This repository contains the configuration and setup for Talos, a modern operating system for Kubernetes clusters. Below are the steps to get started with this repository using go-task.
- Install Go Task:
brew install go-task/tap/go-task
-
Install the required tools using the
init-macostask:task init-macos
-
Clone the repository:
git clone <repository-url> cd talos
-
Review the available tasks:
task --list
-
Bring up the entire system:
task up
-
To tear down the system:
task teardown
The Taskfile.yml contains predefined tasks to simplify the workflow. Below are some of the key tasks:
up: Brings up the entire system in order (bootstrap → proxmox → system → base)teardown: Tears down the entire system in reverse orderrebuild: Complete teardown and rebuild from scratch00-bootstrap: Sets up the initial bootstrap configuration01-proxmox: Deploys the Proxmox-related configuration02-system: Applies the system-level configuration03-base: Deploys the base configuration for the cluster
This repository includes comprehensive Talos upgrade functionality that uses terraform outputs to discover nodes and supports flexible version management.
# Upgrade all nodes using the default version
task upgrade-talos
# Upgrade to a specific version
task upgrade-talos VERSION=v1.11.0
# Upgrade only controllers (safer for etcd)
task upgrade-controllers VERSION=v1.11.0
# Upgrade only workers
task upgrade-workers VERSION=v1.11.0
# Sequential upgrade (safest, one node at a time)
task upgrade-talos-sequential VERSION=v1.11.0
# Upgrade a single node
task upgrade-node NODE=10.1.1.124 VERSION=v1.11.0# Check current versions on all nodes
task check-versions
# Set the default upgrade version permanently
task set-upgrade-version VERSION=v1.11.0
# Check upgrade status
task check-upgrade-status
# Perform health check
task health-checkThe upgrade system:
- Gets node IPs from terraform outputs - No dependency on Kubernetes being available
- Uses your custom schematic - Preserves hardware compatibility from your terraform configuration
- Supports version override - Default version in Taskfile, override with
VERSION=x.x.x - Upgrades safely - Controllers first (sequential), then workers
- Waits for readiness - Ensures each node is healthy before proceeding
The upgrade image is dynamically constructed as:
factory.talos.dev/nocloud-installer/{your-schematic-id}:{version}
upgrade-talos: Recommended approach - upgrades controllers sequentially, then workersupgrade-talos-sequential: Safest approach - upgrades all nodes one by oneupgrade-controllers+upgrade-workers: Fine-grained control over the upgrade process
The Taskfile supports flexible version management:
- Default version: Set in
TALOS_UPGRADE_VERSIONvariable (currentlyv1.10.6) - Command-line override: Use
VERSION=v1.x.xwith any upgrade task - Permanent update: Use
task set-upgrade-version VERSION=v1.x.x
# Comprehensive cluster health check
task health-check
# Check current Talos versions on all nodes
task check-versions
# Check upgrade status
task check-upgrade-statusThe repository is organized into stages that build upon each other:
- 00-bootstrap: Initial Vault and basic infrastructure setup
- 01-proxmox: Virtual machine provisioning and Talos image deployment
- 02-system: Talos cluster configuration and Kubernetes bootstrap
- 03-base: Base applications and services (ArgoCD, cert-manager, etc.)
Node discovery is done via terraform outputs rather than kubectl, making upgrades more reliable:
- Controller nodes: Retrieved from
terraform output controller_nodes - Worker nodes: Retrieved from
terraform output worker_nodes - All nodes: Combined list of controllers and workers
- IP addresses: Extracted from terraform state, sorted and deduplicated
This approach works even when:
- Kubernetes cluster is down or unhealthy
- During initial cluster setup
- When nodes are being upgraded and temporarily unavailable
The following tools are automatically installed via task init-macos:
- go-task
- kubectl
- kustomize
- helm
- terraform
- talosctl
- k9s
- yq
- jq