Configuration

Config

Package config contains all the options available for configuring a Talos cluster.

Field	Type	Description	Default Value
`clusterName`	string	Configures the cluster's name. Show example `clusterName: my-cluster`	`""`
`endpoint`	string	Configures the cluster's controlplane endpoint. Can be an IP address or a DNS hostname Show example `endpoint: https://192.168.200.10:6443`	`""`
`nodes`	[]Node	List of nodes configurations Show example `nodes: - hostname: kmaster1 ipAddress: 192.168.200.11 controlPlane: true installDiskSelector: size: 128GB - hostname: kworker1 ipAddress: 192.168.200.12 controlPlane: false installDisk: /dev/sda networkInterfaces: - interface: eth0 dhcp: true`	`[]`
`talosVersion`	string	Talos version to perform the installation. Image reference for each Talos release can be found on Talos GitHub release page Show example `talosVersion: v1.5.2`	`"latest"`
`kubernetesVersion`	string	Allows for supplying the Kubernetes version to use. Show example `kubernetesVersion: v1.28.1`	`""`
`domain`	string	Allows for supplying the domain used by Kubernetes DNS. Show example `domain: mycluster.com`	`"cluster.local"`
`allowSchedulingOnMasters`	bool	Whether to allow running workload on controlplane nodes. Show example `allowSchedulingOnMasters: true`	`false`
`allowSchedulingOnControlPlanes`	bool	Whether to allow running workload on controlplane nodes. It is an alias to `allowSchedulingOnMasters` Show example `allowSchedulingOnControlPlanes: true`	`false`
`additionalMachineCertSans`	[]string	Extra certificate SANs for the machine's certificate. Show example `additionalMachineCertSans: - 10.0.0.10 - 172.16.0.10 - 192.168.0.10`	`[]`
`additionalApiServerCertSans`	[]string	Extra certificate SANs for the API server's certificate. Show example `additionalApiServerCertSans: - 1.2.3.4 - 4.5.6.7 - mycluster.local`	`[]`
`cniConfig`	CNIConfig	The CNI to be used for the cluster's network. Show example `cniConfig: name: custom urls: - https://docs.projectcalico.org/archive/v3.20/manifests/canal.yaml`	`nil`
`imageFactory`	ImageFactory	Configures selfhosted image factory. Show example `imageFactory: registryURL: myfactory.com schematicEndpoint: /schematics protocol: https installerURLTmpl: {{.RegistryURL}}/installer/{{.ID}}:{{.Version}} ISOURLTmpl: {{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}/{{.Arch}}.iso`	`nil`
`patches`	[]string	Patches to be applied to all nodes. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them Show example `patches: - \|- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: "true" - \|- machine: env: MYENV: value - "@./a-patch.yaml"`	`[]`
`controlPlane`	NodeConfigs	Configurations targetted for all controlplane nodes. Show example `controlPlane: kernelModules: - name: br_netfilter parameters: - nf_conntrack_max=131072 patches: - \|- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: "true" - \|- machine: env: MYENV: value - "@./a-patch.yaml"`	`nil`
`worker`	NodeConfigs	Configurations targetted for all worker nodes. Show example `worker: kernelModules: - name: br_netfilter parameters: - nf_conntrack_max=131072 patches: - \|- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: "true" - \|- machine: env: MYENV: value - "@./a-patch.yaml"`	`nil`

Node

Node defines machine configurations for each node.

Field	Type	Description	Default Value
`hostname`	string	Configures the hostname of a node. Show example `hostname: kmaster1`	`""`
`ipAddress`	string	IP address where the node can be reached, can be IP or comma separated list of IPs. Needed for endpoint and node address inside `talosconfig`. Show example `ipAddress: 192.168.200.11`	`""`
`installDisk`	string	The disk used for installation. Show example `installDisk: /dev/sda`	`""`
`installDiskSelector`	InstallDiskSelector	Look up disk used for installation. Required if `installDisk` is not specified. Show example `installDiskSelector: size: 128GB model: WDC* name: /sys/block/sda/device/name busPath: /pci0000:00/0000:00:17.0/ata1/host0/target0:0:0/0:0:0:0`	`nil`
`controlPlane`	bool	Whether the node is a controlplane. Show example `controlPlane: true`	`false`
`ignoreHostname`	bool	Whether to set `machine.network.hostname` to the generated config file. Show example `ignoreHostname: true`	`false`
`overridePatches`	bool	Whether `patches` defined here should override the one defined in node group. By default they will get appended instead. Show example `overridePatches: true`	`false`
`overrideExtraManifests`	bool	Whether `extraManifests` defined here should override the one defined in node group. By default they will get appended instead. Show example `overrideExtraManifests: true`	`false`
-	NodeConfigs	Node specific configurations that will override node group configurations. Show example `talosImageURL: factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e nodeLabels: rack: rack1a nodeTaints: exampleTaint: exampletaintValue:NoSchedule disableSearchDomain: true`	`nil`

NodeConfigs

NodeConfigs defines machine configurations.

Field	Type	Description	Default Value
`talosImageURL`	string	Allows for supplying the node level image used to perform the installation. Show example `talosImageURL: factory.talos.dev/installer/e9c7ef96884d4fbc8c0a1304ccca4bb0287d766a8b4125997cb9dbe84262144e`	`""`
`machineSpec`	MachineSpec	Machine hardware specification for the node. Only used for `genurl iso` subcommand. Show example `machineSpec: mode: metal arch: arm64`	`nil`
`ingressFirewall`	IngressFirewall	Machine firewall specification for the node. Show example `ingressFirewall: defaultAction: block rules: - name: kubelet-ingress portSelector: ports: - 10250 protocol: tcp ingress: - subnet: 172.20.0.0/24 except: 172.20.0.1/32`	`nil`
`extensionServices`	[]ExtensionService	Machine extension services specification for the node. Show example `extensionServices: - name: nut-client configFiles: - content: MONITOR upsmonHost 1 remote pass password mountPath: /usr/local/etc/nut/upsmon.conf environment: - UPS_NAME=ups`	`nil`
`nodeLabels`	map[string]string	Labels to be added to the node. Show example `rack: rack1a`	`false`
`nodeAnnotations`	map[string]string	Annotations to be added to the node. Show example `rack: rack1a`	`false`
`nodeTaints`	map[string]string	Node taints for the node. Show example `exampleTaint: exampleTaintValue:NoSchedule`	`false`
`disableSearchDomain`	bool	Whether to disable generating default search domain. Show example `disableSearchDomain: true`	`false`
`machineDisks`	[]MachineDisk	List of additional disks to partition, format, mount. Show example `machineDisks: - device: /dev/disk/by-id/ata-CT500MX500SSD1_2149E5EC1D9D partitions: - mountpoint: /var/mnt/sata`	`[]`
`noSchematicValidate`	bool	Whether to skip schematic validation. Show example `noSchematicValidate: true`	`false`
`disableSearchDomain`	bool	Whether to disable generating default search domain. Show example `disableSearchDomain: true`	`false`
`machineFiles`	[]MachineFile	List of additional files to create inside the node. Show example `machineFiles: - content: \| TS_AUTHKEY=123456 permissions: 0o644 path: /var/etc/tailscale/auth.env op: create`	`[]`
`schematic`	Schematic	Configure Talos image customization to be used in the installer image Show example `schematic: customization: extraKernelArgs: - net.ifnames=0 systemExtensions: officialExtensions: - siderolabs/intel-ucode`	`nil`
`isoSchematic`	Schematic	Configure Talos image customization to be used for ISO image Show example `isoSchematic: customization: extraKernelArgs: - net.ifnames=0 systemExtensions: officialExtensions: - siderolabs/intel-ucode`	`nil`
`kernelModules`	[]KernelModuleConfig	List of additional kernel modules to load. Show example `kernelModules: - name: br_netfilter parameters: - nf_conntrack_max=131072`	`[]`
`nameservers`	[]string	List of nameservers for the node. Show example `nameservers: - 8.8.8.8 - 1.1.1.1`	`[]`
`networkInterfaces`	[]Device	List of network interface configurations for the node. Show example `networkInterfaces: - interface: enp0s1 addresses: - 192.168.2.0/24 routes: - network: 0.0.0.0/0 gateway: 192.168.2.1 metric: 1024 mtu: 1500`	`[]`
`extraManifests`	[]string	List of manifest files to be added for the node. Show example `extraManifests: - etcd-firewall.yaml - kubelet-firewall.yaml`	`[]`
`patches`	[]string	Patches to be applied to the node. List of strings containing RFC6902 JSON patches, strategic merge patches, or a file containing them. Show example `patches: - \|- - op: add path: /machine/kubelet/extraArgs value: rotate-server-certificates: "true" - \|- machine: env: MYENV: value - "@./a-patch.yaml"`	`[]`

ImageFactory

ImageFactory defines configuration for selfhosted image-factory.

Field	Type	Description	Default Value
`registryURL`	string	Registry URL of the factory. Show example `registryURL: myfactory.com`	`"factory.talos.dev"`
`protocol`	string	Protocol the registry is listening to. Show example `protocol: http`	`https`
`schematicEndpoint`	string	Path to do HTTP POST request to the registry. Show example `schematicEndpoint: /schematics`	`/schematics`
`installerURLTmpl`	string	Go template to parse the full installer URL. Available placeholders: `RegistryURL`,`ID`,`Version`, `Secureboot` Show example `installerURLTmpl: "{{.RegistryURL}}/installer/{{.ID}}:{{.Version}}"`	`{{.RegistryURL}}/installer{{if .Secureboot}}-secureboot{{end}}/{{.ID}}:{{.Version}}`
`ISOURLTmpl`	string	Go template to parse the full ISO image URL. Available placeholders: `Protocol`,`RegistryURL`,`ID`,`Version`,`Mode`,`Arch`, `Secureboot`, `UseUKI` Show example `ISOURLTmpl: "{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}.iso"`	`{{.Protocol}}://{{.RegistryURL}}/image/{{.ID}}/{{.Version}}/{{.Mode}}-{{.Arch}}{{if .Secureboot}}-secureboot{{end}}{{if and .Secureboot .UseUKI}}-uki.efi{{else}}.iso{{end}}`

MachineSpec

MachineSpec defines machine hardware configurations for a node.

Field	Type	Description	Default Value
`mode`	string	Machine mode. Show example `mode: metal`	`"metal"`
`arch`	string	Machine architecture. Show example `arch: arm64`	`amd64`
`secureboot`	bool	Whether to enable Secure Boot. Show example `secureboot: true`	`false`
`useUKI`	bool	Whether to use UKI if Secure Boot is enabled. Show example `useUKI: true`	`false`

IngressFirewall

IngressFirewall defines machine firewall configuration for a node.

Field	Type	Description	Default Value	Required
`defaultAction`	`string`	Default action for all not explicitly configured traffic. Can be "accept" or "block" Show example `defaultAction: accept`	`nil`
`rules`	[]NetworkRule	List of matching network rules to allow or block against the defaultAction. If `defaultAction` is set to block, matching rules will be allowed vice versa. Show example `rules: - name: kubelet-ingress portSelector: ports: - 10250 protocol: tcp ingress: - subnet: 172.20.0.0/24 except: 172.20.0.1/32`	`nil`

ExtensionService

ExtensionService defines machine extension service configuration for a node.

Field	Type	Description	Default Value
`name`	`string`	Name of the extension service config. Show example `name: nut-client`	`nil`
`configFiles`	[]ConfigFile	The config files for the extension service. Show example `configFiles: - content: MONITOR upsmonHost 1 remote pass password mountPath: /usr/local/etc/nut/upsmon.conf`	`nil`
`environment`	[]string	The environment for the extension service. Show example `environment: - UPS_NAME=ups`	`nil`

NetworkRule

NetworkRule defines the firewall rules to match.

Field	Type	Description	Default Value
`name`	`string`	Name of the rule. Show example `name: kubelet-ingress`	`nil`
`portSelector`	PortSelector	Ports and protocols on the host affected by the rule. Show example `portSelector: ports: - 10250 protocol: tcp`	`nil`
`ingress`	[]IngressConfig	List of source subnets allowed to access the host ports/protocols. Show example `ingress: - subnet: 172.20.0.0/24 except: 172.20.0.1/32`	`nil`

CNIConfig

CNIConfig is type of upstream Talos v1alpha1.CNIConfig

InstallDiskSelector

InstallDiskSelector is type of upstream Talos v1alpha1.InstallDiskSelector.

MachineDisk

MachineDisk is type of upstream Talos v1alpha1.MachineDisk

MachineFile

MachineFile is type of upstream Talos v1alpha1.MachineFile

InstallExtensionConfig

InstallExtensionConfig is type of upstream Talos v1alpha1.InstallExtensionConfig

Schematic

Schematic is type of upstream Talos Image Factory schematic.Schematic

KernelModuleConfig

KernelModuleConfig is type of upstream Talos v1alpha1.KernelModuleConfig

Device

Device is type of upstream Talos v1alpha1.Device

PortSelector

PortSelector is type of upstream Talos network.RulePortSelector

IngressConfig

IngressConfig is type of upstream Talos network.IngressConfig

ConfigFile

ConfigFile is type of upstream Talos extensions.ConfigFile