In a nutshell, this is what
talhelper does step by step behind the door:
- Read and validate
- Read and decrypt
- Read and decrypt
sopsif needed and load them into environment variables.
- Do envsubst if needed.
- Validate and generate Talos and machine config files inside
.gitignorefile so you don't commit the generated files to the public.
Why should I use Talhelper
The main reason to use
talhelper instead of
talosctl gen config command to generate Talos
machineconfig files is because you want to have them version controlled in your git repository which is currently not possible yet with
Currently, to create
Talos configuration files using the official
talosctl tool your steps are:
talosctl gen config <cluster-name> <cluster-endpoint>and it will generate
talosconfigin the current working directory.
- Copy and modify those files manually according to your nodes.
talosctl apply-config --insecure -n <ip-address> --file <your-modified-file.yaml>for each node.
This process is fine if you just want to do this once and forget about it. But if you're like me (and many others), you might want to "GitOpsified" this process. So here's where you might want to use
talhelper, the steps will become like this:
- Create a
talhelper gensecret > talsecret.sops.yamland encrypt it with sops
sops -e -i talsecret.sops.yaml.
talosctl apply-config --insecure -n <ip-address> --file ./clusterconfig/<cluster-name>-<hostname>.yamlfor each node.
Yes there are more steps needed.
But now you can commit your
talconfig.yaml and the encrypted
talsecret.sops.yaml to your repository and get your whole cluster version controlled.
To get started, hop over to the Getting Started section.
There are some alternatives you can consider instead of
Bug report and feature request
If you have encountered any bug or you want to request a new feature, please open an issue at GitHub.