access the host ports/protocols defined by the portSelector . |
portSelector
RulePortSelector is a port selector for the network rule.
Field | Type | Description | Value(s) |
---|---|---|---|
ports | PortRanges | Ports defines a list of port ranges or single ports.The port ranges are inclusive, and should not overlap.Show example(s)
| |
protocol | Protocol | Protocol defines traffic protocol (e.g. TCP or UDP). | tcp udp icmp icmpv6 |
ingress[]
IngressRule is a ingress rule.
Field | Type | Description | Value(s) |
---|---|---|---|
subnet | Prefix | Subnet defines a source subnet. Show example(s)
| |
except | Prefix | Except defines a source subnet to exclude from the rule, it gets excluded from the subnet . |
3.4 - runtime
3.4.1 - EventSinkConfig
apiVersion: v1alpha1
kind: EventSinkConfig
endpoint: 192.168.10.3:3247 # The endpoint for the event sink as 'host:port'.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoint | string | The endpoint for the event sink as ‘host:port’. Show example(s)
|
3.4.2 - KmsgLogConfig
apiVersion: v1alpha1
kind: KmsgLogConfig
name: remote-log # Name of the config document.
url: tcp://192.168.3.7:3478/ # The URL encodes the log destination.
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the config document. | |
url | URL | The URL encodes the log destination.The scheme must be tcp:// or udp://.The path must be empty. The port is required. Show example(s)
|
3.4.3 - WatchdogTimerConfig
apiVersion: v1alpha1
kind: WatchdogTimerConfig
device: /dev/watchdog0 # Path to the watchdog device.
timeout: 2m0s # Timeout for the watchdog.
Field | Type | Description | Value(s) |
---|---|---|---|
device | string | Path to the watchdog device. Show example(s)
| |
timeout | Duration | Timeout for the watchdog.If Talos is unresponsive for this duration, the watchdog will reset the system. Default value is 1 minute, minimum value is 10 seconds. |
3.5 - security
3.5.1 - TrustedRootsConfig
apiVersion: v1alpha1
kind: TrustedRootsConfig
name: my-enterprise-ca # Name of the config document.
certificates: | # List of additional trusted certificate authorities (as PEM-encoded certificates).
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the config document. | |
certificates | string | List of additional trusted certificate authorities (as PEM-encoded certificates).Multiple certificates can be provided in a single config document, separated by newline characters. |
3.6 - siderolink
3.6.1 - SideroLinkConfig
apiVersion: v1alpha1
kind: SideroLinkConfig
apiUrl: https://siderolink.api/join?token=secret # SideroLink API URL to connect to.
Field | Type | Description | Value(s) |
---|---|---|---|
apiUrl | URL | SideroLink API URL to connect to. Show example(s)
|
3.7 - v1alpha1
Package v1alpha1 contains definition of the v1alpha1
configuration document.
Even though the machine configuration in Talos Linux is multi-document, at the moment this configuration document contains most of the configuration options.
It is expected that new configuration options will be added as new documents, and existing ones migrated to their own documents.
3.7.1 - Config
version: v1alpha1
machine: # ...
cluster: # ...
Field | Type | Description | Value(s) |
---|---|---|---|
version | string | Indicates the schema used to decode the contents. | v1alpha1 |
debug | bool | Enable verbose logging to the console.All system containers logs will flow into serial console.Note: To avoid breaking Talos bootstrap flow enable this option only if serial console can handle high message throughput. | true yes false no |
machine | MachineConfig | Provides machine specific configuration options. | |
cluster | ClusterConfig | Provides cluster specific configuration options. |
machine
MachineConfig represents the machine-specific config values.
machine:
type: controlplane
# InstallConfig represents the installation options for preparing a node.
install:
disk: /dev/sda # The disk used for installations.
# Allows for supplying extra kernel args via the bootloader.
extraKernelArgs:
- console=ttyS1
- panic=10
image: ghcr.io/siderolabs/installer:latest # Allows for supplying the image used to perform the installation.
wipe: false # Indicates if the installation disk should be wiped at installation time.
# # Look up disk using disk attributes like model, size, serial and others.
# diskSelector:
# size: 4GB # Disk size.
# model: WDC* # Disk model `/sys/block/<dev>/device/model`.
# busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 # Disk bus path.
# # Allows for supplying additional system extension images to install on top of base Talos image.
# extensions:
# - image: ghcr.io/siderolabs/gvisor:20220117.0-v1.0.0 # System extension image.
Field | Type | Description | Value(s) |
---|---|---|---|
type | string | Defines the role of the machine within the cluster.Control Plane Control Plane node type designates the node as a control plane member. This means it will host etcd along with the Kubernetes controlplane components such as API Server, Controller Manager, Scheduler. Worker Worker node type designates the node as a worker node. This means it will be an available compute node for scheduling workloads. This node type was previously known as “join”; that value is still supported but deprecated. | controlplane worker |
token | string | The Using this token, a machine will create a certificate signing request (CSR), and request a certificate that will be used as its’ identity. | |
ca | PEMEncodedCertificateAndKey | The root certificate authority of the PKI.It is composed of a base64 encodedcrt and key .Show example(s)
| |
acceptedCAs | []PEMEncodedCertificate | The certificates issued by certificate authorities are accepted in addition to issuing ‘ca’.It is composed of a base64 encoded `crt``. | |
certSANs | []string | Extra certificate subject alternative names for the machine’s certificate.By default, all non-loopback interface IPs are automatically added to the certificate’s SANs.Show example(s)
| |
controlPlane | MachineControlPlaneConfig | Provides machine specific control plane configuration options. Show example(s)
| |
kubelet | KubeletConfig | Used to provide additional options to the kubelet. Show example(s)
| |
pods | []Unstructured | Used to provide static pod definitions to be run by the kubelet directly bypassing the kube-apiserver.Static pods can be used to run components which should be started before the Kubernetes control plane is up. Talos doesn’t validate the pod definition. Updates to this field can be applied without a reboot. See https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/. Show example(s)
| |
network | NetworkConfig | Provides machine specific network configuration options. Show example(s)
| |
disks | []MachineDisk | Used to partition, format and mount additional disks.Since the rootfs is read only with the exception of/var , mounts are only valid if they are under /var .Note that the partitioning and formatting is done only once, if and only if no existing XFS partitions are found. If size: is omitted, the partition is sized to occupy the full disk.Show example(s)
| |
install | InstallConfig | Used to provide instructions for installations.Note that this configuration section gets silently ignored by Talos images that are considered pre-installed. To make sure Talos installs according to the provided configuration, Talos should be booted with ISO or PXE-booted. Show example(s)
| |
files | []MachineFile | Allows the addition of user specified files.The value ofop can be create , overwrite , or append .In the case of create , path must not exist.In the case of overwrite , and append , path must be a valid file.If an op value of append is used, the existing file will be appended.Note that the file contents are not required to be base64 encoded. Show example(s)
| |
env | Env | The All environment variables are set on PID 1 in addition to every service. | GRPC_GO_LOG_VERBOSITY_LEVEL GRPC_GO_LOG_SEVERITY_LEVEL http_proxy https_proxy no_proxy |
time | TimeConfig | Used to configure the machine’s time settings. Show example(s)
| |
sysctls | map[string]string | Used to configure the machine’s sysctls. Show example(s)
| |
sysfs | map[string]string | Used to configure the machine’s sysfs. Show example(s)
| |
registries | RegistriesConfig | Used to configure the machine’s container image registry mirrors.Automatically generates matching CRI configuration for registry mirrors. The mirrors section allows to redirect requests for images to a non-default registry,which might be a local registry or a caching mirror. The config section provides a way to authenticate to the registry with TLS clientidentity, provide registry CA, or authentication information. Authentication information has same meaning with the corresponding field in .docker/config.json .See also matching configuration for CRI containerd plugin. Show example(s)
| |
systemDiskEncryption | SystemDiskEncryptionConfig | Machine system disk encryption configuration.Defines each system partition encryption parameters.Show example(s)
| |
features | FeaturesConfig | Features describe individual Talos features that can be switched on or off. Show example(s)
| |
udev | UdevConfig | Configures the udev system. Show example(s)
| |
logging | LoggingConfig | Configures the logging system. Show example(s)
| |
kernel | KernelConfig | Configures the kernel. Show example(s)
| |
seccompProfiles | []MachineSeccompProfile | Configures the seccomp profiles for the machine. Show example(s)
| |
nodeLabels | map[string]string | Configures the node labels for the machine.Note: In the default Kubernetes configuration, worker nodes are restricted to set labels with some prefixes (see NodeRestriction admission plugin). Show example(s)
| |
nodeAnnotations | map[string]string | Configures the node annotations for the machine. Show example(s)
| |
nodeTaints | map[string]string | Configures the node taints for the machine. Effect is optional.Note: In the default Kubernetes configuration, worker nodes are not allowed to modify the taints (see NodeRestriction admission plugin). Show example(s)
|
controlPlane
MachineControlPlaneConfig machine specific configuration options.
machine:
controlPlane:
# Controller manager machine specific configuration options.
controllerManager:
disabled: false # Disable kube-controller-manager on the node.
# Scheduler machine specific configuration options.
scheduler:
disabled: true # Disable kube-scheduler on the node.
Field | Type | Description | Value(s) |
---|---|---|---|
controllerManager | MachineControllerManagerConfig | Controller manager machine specific configuration options. | |
scheduler | MachineSchedulerConfig | Scheduler machine specific configuration options. |
controllerManager
MachineControllerManagerConfig represents the machine specific ControllerManager config values.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable kube-controller-manager on the node. |
scheduler
MachineSchedulerConfig represents the machine specific Scheduler config values.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable kube-scheduler on the node. |
kubelet
KubeletConfig represents the kubelet config values.
machine:
kubelet:
image: ghcr.io/siderolabs/kubelet:v1.31.1 # The `image` field is an optional reference to an alternative kubelet image.
# The `extraArgs` field is used to provide additional flags to the kubelet.
extraArgs:
feature-gates: ServerSideApply=true
# # The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list.
# clusterDNS:
# - 10.96.0.10
# - 169.254.2.53
# # The `extraMounts` field is used to add additional mounts to the kubelet container.
# extraMounts:
# - destination: /var/lib/example # Destination is the absolute path where the mount will be placed in the container.
# type: bind # Type specifies the mount kind.
# source: /var/lib/example # Source specifies the source path of the mount.
# # Options are fstab style mount options.
# options:
# - bind
# - rshared
# - rw
# # The `extraConfig` field is used to provide kubelet configuration overrides.
# extraConfig:
# serverTLSBootstrap: true
# # The `KubeletCredentialProviderConfig` field is used to provide kubelet credential configuration.
# credentialProviderConfig:
# apiVersion: kubelet.config.k8s.io/v1
# kind: CredentialProviderConfig
# providers:
# - apiVersion: credentialprovider.kubelet.k8s.io/v1
# defaultCacheDuration: 12h
# matchImages:
# - '*.dkr.ecr.*.amazonaws.com'
# - '*.dkr.ecr.*.amazonaws.com.cn'
# - '*.dkr.ecr-fips.*.amazonaws.com'
# - '*.dkr.ecr.us-iso-east-1.c2s.ic.gov'
# - '*.dkr.ecr.us-isob-east-1.sc2s.sgov.gov'
# name: ecr-credential-provider
# # The `nodeIP` field is used to configure `--node-ip` flag for the kubelet.
# nodeIP:
# # The `validSubnets` field configures the networks to pick kubelet node IP from.
# validSubnets:
# - 10.0.0.0/8
# - '!10.0.0.3/32'
# - fdc7::/16
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | The image field is an optional reference to an alternative kubelet image. Show example(s)
| |
clusterDNS | []string | The ClusterDNS field is an optional reference to an alternative kubelet clusterDNS ip list. Show example(s)
| |
extraArgs | map[string]string | The extraArgs field is used to provide additional flags to the kubelet. Show example(s)
| |
extraMounts | []ExtraMount | The Note that either | |
extraConfig | Unstructured | The | |
credentialProviderConfig | Unstructured | The KubeletCredentialProviderConfig field is used to provide kubelet credential configuration. Show example(s)
| |
defaultRuntimeSeccompProfileEnabled | bool | Enable container runtime default Seccomp profile. | true yes false no |
registerWithFQDN | bool | The This is required in clouds like AWS. | true yes false no |
nodeIP | KubeletNodeIPConfig | The This is used when a node has multiple addresses to choose from. | |
skipNodeRegistration | bool | The This runs kubelet as standalone and only runs static pods. | true yes false no |
disableManifestsDirectory | bool | The It’s recommended to configure static pods with the “pods” key instead. | true yes false no |
extraMounts[]
ExtraMount wraps OCI Mount specification.
machine:
kubelet:
extraMounts:
- destination: /var/lib/example # Destination is the absolute path where the mount will be placed in the container.
type: bind # Type specifies the mount kind.
source: /var/lib/example # Source specifies the source path of the mount.
# Options are fstab style mount options.
options:
- bind
- rshared
- rw
Field | Type | Description | Value(s) |
---|---|---|---|
destination | string | Destination is the absolute path where the mount will be placed in the container. | |
type | string | Type specifies the mount kind. | |
source | string | Source specifies the source path of the mount. | |
options | []string | Options are fstab style mount options. | |
uidMappings | []LinuxIDMapping | UID/GID mappings used for changing file owners w/o calling chown, fs should support it.Every mount point could have its own mapping. | |
gidMappings | []LinuxIDMapping | UID/GID mappings used for changing file owners w/o calling chown, fs should support it.Every mount point could have its own mapping. |
uidMappings[]
LinuxIDMapping represents the Linux ID mapping.
Field | Type | Description | Value(s) |
---|---|---|---|
containerID | uint32 | ContainerID is the starting UID/GID in the container. | |
hostID | uint32 | HostID is the starting UID/GID on the host to be mapped to ‘ContainerID’. | |
size | uint32 | Size is the number of IDs to be mapped. |
gidMappings[]
LinuxIDMapping represents the Linux ID mapping.
Field | Type | Description | Value(s) |
---|---|---|---|
containerID | uint32 | ContainerID is the starting UID/GID in the container. | |
hostID | uint32 | HostID is the starting UID/GID on the host to be mapped to ‘ContainerID’. | |
size | uint32 | Size is the number of IDs to be mapped. |
nodeIP
KubeletNodeIPConfig represents the kubelet node IP configuration.
machine:
kubelet:
nodeIP:
# The `validSubnets` field configures the networks to pick kubelet node IP from.
validSubnets:
- 10.0.0.0/8
- '!10.0.0.3/32'
- fdc7::/16
Field | Type | Description | Value(s) |
---|---|---|---|
validSubnets | []string | The For dual stack configuration, there should be two subnets: one for IPv4, another for IPv6. |
network
NetworkConfig represents the machine’s networking config values.
machine:
network:
hostname: worker-1 # Used to statically set the hostname for the machine.
# `interfaces` is used to define the network interface configuration.
interfaces:
- interface: enp0s1 # The interface name.
# Assigns static IP addresses to the interface.
addresses:
- 192.168.2.0/24
# A list of routes associated with the interface.
routes:
- network: 0.0.0.0/0 # The route's network (destination).
gateway: 192.168.2.1 # The route's gateway (if empty, creates link scope route).
metric: 1024 # The optional metric for the route.
mtu: 1500 # The interface's MTU.
# # Picks a network device using the selector.
# # select a device with bus prefix 00:*.
# deviceSelector:
# busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# # select a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# # Bond specific options.
# bond:
# # The interfaces that make up the bond.
# interfaces:
# - enp2s0
# - enp2s1
# # Picks a network device using the selector.
# deviceSelectors:
# - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# mode: 802.3ad # A bond option.
# lacpRate: fast # A bond option.
# # Bridge specific options.
# bridge:
# # The interfaces that make up the bridge.
# interfaces:
# - enxda4042ca9a51
# - enxae2a6774c259
# # A bridge option.
# stp:
# enabled: true # Whether Spanning Tree Protocol (STP) is enabled.
# # Indicates if DHCP should be used to configure the interface.
# dhcp: true
# # DHCP specific options.
# dhcpOptions:
# routeMetric: 1024 # The priority of all routes received via DHCP.
# # Wireguard specific configuration.
# # wireguard server example
# wireguard:
# privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
# listenPort: 51111 # Specifies a device's listening port.
# # Specifies a list of peer configurations to apply to a device.
# peers:
# - publicKey: ABCDEF... # Specifies the public key of this peer.
# endpoint: 192.168.1.3 # Specifies the endpoint of this peer entry.
# # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
# allowedIPs:
# - 192.168.1.0/24
# # wireguard peer example
# wireguard:
# privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
# # Specifies a list of peer configurations to apply to a device.
# peers:
# - publicKey: ABCDEF... # Specifies the public key of this peer.
# endpoint: 192.168.1.2:51822 # Specifies the endpoint of this peer entry.
# persistentKeepaliveInterval: 10s # Specifies the persistent keepalive interval for this peer.
# # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
# allowedIPs:
# - 192.168.1.0/24
# # Virtual (shared) IP address configuration.
# # layer2 vip example
# vip:
# ip: 172.16.199.55 # Specifies the IP address to be used.
# Used to statically set the nameservers for the machine.
nameservers:
- 9.8.7.6
- 8.7.6.5
# # Allows for extra entries to be added to the `/etc/hosts` file
# extraHostEntries:
# - ip: 192.168.1.100 # The IP of the host.
# # The host alias.
# aliases:
# - example
# - example.domain.tld
# # Configures KubeSpan feature.
# kubespan:
# enabled: true # Enable the KubeSpan feature.
Field | Type | Description | Value(s) |
---|---|---|---|
hostname | string | Used to statically set the hostname for the machine. | |
interfaces | []Device | By default all network interfaces will attempt a DHCP discovery. | |
nameservers | []string | Used to statically set the nameservers for the machine.Defaults to1.1.1.1 and 8.8.8.8 Show example(s)
| |
extraHostEntries | []ExtraHost | Allows for extra entries to be added to the /etc/hosts file Show example(s)
| |
kubespan | NetworkKubeSpan | Configures KubeSpan feature. Show example(s)
| |
disableSearchDomain | bool | Disable generating a default search domain in /etc/resolv.confbased on the machine hostname.Defaults to false . | true yes false no |
interfaces[]
Device represents a network interface.
machine:
network:
interfaces:
- interface: enp0s1 # The interface name.
# Assigns static IP addresses to the interface.
addresses:
- 192.168.2.0/24
# A list of routes associated with the interface.
routes:
- network: 0.0.0.0/0 # The route's network (destination).
gateway: 192.168.2.1 # The route's gateway (if empty, creates link scope route).
metric: 1024 # The optional metric for the route.
mtu: 1500 # The interface's MTU.
# # Picks a network device using the selector.
# # select a device with bus prefix 00:*.
# deviceSelector:
# busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# # select a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelector:
# - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# # Bond specific options.
# bond:
# # The interfaces that make up the bond.
# interfaces:
# - enp2s0
# - enp2s1
# # Picks a network device using the selector.
# deviceSelectors:
# - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
# mode: 802.3ad # A bond option.
# lacpRate: fast # A bond option.
# # Bridge specific options.
# bridge:
# # The interfaces that make up the bridge.
# interfaces:
# - enxda4042ca9a51
# - enxae2a6774c259
# # A bridge option.
# stp:
# enabled: true # Whether Spanning Tree Protocol (STP) is enabled.
# # Indicates if DHCP should be used to configure the interface.
# dhcp: true
# # DHCP specific options.
# dhcpOptions:
# routeMetric: 1024 # The priority of all routes received via DHCP.
# # Wireguard specific configuration.
# # wireguard server example
# wireguard:
# privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
# listenPort: 51111 # Specifies a device's listening port.
# # Specifies a list of peer configurations to apply to a device.
# peers:
# - publicKey: ABCDEF... # Specifies the public key of this peer.
# endpoint: 192.168.1.3 # Specifies the endpoint of this peer entry.
# # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
# allowedIPs:
# - 192.168.1.0/24
# # wireguard peer example
# wireguard:
# privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
# # Specifies a list of peer configurations to apply to a device.
# peers:
# - publicKey: ABCDEF... # Specifies the public key of this peer.
# endpoint: 192.168.1.2:51822 # Specifies the endpoint of this peer entry.
# persistentKeepaliveInterval: 10s # Specifies the persistent keepalive interval for this peer.
# # AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
# allowedIPs:
# - 192.168.1.0/24
# # Virtual (shared) IP address configuration.
# # layer2 vip example
# vip:
# ip: 172.16.199.55 # Specifies the IP address to be used.
Field | Type | Description | Value(s) |
---|---|---|---|
interface | string | The interface name.Mutually exclusive withdeviceSelector .Show example(s)
| |
deviceSelector | NetworkDeviceSelector | Picks a network device using the selector.Mutually exclusive withinterface .Supports partial match using wildcard syntax. Show example(s)
| |
addresses | []string | Assigns static IP addresses to the interface.An address can be specified either in proper CIDR notation or as a standalone address (netmask of all ones is assumed).Show example(s)
| |
routes | []Route | A list of routes associated with the interface.If used in combination with DHCP, these routes will be appended to routes returned by DHCP server.Show example(s)
| |
bond | Bond | Bond specific options. Show example(s)
| |
bridge | Bridge | Bridge specific options. Show example(s)
| |
vlans | []Vlan | VLAN specific options. | |
mtu | int | The interface’s MTU.If used in combination with DHCP, this will override any MTU settings returned from DHCP server. | |
dhcp | bool | Indicates if DHCP should be used to configure the interface.The following DHCP options are supported:- OptionClasslessStaticRoute - OptionDomainNameServer - OptionDNSDomainSearchList - OptionHostName Show example(s)
| |
ignore | bool | Indicates if the interface should be ignored (skips configuration). | |
dummy | bool | Indicates if the interface is a dummy interface.dummy is used to specify that this interface should be a virtual-only, dummy interface. | |
dhcpOptions | DHCPOptions | DHCP specific options.dhcp must be set to true for these to take effect.Show example(s)
| |
wireguard | DeviceWireguardConfig | Wireguard specific configuration.Includes things like private key, listen port, peers.Show example(s)
| |
vip | DeviceVIPConfig | Virtual (shared) IP address configuration. Show example(s)
|
deviceSelector
NetworkDeviceSelector struct describes network device selector.
machine:
network:
interfaces:
- deviceSelector:
busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
machine:
network:
interfaces:
- deviceSelector:
hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
driver: virtio # Kernel driver, supports matching by wildcard.
machine:
network:
interfaces:
- deviceSelector:
- busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
- hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
driver: virtio # Kernel driver, supports matching by wildcard.
Field | Type | Description | Value(s) |
---|---|---|---|
busPath | string | PCI, USB bus prefix, supports matching by wildcard. | |
hardwareAddr | string | Device hardware address, supports matching by wildcard. | |
pciID | string | PCI ID (vendor ID, product ID), supports matching by wildcard. | |
driver | string | Kernel driver, supports matching by wildcard. | |
physical | bool | Select only physical devices. |
routes[]
Route represents a network route.
machine:
network:
interfaces:
- routes:
- network: 0.0.0.0/0 # The route's network (destination).
gateway: 10.5.0.1 # The route's gateway (if empty, creates link scope route).
- network: 10.2.0.0/16 # The route's network (destination).
gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route).
Field | Type | Description | Value(s) |
---|---|---|---|
network | string | The route’s network (destination). | |
gateway | string | The route’s gateway (if empty, creates link scope route). | |
source | string | The route’s source address (optional). | |
metric | uint32 | The optional metric for the route. | |
mtu | uint32 | The optional MTU for the route. |
bond
Bond contains the various options for configuring a bonded interface.
machine:
network:
interfaces:
- bond:
# The interfaces that make up the bond.
interfaces:
- enp2s0
- enp2s1
mode: 802.3ad # A bond option.
lacpRate: fast # A bond option.
# # Picks a network device using the selector.
# # select a device with bus prefix 00:*, a device with mac address matching `*:f0:ab` and `virtio` kernel driver.
# deviceSelectors:
# - busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
# - hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
# driver: virtio # Kernel driver, supports matching by wildcard.
Field | Type | Description | Value(s) |
---|---|---|---|
interfaces | []string | The interfaces that make up the bond. | |
deviceSelectors | []NetworkDeviceSelector | Picks a network device using the selector.Mutually exclusive withinterfaces .Supports partial match using wildcard syntax. Show example(s)
| |
arpIPTarget | []string | A bond option.Please see the official kernel documentation.Not supported at the moment. | |
mode | string | A bond option.Please see the official kernel documentation. | |
xmitHashPolicy | string | A bond option.Please see the official kernel documentation. | |
lacpRate | string | A bond option.Please see the official kernel documentation. | |
adActorSystem | string | A bond option.Please see the official kernel documentation.Not supported at the moment. | |
arpValidate | string | A bond option.Please see the official kernel documentation. | |
arpAllTargets | string | A bond option.Please see the official kernel documentation. | |
primary | string | A bond option.Please see the official kernel documentation. | |
primaryReselect | string | A bond option.Please see the official kernel documentation. | |
failOverMac | string | A bond option.Please see the official kernel documentation. | |
adSelect | string | A bond option.Please see the official kernel documentation. | |
miimon | uint32 | A bond option.Please see the official kernel documentation. | |
updelay | uint32 | A bond option.Please see the official kernel documentation. | |
downdelay | uint32 | A bond option.Please see the official kernel documentation. | |
arpInterval | uint32 | A bond option.Please see the official kernel documentation. | |
resendIgmp | uint32 | A bond option.Please see the official kernel documentation. | |
minLinks | uint32 | A bond option.Please see the official kernel documentation. | |
lpInterval | uint32 | A bond option.Please see the official kernel documentation. | |
packetsPerSlave | uint32 | A bond option.Please see the official kernel documentation. | |
numPeerNotif | uint8 | A bond option.Please see the official kernel documentation. | |
tlbDynamicLb | uint8 | A bond option.Please see the official kernel documentation. | |
allSlavesActive | uint8 | A bond option.Please see the official kernel documentation. | |
useCarrier | bool | A bond option.Please see the official kernel documentation. | |
adActorSysPrio | uint16 | A bond option.Please see the official kernel documentation. | |
adUserPortKey | uint16 | A bond option.Please see the official kernel documentation. | |
peerNotifyDelay | uint32 | A bond option.Please see the official kernel documentation. |
deviceSelectors[]
NetworkDeviceSelector struct describes network device selector.
machine:
network:
interfaces:
- bond:
deviceSelectors:
busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
machine:
network:
interfaces:
- bond:
deviceSelectors:
hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
driver: virtio # Kernel driver, supports matching by wildcard.
machine:
network:
interfaces:
- bond:
deviceSelectors:
- busPath: 00:* # PCI, USB bus prefix, supports matching by wildcard.
- hardwareAddr: '*:f0:ab' # Device hardware address, supports matching by wildcard.
driver: virtio # Kernel driver, supports matching by wildcard.
Field | Type | Description | Value(s) |
---|---|---|---|
busPath | string | PCI, USB bus prefix, supports matching by wildcard. | |
hardwareAddr | string | Device hardware address, supports matching by wildcard. | |
pciID | string | PCI ID (vendor ID, product ID), supports matching by wildcard. | |
driver | string | Kernel driver, supports matching by wildcard. | |
physical | bool | Select only physical devices. |
bridge
Bridge contains the various options for configuring a bridge interface.
machine:
network:
interfaces:
- bridge:
# The interfaces that make up the bridge.
interfaces:
- enxda4042ca9a51
- enxae2a6774c259
# A bridge option.
stp:
enabled: true # Whether Spanning Tree Protocol (STP) is enabled.
Field | Type | Description | Value(s) |
---|---|---|---|
interfaces | []string | The interfaces that make up the bridge. | |
stp | STP | A bridge option.Please see the official kernel documentation. | |
vlan | BridgeVLAN | A bridge option.Please see the official kernel documentation. |
stp
STP contains the various options for configuring the STP properties of a bridge interface.
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Whether Spanning Tree Protocol (STP) is enabled. |
vlan
BridgeVLAN contains the various options for configuring the VLAN properties of a bridge interface.
Field | Type | Description | Value(s) |
---|---|---|---|
vlanFiltering | bool | Whether VLAN filtering is enabled. |
vlans[]
Vlan represents vlan settings for a device.
Field | Type | Description | Value(s) |
---|---|---|---|
addresses | []string | The addresses in CIDR notation or as plain IPs to use. | |
routes | []Route | A list of routes associated with the VLAN. | |
dhcp | bool | Indicates if DHCP should be used. | |
vlanId | uint16 | The VLAN’s ID. | |
mtu | uint32 | The VLAN’s MTU. | |
vip | DeviceVIPConfig | The VLAN’s virtual IP address configuration. | |
dhcpOptions | DHCPOptions | DHCP specific options.dhcp must be set to true for these to take effect. |
routes[]
Route represents a network route.
machine:
network:
interfaces:
- vlans:
- routes:
- network: 0.0.0.0/0 # The route's network (destination).
gateway: 10.5.0.1 # The route's gateway (if empty, creates link scope route).
- network: 10.2.0.0/16 # The route's network (destination).
gateway: 10.2.0.1 # The route's gateway (if empty, creates link scope route).
Field | Type | Description | Value(s) |
---|---|---|---|
network | string | The route’s network (destination). | |
gateway | string | The route’s gateway (if empty, creates link scope route). | |
source | string | The route’s source address (optional). | |
metric | uint32 | The optional metric for the route. | |
mtu | uint32 | The optional MTU for the route. |
vip
DeviceVIPConfig contains settings for configuring a Virtual Shared IP on an interface.
machine:
network:
interfaces:
- vlans:
- vip:
ip: 172.16.199.55 # Specifies the IP address to be used.
Field | Type | Description | Value(s) |
---|---|---|---|
ip | string | Specifies the IP address to be used. | |
equinixMetal | VIPEquinixMetalConfig | Specifies the Equinix Metal API settings to assign VIP to the node. | |
hcloud | VIPHCloudConfig | Specifies the Hetzner Cloud API settings to assign VIP to the node. |
equinixMetal
VIPEquinixMetalConfig contains settings for Equinix Metal VIP management.
Field | Type | Description | Value(s) |
---|---|---|---|
apiToken | string | Specifies the Equinix Metal API Token. |
hcloud
VIPHCloudConfig contains settings for Hetzner Cloud VIP management.
Field | Type | Description | Value(s) |
---|---|---|---|
apiToken | string | Specifies the Hetzner Cloud API Token. |
dhcpOptions
DHCPOptions contains options for configuring the DHCP settings for a given interface.
machine:
network:
interfaces:
- vlans:
- dhcpOptions:
routeMetric: 1024 # The priority of all routes received via DHCP.
Field | Type | Description | Value(s) |
---|---|---|---|
routeMetric | uint32 | The priority of all routes received via DHCP. | |
ipv4 | bool | Enables DHCPv4 protocol for the interface (default is enabled). | |
ipv6 | bool | Enables DHCPv6 protocol for the interface (default is disabled). | |
duidv6 | string | Set client DUID (hex string). |
dhcpOptions
DHCPOptions contains options for configuring the DHCP settings for a given interface.
machine:
network:
interfaces:
- dhcpOptions:
routeMetric: 1024 # The priority of all routes received via DHCP.
Field | Type | Description | Value(s) |
---|---|---|---|
routeMetric | uint32 | The priority of all routes received via DHCP. | |
ipv4 | bool | Enables DHCPv4 protocol for the interface (default is enabled). | |
ipv6 | bool | Enables DHCPv6 protocol for the interface (default is disabled). | |
duidv6 | string | Set client DUID (hex string). |
wireguard
DeviceWireguardConfig contains settings for configuring Wireguard network interface.
machine:
network:
interfaces:
- wireguard:
privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
listenPort: 51111 # Specifies a device's listening port.
# Specifies a list of peer configurations to apply to a device.
peers:
- publicKey: ABCDEF... # Specifies the public key of this peer.
endpoint: 192.168.1.3 # Specifies the endpoint of this peer entry.
# AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
allowedIPs:
- 192.168.1.0/24
machine:
network:
interfaces:
- wireguard:
privateKey: ABCDEF... # Specifies a private key configuration (base64 encoded).
# Specifies a list of peer configurations to apply to a device.
peers:
- publicKey: ABCDEF... # Specifies the public key of this peer.
endpoint: 192.168.1.2:51822 # Specifies the endpoint of this peer entry.
persistentKeepaliveInterval: 10s # Specifies the persistent keepalive interval for this peer.
# AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer.
allowedIPs:
- 192.168.1.0/24
Field | Type | Description | Value(s) |
---|---|---|---|
privateKey | string | Specifies a private key configuration (base64 encoded).Can be generated bywg genkey . | |
listenPort | int | Specifies a device’s listening port. | |
firewallMark | int | Specifies a device’s firewall mark. | |
peers | []DeviceWireguardPeer | Specifies a list of peer configurations to apply to a device. |
peers[]
DeviceWireguardPeer a WireGuard device peer configuration.
Field | Type | Description | Value(s) |
---|---|---|---|
publicKey | string | Specifies the public key of this peer.Can be extracted from private key by runningwg pubkey < private.key > public.key && cat public.key . | |
endpoint | string | Specifies the endpoint of this peer entry. | |
persistentKeepaliveInterval | Duration | Specifies the persistent keepalive interval for this peer.Field format accepts any Go time.Duration format (‘1h’ for one hour, ‘10m’ for ten minutes). | |
allowedIPs | []string | AllowedIPs specifies a list of allowed IP addresses in CIDR notation for this peer. |
vip
DeviceVIPConfig contains settings for configuring a Virtual Shared IP on an interface.
machine:
network:
interfaces:
- vip:
ip: 172.16.199.55 # Specifies the IP address to be used.
Field | Type | Description | Value(s) |
---|---|---|---|
ip | string | Specifies the IP address to be used. | |
equinixMetal | VIPEquinixMetalConfig | Specifies the Equinix Metal API settings to assign VIP to the node. | |
hcloud | VIPHCloudConfig | Specifies the Hetzner Cloud API settings to assign VIP to the node. |
equinixMetal
VIPEquinixMetalConfig contains settings for Equinix Metal VIP management.
Field | Type | Description | Value(s) |
---|---|---|---|
apiToken | string | Specifies the Equinix Metal API Token. |
hcloud
VIPHCloudConfig contains settings for Hetzner Cloud VIP management.
Field | Type | Description | Value(s) |
---|---|---|---|
apiToken | string | Specifies the Hetzner Cloud API Token. |
extraHostEntries[]
ExtraHost represents a host entry in /etc/hosts.
machine:
network:
extraHostEntries:
- ip: 192.168.1.100 # The IP of the host.
# The host alias.
aliases:
- example
- example.domain.tld
Field | Type | Description | Value(s) |
---|---|---|---|
ip | string | The IP of the host. | |
aliases | []string | The host alias. |
kubespan
NetworkKubeSpan struct describes KubeSpan configuration.
machine:
network:
kubespan:
enabled: true # Enable the KubeSpan feature.
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable the KubeSpan feature.Cluster discovery should be enabled with .cluster.discovery.enabled for KubeSpan to be enabled. | |
advertiseKubernetesNetworks | bool | Control whether Kubernetes pod CIDRs are announced over KubeSpan from the node.If disabled, CNI handles encapsulating pod-to-pod traffic into some node-to-node tunnel,and KubeSpan handles the node-to-node traffic. If enabled, KubeSpan will take over pod-to-pod traffic and send it over KubeSpan directly. When enabled, KubeSpan should have a way to detect complete pod CIDRs of the node which is not always the case with CNIs not relying on Kubernetes for IPAM. | |
allowDownPeerBypass | bool | Skip sending traffic via KubeSpan if the peer connection state is not up.This provides configurable choice between connectivity and security: either traffic is alwaysforced to go via KubeSpan (even if Wireguard peer connection is not up), or traffic can go directly to the peer if Wireguard connection can’t be established. | |
harvestExtraEndpoints | bool | KubeSpan can collect and publish extra endpoints for each member of the clusterbased on Wireguard endpoint information for each peer.This feature is disabled by default, don’t enable it with high number of peers (>50) in the KubeSpan network (performance issues). | |
mtu | uint32 | KubeSpan link MTU size.Default value is 1420. | |
filters | KubeSpanFilters | KubeSpan advanced filtering of network addresses .Settings in this section are optional, and settings apply only to the node. |
filters
KubeSpanFilters struct describes KubeSpan advanced network addresses filtering.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoints | []string | Filter node addresses which will be advertised as KubeSpan endpoints for peer-to-peer Wireguard connections.By default, all addresses are advertised, and KubeSpan cycles through all endpoints until it finds one that works. Default value: no filtering. Show example(s)
|
disks[]
MachineDisk represents the options available for partitioning, formatting, and mounting extra disks.
machine:
disks:
- device: /dev/sdb # The name of the disk to use.
# A list of partitions to create on the disk.
partitions:
- mountpoint: /var/mnt/extra # Where to mount the partition.
# # The size of partition: either bytes or human readable representation. If `size:` is omitted, the partition is sized to occupy the full disk.
# # Human readable representation.
# size: 100 MB
# # Precise value in bytes.
# size: 1073741824
Field | Type | Description | Value(s) |
---|---|---|---|
device | string | The name of the disk to use. | |
partitions | []DiskPartition | A list of partitions to create on the disk. |
partitions[]
DiskPartition represents the options for a disk partition.
Field | Type | Description | Value(s) |
---|---|---|---|
size | DiskSize | The size of partition: either bytes or human readable representation. If size: is omitted, the partition is sized to occupy the full disk. Show example(s)
| |
mountpoint | string | Where to mount the partition. |
install
InstallConfig represents the installation options for preparing a node.
machine:
install:
disk: /dev/sda # The disk used for installations.
# Allows for supplying extra kernel args via the bootloader.
extraKernelArgs:
- console=ttyS1
- panic=10
image: ghcr.io/siderolabs/installer:latest # Allows for supplying the image used to perform the installation.
wipe: false # Indicates if the installation disk should be wiped at installation time.
# # Look up disk using disk attributes like model, size, serial and others.
# diskSelector:
# size: 4GB # Disk size.
# model: WDC* # Disk model `/sys/block/<dev>/device/model`.
# busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0 # Disk bus path.
# # Allows for supplying additional system extension images to install on top of base Talos image.
# extensions:
# - image: ghcr.io/siderolabs/gvisor:20220117.0-v1.0.0 # System extension image.
Field | Type | Description | Value(s) |
---|---|---|---|
disk | string | The disk used for installations. Show example(s)
| |
diskSelector | InstallDiskSelector | Look up disk using disk attributes like model, size, serial and others.Always has priority overdisk .Show example(s)
| |
extraKernelArgs | []string | Allows for supplying extra kernel args via the bootloader.Existing kernel args can be removed by prefixing the argument with a- .For example -console removes all console=<value> arguments, whereas -console=tty0 removes the console=tty0 default argument.Show example(s)
| |
image | string | Allows for supplying the image used to perform the installation.Image reference for each Talos release can be found onGitHub releases page. Show example(s)
| |
extensions | []InstallExtensionConfig | Allows for supplying additional system extension images to install on top of base Talos image. Show example(s)
| |
wipe | bool | Indicates if the installation disk should be wiped at installation time.Defaults totrue . | true yes false no |
legacyBIOSSupport | bool | Indicates if MBR partition should be marked as bootable (active).Should be enabled only for the systems with legacy BIOS that doesn’t support GPT partitioning scheme. |
diskSelector
InstallDiskSelector represents a disk query parameters for the install disk lookup.
machine:
install:
diskSelector:
size: '>= 1TB' # Disk size.
model: WDC* # Disk model `/sys/block/<dev>/device/model`.
# # Disk bus path.
# busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0
# busPath: /pci0000:00/*
Field | Type | Description | Value(s) |
---|---|---|---|
size | InstallDiskSizeMatcher | Disk size. Show example(s)
| |
name | string | Disk name /sys/block/<dev>/device/name . | |
model | string | Disk model /sys/block/<dev>/device/model . | |
serial | string | Disk serial number /sys/block/<dev>/serial . | |
modalias | string | Disk modalias /sys/block/<dev>/device/modalias . | |
uuid | string | Disk UUID /sys/block/<dev>/uuid . | |
wwid | string | Disk WWID /sys/block/<dev>/wwid . | |
type | InstallDiskType | Disk Type. | ssd hdd nvme sd |
busPath | string | Disk bus path. Show example(s)
|
extensions[]
InstallExtensionConfig represents a configuration for a system extension.
machine:
install:
extensions:
- image: ghcr.io/siderolabs/gvisor:20220117.0-v1.0.0 # System extension image.
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | System extension image. |
files[]
MachineFile represents a file to write to disk.
machine:
files:
- content: '...' # The contents of the file.
permissions: 0o666 # The file's permissions in octal.
path: /tmp/file.txt # The path of the file.
op: append # The operation to use
Field | Type | Description | Value(s) |
---|---|---|---|
content | string | The contents of the file. | |
permissions | FileMode | The file’s permissions in octal. | |
path | string | The path of the file. | |
op | string | The operation to use | create append overwrite |
time
TimeConfig represents the options for configuring time on a machine.
machine:
time:
disabled: false # Indicates if the time service is disabled for the machine.
# description: |
servers:
- time.cloudflare.com
bootTimeout: 2m0s # Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Indicates if the time service is disabled for the machine.Defaults tofalse . | |
servers | []string | description: | Specifies time (NTP) servers to use for setting the system time. Defaults to time.cloudflare.com .Talos can also sync to the PTP time source (e.g provided by the hypervisor), provide the path to the PTP device as “/dev/ptp0” or “/dev/ptp_kvm”. |
bootTimeout | Duration | Specifies the timeout when the node time is considered to be in sync unlocking the boot sequence.NTP sync will be still running in the background.Defaults to “infinity” (waiting forever for time sync) |
registries
RegistriesConfig represents the image pull options.
machine:
registries:
# Specifies mirror configuration for each registry host namespace.
mirrors:
docker.io:
# List of endpoints (URLs) for registry mirrors to use.
endpoints:
- https://registry.local
# Specifies TLS & auth configuration for HTTPS image registries.
config:
registry.local:
# The TLS configuration for the registry.
tls:
# Enable mutual TLS authentication with the registry.
clientIdentity:
crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
# The auth configuration for this registry.
auth:
username: username # Optional registry authentication.
password: password # Optional registry authentication.
Field | Type | Description | Value(s) |
---|---|---|---|
mirrors | map[string]RegistryMirrorConfig | Specifies mirror configuration for each registry host namespace.This setting allows to configure local pull-through caching registires,air-gapped installations, etc. For example, when pulling an image with the reference example.com:123/image:v1 ,the example.com:123 key will be used to lookup the mirror configuration.Optionally the * key can be used to configure a fallback mirror.Registry name is the first segment of image identifier, with ‘docker.io’ being default one. Show example(s)
| |
config | map[string]RegistryConfig | Specifies TLS & auth configuration for HTTPS image registries.Mutual TLS can be enabled with ‘clientIdentity’ option.The full hostname and port (if not using a default port 443) should be used as the key. The fallback key * can’t be used for TLS configuration.TLS configuration can be skipped if registry has trusted server certificate. Show example(s)
|
mirrors.*
RegistryMirrorConfig represents mirror configuration for a registry.
machine:
registries:
mirrors:
ghcr.io:
# List of endpoints (URLs) for registry mirrors to use.
endpoints:
- https://registry.insecure
- https://ghcr.io/v2/
Field | Type | Description | Value(s) |
---|---|---|---|
endpoints | []string | List of endpoints (URLs) for registry mirrors to use.Endpoint configures HTTP/HTTPS access mode, host name,port and path (if path is not set, it defaults to /v2 ). | |
overridePath | bool | Use the exact path specified for the endpoint (don’t append /v2/).This setting is often required for setting up multiple mirrorson a single instance of a registry. |
config.*
RegistryConfig specifies auth & TLS config per registry.
machine:
registries:
config:
registry.insecure:
# The TLS configuration for the registry.
tls:
insecureSkipVerify: true # Skip TLS server certificate verification (not recommended).
# # Enable mutual TLS authentication with the registry.
# clientIdentity:
# crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
# key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
# # The auth configuration for this registry.
# auth:
# username: username # Optional registry authentication.
# password: password # Optional registry authentication.
Field | Type | Description | Value(s) |
---|---|---|---|
tls | RegistryTLSConfig | The TLS configuration for the registry. Show example(s)
| |
auth | RegistryAuthConfig | The auth configuration for this registry.Note: changes to the registry auth will not be picked up by the CRI containerd plugin without a reboot.Show example(s)
|
tls
RegistryTLSConfig specifies TLS config for HTTPS registries.
machine:
registries:
config:
example.com:
tls:
# Enable mutual TLS authentication with the registry.
clientIdentity:
crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
machine:
registries:
config:
example.com:
tls:
insecureSkipVerify: true # Skip TLS server certificate verification (not recommended).
# # Enable mutual TLS authentication with the registry.
# clientIdentity:
# crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
# key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
Field | Type | Description | Value(s) |
---|---|---|---|
clientIdentity | PEMEncodedCertificateAndKey | Enable mutual TLS authentication with the registry.Client certificate and key should be base64-encoded.Show example(s)
| |
ca | Base64Bytes | CA registry certificate to add the list of trusted certificates.Certificate should be base64-encoded. | |
insecureSkipVerify | bool | Skip TLS server certificate verification (not recommended). |
auth
RegistryAuthConfig specifies authentication configuration for a registry.
machine:
registries:
config:
example.com:
auth:
username: username # Optional registry authentication.
password: password # Optional registry authentication.
Field | Type | Description | Value(s) |
---|---|---|---|
username | string | Optional registry authentication.The meaning of each field is the same with the corresponding field in.docker/config.json . | |
password | string | Optional registry authentication.The meaning of each field is the same with the corresponding field in.docker/config.json . | |
auth | string | Optional registry authentication.The meaning of each field is the same with the corresponding field in.docker/config.json . | |
identityToken | string | Optional registry authentication.The meaning of each field is the same with the corresponding field in.docker/config.json . |
systemDiskEncryption
SystemDiskEncryptionConfig specifies system disk partitions encryption settings.
machine:
systemDiskEncryption:
# Ephemeral partition encryption.
ephemeral:
provider: luks2 # Encryption provider to use for the encryption.
# Defines the encryption keys generation and storage method.
keys:
- # Deterministically generated key from the node UUID and PartitionLabel.
nodeID: {}
slot: 0 # Key slot number for LUKS2 encryption.
# # KMS managed encryption key.
# kms:
# endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
# # Cipher kind to use for the encryption. Depends on the encryption provider.
# cipher: aes-xts-plain64
# # Defines the encryption sector size.
# blockSize: 4096
# # Additional --perf parameters for the LUKS2 encryption.
# options:
# - no_read_workqueue
# - no_write_workqueue
Field | Type | Description | Value(s) |
---|---|---|---|
state | EncryptionConfig | State partition encryption. | |
ephemeral | EncryptionConfig | Ephemeral partition encryption. |
state
EncryptionConfig represents partition encryption settings.
Field | Type | Description | Value(s) |
---|---|---|---|
provider | string | Encryption provider to use for the encryption. Show example(s)
| |
keys | []EncryptionKey | Defines the encryption keys generation and storage method. | |
cipher | string | Cipher kind to use for the encryption. Depends on the encryption provider. Show example(s)
| aes-xts-plain64 xchacha12,aes-adiantum-plain64 xchacha20,aes-adiantum-plain64 |
keySize | uint | Defines the encryption key length. | |
blockSize | uint64 | Defines the encryption sector size. Show example(s)
| |
options | []string | Additional –perf parameters for the LUKS2 encryption. Show example(s)
| no_read_workqueue no_write_workqueue same_cpu_crypt |
keys[]
EncryptionKey represents configuration for disk encryption key.
Field | Type | Description | Value(s) |
---|---|---|---|
static | EncryptionKeyStatic | Key which value is stored in the configuration file. | |
nodeID | EncryptionKeyNodeID | Deterministically generated key from the node UUID and PartitionLabel. | |
kms | EncryptionKeyKMS | KMS managed encryption key. Show example(s)
| |
slot | int | Key slot number for LUKS2 encryption. | |
tpm | EncryptionKeyTPM | Enable TPM based disk encryption. |
static
EncryptionKeyStatic represents throw away key type.
Field | Type | Description | Value(s) |
---|---|---|---|
passphrase | string | Defines the static passphrase value. |
nodeID
EncryptionKeyNodeID represents deterministically generated key from the node UUID and PartitionLabel.
kms
EncryptionKeyKMS represents a key that is generated and then sealed/unsealed by the KMS server.
machine:
systemDiskEncryption:
state:
keys:
- kms:
endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoint | string | KMS endpoint to Seal/Unseal the key. |
tpm
EncryptionKeyTPM represents a key that is generated and then sealed/unsealed by the TPM.
Field | Type | Description | Value(s) |
---|---|---|---|
checkSecurebootStatusOnEnroll | bool | Check that Secureboot is enabled in the EFI firmware.If Secureboot is not enabled, the enrollment of the key will fail. As the TPM key is anyways bound to the value of PCR 7, changing Secureboot status or configuration after the initial enrollment will make the key unusable. |
ephemeral
EncryptionConfig represents partition encryption settings.
Field | Type | Description | Value(s) |
---|---|---|---|
provider | string | Encryption provider to use for the encryption. Show example(s)
| |
keys | []EncryptionKey | Defines the encryption keys generation and storage method. | |
cipher | string | Cipher kind to use for the encryption. Depends on the encryption provider. Show example(s)
| aes-xts-plain64 xchacha12,aes-adiantum-plain64 xchacha20,aes-adiantum-plain64 |
keySize | uint | Defines the encryption key length. | |
blockSize | uint64 | Defines the encryption sector size. Show example(s)
| |
options | []string | Additional –perf parameters for the LUKS2 encryption. Show example(s)
| no_read_workqueue no_write_workqueue same_cpu_crypt |
keys[]
EncryptionKey represents configuration for disk encryption key.
Field | Type | Description | Value(s) |
---|---|---|---|
static | EncryptionKeyStatic | Key which value is stored in the configuration file. | |
nodeID | EncryptionKeyNodeID | Deterministically generated key from the node UUID and PartitionLabel. | |
kms | EncryptionKeyKMS | KMS managed encryption key. Show example(s)
| |
slot | int | Key slot number for LUKS2 encryption. | |
tpm | EncryptionKeyTPM | Enable TPM based disk encryption. |
static
EncryptionKeyStatic represents throw away key type.
Field | Type | Description | Value(s) |
---|---|---|---|
passphrase | string | Defines the static passphrase value. |
nodeID
EncryptionKeyNodeID represents deterministically generated key from the node UUID and PartitionLabel.
kms
EncryptionKeyKMS represents a key that is generated and then sealed/unsealed by the KMS server.
machine:
systemDiskEncryption:
ephemeral:
keys:
- kms:
endpoint: https://192.168.88.21:4443 # KMS endpoint to Seal/Unseal the key.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoint | string | KMS endpoint to Seal/Unseal the key. |
tpm
EncryptionKeyTPM represents a key that is generated and then sealed/unsealed by the TPM.
Field | Type | Description | Value(s) |
---|---|---|---|
checkSecurebootStatusOnEnroll | bool | Check that Secureboot is enabled in the EFI firmware.If Secureboot is not enabled, the enrollment of the key will fail. As the TPM key is anyways bound to the value of PCR 7, changing Secureboot status or configuration after the initial enrollment will make the key unusable. |
features
FeaturesConfig describes individual Talos features that can be switched on or off.
machine:
features:
rbac: true # Enable role-based access control (RBAC).
# # Configure Talos API access from Kubernetes pods.
# kubernetesTalosAPIAccess:
# enabled: true # Enable Talos API access from Kubernetes pods.
# # The list of Talos API roles which can be granted for access from Kubernetes pods.
# allowedRoles:
# - os:reader
# # The list of Kubernetes namespaces Talos API access is available from.
# allowedKubernetesNamespaces:
# - kube-system
Field | Type | Description | Value(s) |
---|---|---|---|
rbac | bool | Enable role-based access control (RBAC). | |
stableHostname | bool | Enable stable default hostname. | |
kubernetesTalosAPIAccess | KubernetesTalosAPIAccessConfig | Configure Talos API access from Kubernetes pods.This feature is disabled if the feature config is not specified. Show example(s)
| |
apidCheckExtKeyUsage | bool | Enable checks for extended key usage of client certificates in apid. | |
diskQuotaSupport | bool | Enable XFS project quota support for EPHEMERAL partition and user disks.Also enables kubelet tracking of ephemeral disk usage in the kubelet via quota. | |
kubePrism | KubePrism | KubePrism - local proxy/load balancer on defined port that will distributerequests to all API servers in the cluster. | |
hostDNS | HostDNSConfig | Configures host DNS caching resolver. |
kubernetesTalosAPIAccess
KubernetesTalosAPIAccessConfig describes the configuration for the Talos API access from Kubernetes pods.
machine:
features:
kubernetesTalosAPIAccess:
enabled: true # Enable Talos API access from Kubernetes pods.
# The list of Talos API roles which can be granted for access from Kubernetes pods.
allowedRoles:
- os:reader
# The list of Kubernetes namespaces Talos API access is available from.
allowedKubernetesNamespaces:
- kube-system
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable Talos API access from Kubernetes pods. | |
allowedRoles | []string | The list of Talos API roles which can be granted for access from Kubernetes pods.Empty list means that no roles can be granted, so access is blocked. | |
allowedKubernetesNamespaces | []string | The list of Kubernetes namespaces Talos API access is available from. |
kubePrism
KubePrism describes the configuration for the KubePrism load balancer.
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable KubePrism support - will start local load balancing proxy. | |
port | int | KubePrism port. |
hostDNS
HostDNSConfig describes the configuration for the host DNS resolver.
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable host DNS caching resolver. | |
forwardKubeDNSToHost | bool | Use the host DNS resolver as upstream for Kubernetes CoreDNS pods.When enabled, CoreDNS pods use host DNS server as the upstream DNS (instead of using configured upstream DNS resolvers directly). | |
resolveMemberNames | bool | Resolve member hostnames using the host DNS resolver.When enabled, cluster member hostnames and node names are resolved using the host DNS resolver. This requires service discovery to be enabled. |
udev
UdevConfig describes how the udev system should be configured.
machine:
udev:
# List of udev rules to apply to the udev system
rules:
- SUBSYSTEM=="drm", KERNEL=="renderD*", GROUP="44", MODE="0660"
Field | Type | Description | Value(s) |
---|---|---|---|
rules | []string | List of udev rules to apply to the udev system |
logging
LoggingConfig struct configures Talos logging.
machine:
logging:
# Logging destination.
destinations:
- endpoint: tcp://1.2.3.4:12345 # Where to send logs. Supported protocols are "tcp" and "udp".
format: json_lines # Logs format.
Field | Type | Description | Value(s) |
---|---|---|---|
destinations | []LoggingDestination | Logging destination. |
destinations[]
LoggingDestination struct configures Talos logging destination.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoint | Endpoint | Where to send logs. Supported protocols are “tcp” and “udp”. Show example(s)
| |
format | string | Logs format. | json_lines |
extraTags | map[string]string | Extra tags (key-value) pairs to attach to every log message sent. |
endpoint
Endpoint represents the endpoint URL parsed out of the machine config.
machine:
logging:
destinations:
- endpoint: https://1.2.3.4:6443
machine:
logging:
destinations:
- endpoint: https://cluster1.internal:6443
machine:
logging:
destinations:
- endpoint: udp://127.0.0.1:12345
machine:
logging:
destinations:
- endpoint: tcp://1.2.3.4:12345
Field | Type | Description | Value(s) |
---|
kernel
KernelConfig struct configures Talos Linux kernel.
machine:
kernel:
# Kernel modules to load.
modules:
- name: brtfs # Module name.
Field | Type | Description | Value(s) |
---|---|---|---|
modules | []KernelModuleConfig | Kernel modules to load. |
modules[]
KernelModuleConfig struct configures Linux kernel modules to load.
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Module name. | |
parameters | []string | Module parameters, changes applied after reboot. |
seccompProfiles[]
MachineSeccompProfile defines seccomp profiles for the machine.
machine:
seccompProfiles:
- name: audit.json # The `name` field is used to provide the file name of the seccomp profile.
# The `value` field is used to provide the seccomp profile.
value:
defaultAction: SCMP_ACT_LOG
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | The name field is used to provide the file name of the seccomp profile. | |
value | Unstructured | The value field is used to provide the seccomp profile. |
cluster
ClusterConfig represents the cluster-wide config values.
cluster:
# ControlPlaneConfig represents the control plane configuration options.
controlPlane:
endpoint: https://1.2.3.4 # Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname.
localAPIServerPort: 443 # The port that the API server listens on internally.
clusterName: talos.local
# ClusterNetworkConfig represents kube networking configuration options.
network:
# The CNI used.
cni:
name: flannel # Name of CNI to use.
dnsDomain: cluster.local # The domain used by Kubernetes DNS.
# The pod subnet CIDR.
podSubnets:
- 10.244.0.0/16
# The service subnet CIDR.
serviceSubnets:
- 10.96.0.0/12
Field | Type | Description | Value(s) |
---|---|---|---|
id | string | Globally unique identifier for this cluster (base64 encoded random 32 bytes). | |
secret | string | Shared secret of cluster (base64 encoded random 32 bytes).This secret is shared among cluster members but should never be sent over the network. | |
controlPlane | ControlPlaneConfig | Provides control plane specific configuration options. Show example(s)
| |
clusterName | string | Configures the cluster’s name. | |
network | ClusterNetworkConfig | Provides cluster specific network configuration options. Show example(s)
| |
token | string | The bootstrap token used to join the cluster. Show example(s)
| |
aescbcEncryptionSecret | string | A key used for the encryption of secret data at rest.Enables encryption with AESCBC.Show example(s)
| |
secretboxEncryptionSecret | string | A key used for the encryption of secret data at rest.Enables encryption with secretbox.Secretbox has precedence over AESCBC. Show example(s)
| |
ca | PEMEncodedCertificateAndKey | The base64 encoded root certificate authority used by Kubernetes. Show example(s)
| |
acceptedCAs | []PEMEncodedCertificate | The list of base64 encoded accepted certificate authorities used by Kubernetes. | |
aggregatorCA | PEMEncodedCertificateAndKey | The base64 encoded aggregator certificate authority used by Kubernetes for front-proxy certificate generation.This CA can be self-signed. Show example(s)
| |
serviceAccount | PEMEncodedKey | The base64 encoded private key for service account token generation. Show example(s)
| |
apiServer | APIServerConfig | API server specific configuration options. Show example(s)
| |
controllerManager | ControllerManagerConfig | Controller manager server specific configuration options. Show example(s)
| |
proxy | ProxyConfig | Kube-proxy server-specific configuration options Show example(s)
| |
scheduler | SchedulerConfig | Scheduler server specific configuration options. Show example(s)
| |
discovery | ClusterDiscoveryConfig | Configures cluster member discovery. Show example(s)
| |
etcd | EtcdConfig | Etcd specific configuration options. Show example(s)
| |
coreDNS | CoreDNS | Core DNS specific configuration options. Show example(s)
| |
externalCloudProvider | ExternalCloudProviderConfig | External cloud provider configuration. Show example(s)
| |
extraManifests | []string | A list of urls that point to additional manifests.These will get automatically deployed as part of the bootstrap.Show example(s)
| |
extraManifestHeaders | map[string]string | A map of key value pairs that will be added while fetching the extraManifests. Show example(s)
| |
inlineManifests | []ClusterInlineManifest | A list of inline Kubernetes manifests.These will get automatically deployed as part of the bootstrap.Show example(s)
| |
adminKubeconfig | AdminKubeconfigConfig | Settings for admin kubeconfig generation.Certificate lifetime can be configured.Show example(s)
| |
allowSchedulingOnControlPlanes | bool | Allows running workload on control-plane nodes. Show example(s)
| true yes false no |
controlPlane
ControlPlaneConfig represents the control plane configuration options.
cluster:
controlPlane:
endpoint: https://1.2.3.4 # Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname.
localAPIServerPort: 443 # The port that the API server listens on internally.
Field | Type | Description | Value(s) |
---|---|---|---|
endpoint | Endpoint | Endpoint is the canonical controlplane endpoint, which can be an IP address or a DNS hostname.It is single-valued, and may optionally include a port number.Show example(s)
| |
localAPIServerPort | int | The port that the API server listens on internally.This may be different than the port portion listed in the endpoint field above.The default is 6443 . |
endpoint
Endpoint represents the endpoint URL parsed out of the machine config.
cluster:
controlPlane:
endpoint: https://1.2.3.4:6443
cluster:
controlPlane:
endpoint: https://cluster1.internal:6443
cluster:
controlPlane:
endpoint: udp://127.0.0.1:12345
cluster:
controlPlane:
endpoint: tcp://1.2.3.4:12345
Field | Type | Description | Value(s) |
---|
network
ClusterNetworkConfig represents kube networking configuration options.
cluster:
network:
# The CNI used.
cni:
name: flannel # Name of CNI to use.
dnsDomain: cluster.local # The domain used by Kubernetes DNS.
# The pod subnet CIDR.
podSubnets:
- 10.244.0.0/16
# The service subnet CIDR.
serviceSubnets:
- 10.96.0.0/12
Field | Type | Description | Value(s) |
---|---|---|---|
cni | CNIConfig | The CNI used.Composed of “name” and “urls”.The “name” key supports the following options: “flannel”, “custom”, and “none”. “flannel” uses Talos-managed Flannel CNI, and that’s the default option. “custom” uses custom manifests that should be provided in “urls”. “none” indicates that Talos will not manage any CNI installation. Show example(s)
| |
dnsDomain | string | The domain used by Kubernetes DNS.The default iscluster.local Show example(s)
| |
podSubnets | []string | The pod subnet CIDR. Show example(s)
| |
serviceSubnets | []string | The service subnet CIDR. Show example(s)
|
cni
CNIConfig represents the CNI configuration options.
cluster:
network:
cni:
name: custom # Name of CNI to use.
# URLs containing manifests to apply for the CNI.
urls:
- https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of CNI to use. | flannel custom none |
urls | []string | URLs containing manifests to apply for the CNI.Should be present for “custom”, must be empty for “flannel” and “none”. | |
flannel | FlannelCNIConfig | description: | Flannel configuration options. |
flannel
FlannelCNIConfig represents the Flannel CNI configuration options.
Field | Type | Description | Value(s) |
---|---|---|---|
extraArgs | []string | Extra arguments for ‘flanneld’. Show example(s)
|
apiServer
APIServerConfig represents the kube apiserver configuration options.
cluster:
apiServer:
image: registry.k8s.io/kube-apiserver:v1.31.1 # The container image used in the API server manifest.
# Extra arguments to supply to the API server.
extraArgs:
feature-gates: ServerSideApply=true
http2-max-streams-per-connection: "32"
# Extra certificate subject alternative names for the API server's certificate.
certSANs:
- 1.2.3.4
- 4.5.6.7
# # Configure the API server admission plugins.
# admissionControl:
# - name: PodSecurity # Name is the name of the admission controller.
# # Configuration is an embedded configuration object to be used as the plugin's
# configuration:
# apiVersion: pod-security.admission.config.k8s.io/v1alpha1
# defaults:
# audit: restricted
# audit-version: latest
# enforce: baseline
# enforce-version: latest
# warn: restricted
# warn-version: latest
# exemptions:
# namespaces:
# - kube-system
# runtimeClasses: []
# usernames: []
# kind: PodSecurityConfiguration
# # Configure the API server audit policy.
# auditPolicy:
# apiVersion: audit.k8s.io/v1
# kind: Policy
# rules:
# - level: Metadata
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | The container image used in the API server manifest. Show example(s)
| |
extraArgs | map[string]string | Extra arguments to supply to the API server. | |
extraVolumes | []VolumeMountConfig | Extra volumes to mount to the API server static pod. | |
env | Env | The env field allows for the addition of environment variables for the control plane component. | |
certSANs | []string | Extra certificate subject alternative names for the API server’s certificate. | |
disablePodSecurityPolicy | bool | Disable PodSecurityPolicy in the API server and default manifests. | |
admissionControl | []AdmissionPluginConfig | Configure the API server admission plugins. Show example(s)
| |
auditPolicy | Unstructured | Configure the API server audit policy. Show example(s)
| |
resources | ResourcesConfig | Configure the API server resources. |
extraVolumes[]
VolumeMountConfig struct describes extra volume mount for the static pods.
Field | Type | Description | Value(s) |
---|---|---|---|
hostPath | string | Path on the host. Show example(s)
| |
mountPath | string | Path in the container. Show example(s)
| |
readonly | bool | Mount the volume read only. Show example(s)
|
admissionControl[]
AdmissionPluginConfig represents the API server admission plugin configuration.
cluster:
apiServer:
admissionControl:
- name: PodSecurity # Name is the name of the admission controller.
# Configuration is an embedded configuration object to be used as the plugin's
configuration:
apiVersion: pod-security.admission.config.k8s.io/v1alpha1
defaults:
audit: restricted
audit-version: latest
enforce: baseline
enforce-version: latest
warn: restricted
warn-version: latest
exemptions:
namespaces:
- kube-system
runtimeClasses: []
usernames: []
kind: PodSecurityConfiguration
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name is the name of the admission controller.It must match the registered admission plugin name. | |
configuration | Unstructured | Configuration is an embedded configuration object to be used as the plugin’sconfiguration. |
resources
ResourcesConfig represents the pod resources.
Field | Type | Description | Value(s) |
---|---|---|---|
requests | Unstructured | Requests configures the reserved cpu/memory resources. Show example(s)
| |
limits | Unstructured | Limits configures the maximum cpu/memory resources a container can use. Show example(s)
|
controllerManager
ControllerManagerConfig represents the kube controller manager configuration options.
cluster:
controllerManager:
image: registry.k8s.io/kube-controller-manager:v1.31.1 # The container image used in the controller manager manifest.
# Extra arguments to supply to the controller manager.
extraArgs:
feature-gates: ServerSideApply=true
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | The container image used in the controller manager manifest. Show example(s)
| |
extraArgs | map[string]string | Extra arguments to supply to the controller manager. | |
extraVolumes | []VolumeMountConfig | Extra volumes to mount to the controller manager static pod. | |
env | Env | The env field allows for the addition of environment variables for the control plane component. | |
resources | ResourcesConfig | Configure the controller manager resources. |
extraVolumes[]
VolumeMountConfig struct describes extra volume mount for the static pods.
Field | Type | Description | Value(s) |
---|---|---|---|
hostPath | string | Path on the host. Show example(s)
| |
mountPath | string | Path in the container. Show example(s)
| |
readonly | bool | Mount the volume read only. Show example(s)
|
resources
ResourcesConfig represents the pod resources.
Field | Type | Description | Value(s) |
---|---|---|---|
requests | Unstructured | Requests configures the reserved cpu/memory resources. Show example(s)
| |
limits | Unstructured | Limits configures the maximum cpu/memory resources a container can use. Show example(s)
|
proxy
ProxyConfig represents the kube proxy configuration options.
cluster:
proxy:
image: registry.k8s.io/kube-proxy:v1.31.1 # The container image used in the kube-proxy manifest.
mode: ipvs # proxy mode of kube-proxy.
# Extra arguments to supply to kube-proxy.
extraArgs:
proxy-mode: iptables
# # Disable kube-proxy deployment on cluster bootstrap.
# disabled: false
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable kube-proxy deployment on cluster bootstrap. Show example(s)
| |
image | string | The container image used in the kube-proxy manifest. Show example(s)
| |
mode | string | proxy mode of kube-proxy.The default is ‘iptables’. | |
extraArgs | map[string]string | Extra arguments to supply to kube-proxy. |
scheduler
SchedulerConfig represents the kube scheduler configuration options.
cluster:
scheduler:
image: registry.k8s.io/kube-scheduler:v1.31.1 # The container image used in the scheduler manifest.
# Extra arguments to supply to the scheduler.
extraArgs:
feature-gates: AllBeta=true
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | The container image used in the scheduler manifest. Show example(s)
| |
extraArgs | map[string]string | Extra arguments to supply to the scheduler. | |
extraVolumes | []VolumeMountConfig | Extra volumes to mount to the scheduler static pod. | |
env | Env | The env field allows for the addition of environment variables for the control plane component. | |
resources | ResourcesConfig | Configure the scheduler resources. | |
config | Unstructured | Specify custom kube-scheduler configuration. |
extraVolumes[]
VolumeMountConfig struct describes extra volume mount for the static pods.
Field | Type | Description | Value(s) |
---|---|---|---|
hostPath | string | Path on the host. Show example(s)
| |
mountPath | string | Path in the container. Show example(s)
| |
readonly | bool | Mount the volume read only. Show example(s)
|
resources
ResourcesConfig represents the pod resources.
Field | Type | Description | Value(s) |
---|---|---|---|
requests | Unstructured | Requests configures the reserved cpu/memory resources. Show example(s)
| |
limits | Unstructured | Limits configures the maximum cpu/memory resources a container can use. Show example(s)
|
discovery
ClusterDiscoveryConfig struct configures cluster membership discovery.
cluster:
discovery:
enabled: true # Enable the cluster membership discovery feature.
# Configure registries used for cluster member discovery.
registries:
# Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional information
kubernetes: {}
# Service registry is using an external service to push and pull information about cluster members.
service:
endpoint: https://discovery.talos.dev/ # External service endpoint.
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable the cluster membership discovery feature.Cluster discovery is based on individual registries which are configured under the registries field. | |
registries | DiscoveryRegistriesConfig | Configure registries used for cluster member discovery. |
registries
DiscoveryRegistriesConfig struct configures cluster membership discovery.
Field | Type | Description | Value(s) |
---|---|---|---|
kubernetes | RegistryKubernetesConfig | Kubernetes registry uses Kubernetes API server to discover cluster members and stores additional informationas annotations on the Node resources. | |
service | RegistryServiceConfig | Service registry is using an external service to push and pull information about cluster members. |
kubernetes
RegistryKubernetesConfig struct configures Kubernetes discovery registry.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable Kubernetes discovery registry. |
service
RegistryServiceConfig struct configures Kubernetes discovery registry.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable external service discovery registry. | |
endpoint | string | External service endpoint. Show example(s)
|
etcd
EtcdConfig represents the etcd configuration options.
cluster:
etcd:
image: gcr.io/etcd-development/etcd:v3.5.16 # The container image used to create the etcd service.
# The `ca` is the root certificate authority of the PKI.
ca:
crt: LS0tIEVYQU1QTEUgQ0VSVElGSUNBVEUgLS0t
key: LS0tIEVYQU1QTEUgS0VZIC0tLQ==
# Extra arguments to supply to etcd.
extraArgs:
election-timeout: "5000"
# # The `advertisedSubnets` field configures the networks to pick etcd advertised IP from.
# advertisedSubnets:
# - 10.0.0.0/8
Field | Type | Description | Value(s) |
---|---|---|---|
image | string | The container image used to create the etcd service. Show example(s)
| |
ca | PEMEncodedCertificateAndKey | The It is composed of a base64 encoded | |
extraArgs | map[string]string | Extra arguments to supply to etcd.Note that the following args are not allowed:- name - data-dir - initial-cluster-state - listen-peer-urls - listen-client-urls - cert-file - key-file - trusted-ca-file - peer-client-cert-auth - peer-cert-file - peer-trusted-ca-file - peer-key-file | |
advertisedSubnets | []string | The | |
listenSubnets | []string | The |
coreDNS
CoreDNS represents the CoreDNS config values.
cluster:
coreDNS:
image: registry.k8s.io/coredns/coredns:v1.11.3 # The `image` field is an override to the default coredns image.
Field | Type | Description | Value(s) |
---|---|---|---|
disabled | bool | Disable coredns deployment on cluster bootstrap. | |
image | string | The image field is an override to the default coredns image. |
externalCloudProvider
ExternalCloudProviderConfig contains external cloud provider configuration.
cluster:
externalCloudProvider:
enabled: true # Enable external cloud provider.
# A list of urls that point to additional manifests for an external cloud provider.
manifests:
- https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/rbac.yaml
- https://raw.githubusercontent.com/kubernetes/cloud-provider-aws/v1.20.0-alpha.0/manifests/aws-cloud-controller-manager-daemonset.yaml
Field | Type | Description | Value(s) |
---|---|---|---|
enabled | bool | Enable external cloud provider. | true yes false no |
manifests | []string | A list of urls that point to additional manifests for an external cloud provider.These will get automatically deployed as part of the bootstrap.Show example(s)
|
inlineManifests[]
ClusterInlineManifest struct describes inline bootstrap manifests for the user.
cluster:
inlineManifests:
- name: namespace-ci # Name of the manifest.
contents: |- # Manifest contents as a string.
apiVersion: v1
kind: Namespace
metadata:
name: ci
Field | Type | Description | Value(s) |
---|---|---|---|
name | string | Name of the manifest.Name should be unique.Show example(s)
| |
contents | string | Manifest contents as a string. Show example(s)
|
adminKubeconfig
AdminKubeconfigConfig contains admin kubeconfig settings.
cluster:
adminKubeconfig:
certLifetime: 1h0m0s # Admin kubeconfig certificate lifetime (default is 1 year).
Field | Type | Description | Value(s) |
---|---|---|---|
certLifetime | Duration | Admin kubeconfig certificate lifetime (default is 1 year).Field format accepts any Go time.Duration format (‘1h’ for one hour, ‘10m’ for ten minutes). |
4 - Kernel
Commandline Parameters
Talos supports a number of kernel commandline parameters. Some are required for it to operate. Others are optional and useful in certain circumstances.
Several of these are enforced by the Kernel Self Protection Project KSPP.
Required parameters:
talos.platform
: can be one ofakamai
,aws
,azure
,container
,digitalocean
,equinixMetal
,gcp
,hcloud
,metal
,nocloud
,openstack
,oracle
,scaleway
,upcloud
,vmware
orvultr
slab_nomerge
: required by KSPPpti=on
: required by KSPP
Recommended parameters:
init_on_alloc=1
: advised by KSPP, enabled by default in kernel configinit_on_free=1
: advised by KSPP, enabled by default in kernel config
Available Talos-specific parameters
ip
Initial configuration of the interface, routes, DNS, NTP servers (multiple ip=
kernel parameters are accepted).
Full documentation is available in the Linux kernel docs.
ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
Talos will use the configuration supplied via the kernel parameter as the initial network configuration.
This parameter is useful in the environments where DHCP doesn’t provide IP addresses or when default DNS and NTP servers should be overridden
before loading machine configuration.
Partial configuration can be applied as well, e.g. ip=:::::::<dns0-ip>:<dns1-ip>:<ntp0-ip>
sets only the DNS and NTP servers.
IPv6 addresses can be specified by enclosing them in the square brackets, e.g. ip=[2001:db8::a]:[2001:db8::b]:[fe80::1]::controlplane1:eth1::[2001:4860:4860::6464]:[2001:4860:4860::64]:[2001:4860:4806::]
.
<netmask>
can use either an IP address notation (IPv4: 255.255.255.0
, IPv6: [ffff:ffff:ffff:ffff::0]
), or simply a number of one bits in the netmask (24
).
<device>
can be traditional interface naming scheme eth0, eth1
or enx<MAC>
, example: enx78e7d1ea46da
DHCP can be enabled by setting <autoconf>
to dhcp
, example: ip=:::::eth0.3:dhcp
.
Alternative syntax is ip=eth0.3:dhcp
.
bond
Bond interface configuration.
Full documentation is available in the Dracut kernel docs.
bond=<bondname>:<bondslaves>:<options>:<mtu>
Talos will use the bond=
kernel parameter if supplied to set the initial bond configuration.
This parameter is useful in environments where the switch ports are suspended if the machine doesn’t setup a LACP bond.
If only the bond name is supplied, the bond will be created with eth0
and eth1
as slaves and bond mode set as balance-rr
All these below configurations are equivalent:
bond=bond0
bond=bond0:
bond=bond0::
bond=bond0:::
bond=bond0:eth0,eth1
bond=bond0:eth0,eth1:balance-rr
An example of a bond configuration with all options specified:
bond=bond1:eth3,eth4:mode=802.3ad,xmit_hash_policy=layer2+3:1450
This will create a bond interface named bond1
with eth3
and eth4
as slaves and set the bond mode to 802.3ad
, the transmit hash policy to layer2+3
and bond interface MTU to 1450.
vlan
The interface vlan configuration.
Full documentation is available in the Dracut kernel docs.
Talos will use the vlan=
kernel parameter if supplied to set the initial vlan configuration.
This parameter is useful in environments where the switch ports are VLAN tagged with no native VLAN.
Only one vlan can be configured at this stage.
An example of a vlan configuration including static ip configuration:
vlan=eth0.100:eth0 ip=172.20.0.2::172.20.0.1:255.255.255.0::eth0.100:::::
This will create a vlan interface named eth0.100
with eth0
as the underlying interface and set the vlan id to 100 with static IP 172.20.0.2/24 and 172.20.0.1 as default gateway.
net.ifnames=0
Disable the predictable network interface names by specifying net.ifnames=0
on the kernel command line.
panic
The amount of time to wait after a panic before a reboot is issued.
Talos will always reboot if it encounters an unrecoverable error. However, when collecting debug information, it may reboot too quickly for humans to read the logs. This option allows the user to delay the reboot to give time to collect debug information from the console screen.
A value of 0
disables automatic rebooting entirely.
talos.config
The URL at which the machine configuration data may be found (only for metal
platform, with the kernel parameter talos.platform=metal
).
This parameter supports variable substitution inside URL query values for the following case-insensitive placeholders:
${uuid}
the SMBIOS UUID${serial}
the SMBIOS Serial Number${mac}
the MAC address of the first network interface attaining link stateup
${hostname}
the hostname of the machine
The following example
http://example.com/metadata?h=${hostname}&m=${mac}&s=${serial}&u=${uuid}
may translate to
http://example.com/metadata?h=myTestHostname&m=52%3A2f%3Afd%3Adf%3Afc%3Ac0&s=0OCZJ19N65&u=40dcbd19-3b10-444e-bfff-aaee44a51fda
For backwards compatibility we insert the system UUID into the query parameter uuid
if its value is empty. As in
http://example.com/metadata?uuid=
=> http://example.com/metadata?uuid=40dcbd19-3b10-444e-bfff-aaee44a51fda
metal-iso
When the kernel parameter talos.config=metal-iso
is set, Talos will attempt to load the machine configuration from any block device with a filesystem label of metal-iso
.
Talos will look for a file named config.yaml
in the root of the filesystem.
For example, such ISO filesystem can be created with:
mkdir iso/
cp config.yaml iso/
mkisofs -joliet -rock -volid 'metal-iso' -output config.iso iso/
talos.config.auth.*
Kernel parameters prefixed with talos.config.auth.
are used to configure OAuth2 authentication for the machine configuration.
talos.config.inline
The kernel parameter talos.config.inline
can be used to provide initial minimal machine configuration directly on the kernel command line, when other means of providing the configuration are not available.
The machine configuration should be zstd
compressed and base64-encoded to be passed as a kernel parameter.
Note: The kernel command line has a limited size (4096 bytes), so this method is only suitable for small configuration documents.
One such example is to provide a custom CA certificate via TrustedRootsConfig
in the machine configuration:
cat config.yaml | zstd --compress --ultra -22 | base64 -w 0
talos.platform
The platform name on which Talos will run.
Valid options are:
akamai
aws
azure
container
digitalocean
equinixMetal
gcp
hcloud
metal
nocloud
openstack
oracle
scaleway
upcloud
vmware
vultr
talos.board
The board name, if Talos is being used on an ARM64 SBC.
Supported boards are:
bananapi_m64
: Banana Pi M64libretech_all_h3_cc_h5
: Libre Computer ALL-H3-CCrock64
: Pine64 Rock64- …
talos.hostname
The hostname to be used. The hostname is generally specified in the machine config. However, in some cases, the DHCP server needs to know the hostname before the machine configuration has been acquired.
Unless specifically required, the machine configuration should be used instead.
talos.shutdown
The type of shutdown to use when Talos is told to shutdown.
Valid options are:
halt
poweroff
talos.network.interface.ignore
A network interface which should be ignored and not configured by Talos.
Before a configuration is applied (early on each boot), Talos attempts to configure each network interface by DHCP. If there are many network interfaces on the machine which have link but no DHCP server, this can add significant boot delays.
This option may be specified multiple times for multiple network interfaces.
talos.experimental.wipe
Resets the disk before starting up the system.
Valid options are:
system
resets system disk.system:EPHEMERAL,STATE
resets ephemeral and state partitions. Doing this reverts Talos into maintenance mode.
talos.unified_cgroup_hierarchy
Talos defaults to always using the unified cgroup hierarchy (cgroupsv2
), but cgroupsv1
can be forced with talos.unified_cgroup_hierarchy=0
.
Note:
cgroupsv1
is deprecated and it should be used only for compatibility with workloads which don’t supportcgroupsv2
yet.
talos.dashboard.disabled
By default, Talos redirects kernel logs to virtual console /dev/tty1
and starts the dashboard on /dev/tty2
,
then switches to the dashboard tty.
If you set talos.dashboard.disabled=1
, this behavior will be disabled.
Kernel logs will be sent to the currently active console and the dashboard will not be started.
It is set to be 1
by default on SBCs.
talos.environment
Each value of the argument sets a default environment variable.
The expected format is key=value
.
Example:
talos.environment=http_proxy=http://proxy.example.com:8080 talos.environment=https_proxy=http://proxy.example.com:8080
talos.device.settle_time
The time in Go duration format to wait for devices to settle before starting the boot process.
By default, Talos waits for udevd
to scan and settle, but with some RAID controllers udevd
might
report settled devices before they are actually ready.
Adding this kernel argument provides extra settle time on top of udevd
settle time.
The maximum value is 10m
(10 minutes).
Example:
talos.device.settle_time=3m
talos.halt_if_installed
If set to 1
, Talos will pause the boot sequence and keeps printing a message until the boot timeout is reached if it detects that it is already installed.
This is useful if booting from ISO/PXE and you want to prevent the machine accidentally booting from the ISO/PXE after installation to the disk.