Page in Terraform Registry
This module is used to describe the configuration of Talos OS v1.0.0-v1.2.x with Terraform variables and convert them to a Base64 encoded string that can be used for bootstarap Kubernetes nodes on any Virtualization platform that supports VM initialization via user-data.
If you find any inconsistencies in the official configuration or incorrect logic of optional values, please open an issue.
See examples.
| Name | Version |
|---|---|
| terraform | >= 1.1.9, < 2.0.0 |
No providers.
No modules.
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| talos_base_configuration | Talos OS top-level configuration. | object |
object |
No |
| machine_secrets | Secret data that is used to create trust relationships between virtual machines. | object |
- |
Yes |
| machine_base_configuration | Basic configuration of the virtual machine. | object |
- |
Yes |
| machine_extra_configuration | Extended configuration of the virtual machine. | object |
{} |
No |
| machine_type | The role of the virtual machine in the Kubernetes cluster (controlplane or worker). |
string |
- |
Yes |
| machine_cert_sans | A list of alternative names of the virtual machine. | list(string) |
[] |
No |
| machine_network | General network configuration of the virtual machine. | object |
{} |
No |
| machine_network_hostname | A network hostname of the virtual machine (if not set will be generated automatically). | string |
"" |
No |
| machine_network_interfaces | A list of network interfaces of the virtual machines (if not set DHCP will be used). | list |
[] |
No |
| cluster_secrets | Secret data that is used to establish trust relationships between Kubernetes cluster nodes. | object |
- |
Yes |
| control_plane_cluster_secrets | Secret data required to establish trust relationships between components used by Control Plane nodes in the Kubernetes cluster. | object |
{} |
Yes/No |
| cluster_name | The name of the cluster. | string |
- |
Yes |
| cluster_control_plane | Data to define the API endpoint address for joining a node to the Kubernetes cluster. | object |
- |
Yes |
| cluster_discovery | Data that sets up the discovery of nodes in the Kubernetes cluster. | object |
object |
No |
| control_plane_cluster_configuration | Data that configure the components of the Control Plane nodes in the Kubernetes cluster. | object |
{} |
No |
| cluster_inline_manifests | A list of Kuberenetes manifests whose content is represented as a string. These will get automatically deployed as part of the bootstrap. | list |
[] |
No |
| cluster_extra_manifests | A list of URLs that point to additional manifests. These will get automatically deployed as part of the bootstrap. |
list(string) |
[] |
No |
| cluster_extra_manifest_headers | A map of key value pairs that will be added while fetching the cluster_extra_manifests. | map(string) |
{} |
No |
object({
version = string
persist = bool
})Default:
{
version = "v1alpha1"
persist = false
}See Config section in Talos Configuration Reference for detail description.
object({
token = string
ca = object({
crt = string
key = string
})
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
install = object({
disk = string
extraKernelArgs = optional(list(string))
image = string
bootloader = bool
wipe = bool
diskSelector = optional(object({
size = string
model = string
busPath = string
}))
extensions = optional(list(string))
})
kubelet = optional(object({
image = string
extraArgs = optional(map(string))
clusterDNS = optional(list(string))
extraMounts = optional(list(object({
destination = string
type = string
source = string
options = list(string)
})))
extraConfig = optional(map(string))
nodeIP = optional(object({
validSubnets = list(string)
}))
}))
time = optional(object({
disabled = optional(bool)
servers = optional(list(string))
bootTimeout = optional(string)
}))
features = optional(object({
rbac = optional(bool)
kubernetesTalosAPIAccess = optional(object({
enabled = optional(bool)
allowedRoles = optional(list(string))
allowedKubernetesNamespaces = optional(list(string))
}))
}))
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
controlPlane = optional(object({
controllerManager = optional(object({
disabled = bool
}))
scheduler = optional(object({
disabled = bool
}))
}))
pods = optional(list(map(any)))
disks = optional(list(object({
device = string
partitions = list(object({
mountpoint = string
size = string
}))
})))
files = optional(list(object({
content = string
permissions = string
path = string
op = string
})))
env = optional(object({
GRPC_GO_LOG_VERBOSITY_LEVEL = optional(string)
GRPC_GO_LOG_SEVERITY_LEVEL = optional(string)
http_proxy = optional(string)
https_proxy = optional(string)
no_proxy = optional(bool)
}))
sysctls = optional(map(string))
sysfs = optional(map(string))
registries = optional(object({
mirrors = optional(map(object({
endpoints = list(string)
})))
config = optional(map(object({
tls = object({
insecureSkipVerify = bool
clientIdentity = optional(object({
crt = string
key = string
}))
ca = optional(string)
})
auth = optional(object({
username = optional(string)
password = optional(string)
auth = optional(string)
identityToken = optional(string)
}))
})))
}))
systemDiskEncryption = optional(map(object({
provider = string
keys = optional(list(object({
static = optional(object({
passphrase = string
}))
nodeID = optional(map(string))
slot = optional(number)
})))
cipher = optional(string)
keySize = optional(number)
blockSize = optional(number)
options = optional(list(string))
})))
udev = optional(object({
rules = list(string)
}))
logging = optional(object({
destinations = list(object({
endpoint = string
format = string
}))
}))
kernel = optional(object({
modules = list(object({
name = string
}))
}))
seccompProfiles = optional(list(object({
name = string
value = object({
defaultAction = string
})
})))
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
nameservers = optional(list(string))
extraHostEntries = optional(list(object({
ip = string
aliases = list(string)
})))
kubespan = optional(object({
enabled = bool
}))
})See NetworkConfig section in Talos Configuration Reference for detail description.
Hostname and interfaces parameters are described in separate inputs.
list(list(object({
interface = optional(string)
addresses = optional(list(string))
routes = optional(list(object({
network = string
gateway = optional(string)
source = optional(string)
metric = optional(number)
})))
vlans = optional(list(object({
addresses = list(string)
routes = optional(list(object({
network = string
gateway = optional(string)
source = optional(string)
metric = optional(number)
})))
dhcp = optional(bool)
vlanId = number
mtu = number
vip = optional(object({
ip = string
equinixMetal = optional(object({
apiToken = string
}))
hcloud = optional(object({
apiToken = string
}))
}))
})))
mtu = optional(number)
bond = optional(object({
interfaces = list(string)
mode = string
lacpRate = string
}))
dhcp = optional(bool)
ignore = optional(bool)
dummy = optional(bool)
dhcpOptions = optional(object({
routeMetric = number
ipv4 = optional(bool)
ipv6 = optional(bool)
}))
wireguard = optional(object({
privateKey = string
listenPort = number
firewallMark = number
peers = list(object({
publicKey = string
endpoint = string
persistentKeepaliveInterval = optional(string)
allowedIPs = list(string)
}))
}))
vip = optional(object({
ip = string
equinixMetal = optional(object({
apiToken = string
}))
hcloud = optional(object({
apiToken = string
}))
}))
bridge = optional(object({
stp = optional(object({
enabled = bool
}))
interfaces = optional(list(string))
}))
})))See Device section in Talos Configuration Reference for detail description.
object({
id = string
secret = string
token = string
ca = object({
crt = string
key = string
})
})See ClusterConfig section in Talos Configuration Reference for detail description.
object({
aescbcEncryptionSecret = optional(string)
aggregatorCA = optional(object({
crt = optional(string)
key = optional(string)
}))
serviceAccount = optional(object({
key = optional(string)
}))
etcd = optional(object({
ca = object({
crt = optional(string)
key = optional(string)
})
}))
})See ClusterConfig section in Talos Configuration Reference for detail description.
Required if machine_type = controlplane.
object({
endpoint = string
localAPIServerPort = optional(number)
})See ControlPlaneConfig section in Talos Configuration Reference for detail description.
object({
enabled = bool
registries = optional(object({
kubernetes = optional(object({
disabled = bool
}))
service = optional(object({
disabled = bool
endpoint = string
}))
}))
})Default:
{
enabled = true
}See ClusterDiscoveryConfig section in Talos Configuration Reference for detail description.
object({
network = optional(object({
cni = optional(object({
name = string
urls = optional(list(string))
}))
dnsDomain = optional(string)
podSubnets = optional(list(string))
serviceSubnets = optional(list(string))
}))
apiServer = optional(object({
image = string
extraArgs = optional(map(string))
extraVolumes = optional(list(object({
hostPath = string
mountPath = string
readonly = bool
})))
env = optional(map(string))
certSANs = optional(list(string))
disablePodSecurityPolicy = optional(bool)
admissionControl = optional(list(object({
name = string
configuration = map(any)
})))
}))
controllerManager = optional(object({
image = string
extraArgs = optional(map(string))
extraVolumes = optional(list(object({
hostPath = string
mountPath = string
readonly = bool
})))
env = optional(map(string))
}))
proxy = optional(object({
disabled = bool
image = optional(string)
mode = optional(string)
extraArgs = optional(map(string))
}))
scheduler = optional(object({
image = string
extraArgs = optional(map(string))
extraVolumes = optional(list(object({
hostPath = string
mountPath = string
readonly = bool
})))
env = optional(map(string))
}))
etcd = optional(object({
image = optional(string)
extraArgs = optional(map(string))
subnet = optional(string)
}))
coreDNS = optional(object({
disabled = bool
image = optional(string)
}))
externalCloudProvider = optional(object({
enabled = bool
manifests = list(string)
}))
adminKubeconfig = optional(object({
certLifetime = string
}))
allowSchedulingOnMasters = optional(bool)
})See ClusterConfig section in Talos Configuration Reference for detail description.
list(object({
name = string
contents = string
}))See ClusterConfig section in Talos Configuration Reference for detail description.
| Name | Description | Type | Sensitive |
|---|---|---|---|
| configuration | Base64 encoded Talos configuration. | string |
false |
Module is maintained by Ilya Pozdnov.
Apache 2 Licensed. See LICENSE for full details.