Page in Terraform Registry
This module is used to describe the configuration of Talos OS v1.0.0-v1.2.x with Terraform variables and convert them to a Base64 encoded string that can be used for bootstarap Kubernetes nodes on any Virtualization platform that supports VM initialization via user-data.
If you find any inconsistencies in the official configuration or incorrect logic of optional values, please open an issue.
See examples.
| Name | Version | 
|---|---|
| terraform | >= 1.1.9, < 2.0.0 | 
No providers.
No modules.
No resources.
| Name | Description | Type | Default | Required | 
|---|---|---|---|---|
| talos_base_configuration | Talos OS top-level configuration. | object | object | No | 
| machine_secrets | Secret data that is used to create trust relationships between virtual machines. | object | - | Yes | 
| machine_base_configuration | Basic configuration of the virtual machine. | object | - | Yes | 
| machine_extra_configuration | Extended configuration of the virtual machine. | object | {} | No | 
| machine_type | The role of the virtual machine in the Kubernetes cluster ( controlplaneorworker). | string | - | Yes | 
| machine_cert_sans | A list of alternative names of the virtual machine. | list(string) | [] | No | 
| machine_network | General network configuration of the virtual machine. | object | {} | No | 
| machine_network_hostname | A network hostname of the virtual machine (if not set will be generated automatically). | string | "" | No | 
| machine_network_interfaces | A list of network interfaces of the virtual machines (if not set DHCP will be used). | list | [] | No | 
| cluster_secrets | Secret data that is used to establish trust relationships between Kubernetes cluster nodes. | object | - | Yes | 
| control_plane_cluster_secrets | Secret data required to establish trust relationships between components used by Control Plane nodes in the Kubernetes cluster. | object | {} | Yes/No | 
| cluster_name | The name of the cluster. | string | - | Yes | 
| cluster_control_plane | Data to define the API endpoint address for joining a node to the Kubernetes cluster. | object | - | Yes | 
| cluster_discovery | Data that sets up the discovery of nodes in the Kubernetes cluster. | object | object | No | 
| control_plane_cluster_configuration | Data that configure the components of the Control Plane nodes in the Kubernetes cluster. | object | {} | No | 
| cluster_inline_manifests | A list of Kuberenetes manifests whose content is represented as a string. These will get automatically deployed as part of the bootstrap. | list | [] | No | 
| cluster_extra_manifests | A list of URLsthat point to additional manifests. These will get automatically deployed as part of the bootstrap. | list(string) | [] | No | 
| cluster_extra_manifest_headers | A map of key value pairs that will be added while fetching the cluster_extra_manifests. | map(string) | {} | No | 
object({
  version = string
  persist = bool
})Default:
{
  version = "v1alpha1"
  persist = false
}See Config section in Talos Configuration Reference for detail description.
object({
  token = string
  ca = object({
    crt = string
    key = string
  })
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
  install = object({
    disk            = string
    extraKernelArgs = optional(list(string))
    image           = string
    bootloader      = bool
    wipe            = bool
    diskSelector = optional(object({
      size    = string
      model   = string
      busPath = string
    }))
    extensions = optional(list(string))
  })
  kubelet = optional(object({
    image      = string
    extraArgs  = optional(map(string))
    clusterDNS = optional(list(string))
    extraMounts = optional(list(object({
      destination = string
      type        = string
      source      = string
      options     = list(string)
    })))
    extraConfig = optional(map(string))
    nodeIP = optional(object({
      validSubnets = list(string)
    }))
  }))
  time = optional(object({
    disabled    = optional(bool)
    servers     = optional(list(string))
    bootTimeout = optional(string)
  }))
  features = optional(object({
    rbac = optional(bool)
    kubernetesTalosAPIAccess = optional(object({
      enabled                     = optional(bool)
      allowedRoles                = optional(list(string))
      allowedKubernetesNamespaces = optional(list(string))
    }))
  }))
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
  controlPlane = optional(object({
    controllerManager = optional(object({
      disabled = bool
    }))
    scheduler = optional(object({
      disabled = bool
    }))
  }))
  pods = optional(list(map(any)))
  disks = optional(list(object({
    device = string
    partitions = list(object({
      mountpoint = string
      size       = string
    }))
  })))
  files = optional(list(object({
    content     = string
    permissions = string
    path        = string
    op          = string
  })))
  env = optional(object({
    GRPC_GO_LOG_VERBOSITY_LEVEL = optional(string)
    GRPC_GO_LOG_SEVERITY_LEVEL  = optional(string)
    http_proxy                  = optional(string)
    https_proxy                 = optional(string)
    no_proxy                    = optional(bool)
  }))
  sysctls = optional(map(string))
  sysfs   = optional(map(string))
  registries = optional(object({
    mirrors = optional(map(object({
      endpoints = list(string)
    })))
    config = optional(map(object({
      tls = object({
        insecureSkipVerify = bool
        clientIdentity = optional(object({
          crt = string
          key = string
        }))
        ca = optional(string)
      })
      auth = optional(object({
        username      = optional(string)
        password      = optional(string)
        auth          = optional(string)
        identityToken = optional(string)
      }))
    })))
  }))
  systemDiskEncryption = optional(map(object({
    provider = string
    keys = optional(list(object({
      static = optional(object({
        passphrase = string
      }))
      nodeID = optional(map(string))
      slot   = optional(number)
    })))
    cipher    = optional(string)
    keySize   = optional(number)
    blockSize = optional(number)
    options   = optional(list(string))
  })))
  udev = optional(object({
    rules = list(string)
  }))
  logging = optional(object({
    destinations = list(object({
      endpoint = string
      format   = string
    }))
  }))
  kernel = optional(object({
    modules = list(object({
      name = string
    }))
  }))
  seccompProfiles = optional(list(object({
    name = string
    value = object({
      defaultAction = string
    })
  })))
})See MachineConfig section in Talos Configuration Reference for detail description.
object({
  nameservers = optional(list(string))
  extraHostEntries = optional(list(object({
    ip      = string
    aliases = list(string)
  })))
  kubespan = optional(object({
    enabled = bool
  }))
})See NetworkConfig section in Talos Configuration Reference for detail description.
Hostname and interfaces parameters are described in separate inputs.
list(list(object({
  interface = optional(string)
  addresses = optional(list(string))
  routes = optional(list(object({
    network = string
    gateway = optional(string)
    source  = optional(string)
    metric  = optional(number)
  })))
  vlans = optional(list(object({
    addresses = list(string)
    routes = optional(list(object({
      network = string
      gateway = optional(string)
      source  = optional(string)
      metric  = optional(number)
    })))
    dhcp   = optional(bool)
    vlanId = number
    mtu    = number
    vip = optional(object({
      ip = string
      equinixMetal = optional(object({
        apiToken = string
      }))
      hcloud = optional(object({
        apiToken = string
      }))
    }))
  })))
  mtu = optional(number)
  bond = optional(object({
    interfaces = list(string)
    mode       = string
    lacpRate   = string
  }))
  dhcp   = optional(bool)
  ignore = optional(bool)
  dummy  = optional(bool)
  dhcpOptions = optional(object({
    routeMetric = number
    ipv4        = optional(bool)
    ipv6        = optional(bool)
  }))
  wireguard = optional(object({
    privateKey   = string
    listenPort   = number
    firewallMark = number
    peers = list(object({
      publicKey                   = string
      endpoint                    = string
      persistentKeepaliveInterval = optional(string)
      allowedIPs                  = list(string)
    }))
  }))
  vip = optional(object({
    ip = string
    equinixMetal = optional(object({
      apiToken = string
    }))
    hcloud = optional(object({
      apiToken = string
    }))
  }))
  bridge = optional(object({
    stp = optional(object({
      enabled = bool
    }))
    interfaces = optional(list(string))
  }))
})))See Device section in Talos Configuration Reference for detail description.
object({
  id     = string
  secret = string
  token  = string
  ca = object({
    crt = string
    key = string
  })
})See ClusterConfig section in Talos Configuration Reference for detail description.
object({
  aescbcEncryptionSecret = optional(string)
  aggregatorCA = optional(object({
    crt = optional(string)
    key = optional(string)
  }))
  serviceAccount = optional(object({
    key = optional(string)
  }))
  etcd = optional(object({
    ca = object({
      crt = optional(string)
      key = optional(string)
    })
  }))
})See ClusterConfig section in Talos Configuration Reference for detail description.
Required if machine_type = controlplane.
object({
  endpoint           = string
  localAPIServerPort = optional(number)
})See ControlPlaneConfig section in Talos Configuration Reference for detail description.
object({
  enabled = bool
  registries = optional(object({
    kubernetes = optional(object({
      disabled = bool
    }))
    service = optional(object({
      disabled = bool
      endpoint = string
    }))
  }))
})Default:
{
  enabled = true
}See ClusterDiscoveryConfig section in Talos Configuration Reference for detail description.
object({
  network = optional(object({
    cni = optional(object({
      name = string
      urls = optional(list(string))
    }))
    dnsDomain      = optional(string)
    podSubnets     = optional(list(string))
    serviceSubnets = optional(list(string))
  }))
  apiServer = optional(object({
    image     = string
    extraArgs = optional(map(string))
    extraVolumes = optional(list(object({
      hostPath  = string
      mountPath = string
      readonly  = bool
    })))
    env                      = optional(map(string))
    certSANs                 = optional(list(string))
    disablePodSecurityPolicy = optional(bool)
    admissionControl = optional(list(object({
      name          = string
      configuration = map(any)
    })))
  }))
  controllerManager = optional(object({
    image     = string
    extraArgs = optional(map(string))
    extraVolumes = optional(list(object({
      hostPath  = string
      mountPath = string
      readonly  = bool
    })))
    env = optional(map(string))
  }))
  proxy = optional(object({
    disabled  = bool
    image     = optional(string)
    mode      = optional(string)
    extraArgs = optional(map(string))
  }))
  scheduler = optional(object({
    image     = string
    extraArgs = optional(map(string))
    extraVolumes = optional(list(object({
      hostPath  = string
      mountPath = string
      readonly  = bool
    })))
    env = optional(map(string))
  }))
  etcd = optional(object({
    image     = optional(string)
    extraArgs = optional(map(string))
    subnet    = optional(string)
  }))
  coreDNS = optional(object({
    disabled = bool
    image    = optional(string)
  }))
  externalCloudProvider = optional(object({
    enabled   = bool
    manifests = list(string)
  }))
  adminKubeconfig = optional(object({
    certLifetime = string
  }))
  allowSchedulingOnMasters = optional(bool)
})See ClusterConfig section in Talos Configuration Reference for detail description.
list(object({
  name     = string
  contents = string
}))See ClusterConfig section in Talos Configuration Reference for detail description.
| Name | Description | Type | Sensitive | 
|---|---|---|---|
| configuration | Base64 encoded Talos configuration. | string | false | 
Module is maintained by Ilya Pozdnov.
Apache 2 Licensed. See LICENSE for full details.