https://pulumi.com logo
Join Slack
Powered by
Heyo! Anyone able to help with the Talos package? ...
# general
m
Heyo! Anyone able to help with the Talos package? https://www.pulumi.com/registry/packages/talos/ I've used the proxmox package to create the initial VM and I grabbed the IP address of the node. But now I need to do all the initial configuration listed here: https://www.talos.dev/v1.9/talos-guides/install/virtualized-platforms/proxmox/#generate-machine-configurations But the pulumi package seems to require me to import some data whereas the manual instructions don't. Is this able to be fully automated with Pulumi?
m
@limited-rainbow-51650 did you had a chance to work with this? I know that @salmon-account-74572 did for sure.
m
I solved this issue but ran into another. Turns out the API for the secrets is kind of broken in the RPC calls back to the underlying client. Here is the solution:
Copy code
configuration = talos.machine.get_configuration_output(
        cluster_name="Cluster",
        machine_type="controlplane",
        cluster_endpoint=ip_address.apply(lambda ip: f"https://{ip}:6443"),
        machine_secrets=talos.machine.MachineSecretsArgs(
            certs=secrets.machine_secrets.certs,
            cluster=secrets.machine_secrets.cluster,
            secrets=secrets.machine_secrets.secrets,
            trustdinfo=secrets.machine_secrets.trustdinfo,
        ),
    )
However, my next issue is trying to figure out how to get the kubeconfig out of the cluster so I can start provisioning resources and accounts for my developers to access the API and deploy apps in their namespaces. (BROKEN)
Copy code
config = talos.cluster.get_kubeconfig_output(
        node=ip_address,
        client_configuration=talos.cluster.GetKubeconfigClientConfigurationArgs(
            ca_certificate=secrets.machine_secrets.certs.ca_certificate,
            client_certificate=secrets.machine_secrets.certs.client_certificate,
            client_key=secrets.machine_secrets.certs.client_key,
        ),
    )
m
@melodic-carpet-45864 what is broken on the 
get_kubeconfig_output
call? Do you have error logs to share?
m
I'm trying to pass in the client_configuration from previous steps, but it can't access those 3x certs and keys that I have manually set in the above example (which don't work in the way I have it written). I'll pass over the existing client_configuration from a previous step that works and share the code and error in a minute.
m
@melodic-carpet-45864 yepp, would be the best! thanks for the help
m
Code (Bootstrap works, get_kubeconfig doesn't):
Copy code
bootstrap = talos.machine.Bootstrap(
        f"bootstrap ({name})",
        node=ip_address,
        client_configuration=cast(
            "Input[talos.machine.ClientConfigurationArgs]", secrets.client_configuration
        ),
        opts=pulumi.ResourceOptions(depends_on=[configuration_apply]),
    )

    config = talos.cluster.get_kubeconfig_output(
        node=ip_address,
        client_configuration=cast(
            "Input[talos.cluster.GetKubeconfigClientConfigurationArgs]",
            secrets.client_configuration,
        ),
    )
Errors:
Copy code
Exception: invoke of talos:cluster/getKubeconfig:getKubeconfig failed: invocation of talos:cluster/getKubeconfig:getKubeconfig returned an error: [AttributeName("client_configuration").AttributeName("ca_certificate")] Missing Configuration for Required Attribute: Must set a configuration value for the client_configuration.ca_certificate attribute as the provider has marked it as required.
Here is the complete code if you need the rest of the context:
Copy code
from typing import cast

import pulumi
import pulumi_proxmoxve as proxmox
import pulumiverse_talos as talos
from pulumi import Input

architecture = "amd64"
platform = "nocloud"
talos_version = "v1.9.5"
schematic_id = "ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515"


talos_image_factory = talos.imagefactory.get_urls(
    architecture=architecture,
    platform=platform,
    schematic_id=schematic_id,
    talos_version=talos_version,
)

talos_iso = proxmox.download.File(
    "Talos Install ISO",
    file_name=f"talos-{talos_version}-{platform}-{architecture}.iso",
    content_type="iso",
    url=talos_image_factory.urls.iso,
    datastore_id="Synology-NFS",
    node_name="pve2",
)

secrets = talos.machine.Secrets("secrets")

for i in range(1):  # Number of nodes to provision
    name = f"talos-test-{i:0>2}"
    vm = proxmox.vm.VirtualMachine(
        name,
        name=name,
        node_name="pve2",
        agent=proxmox.vm.VirtualMachineAgentArgs(
            enabled=True,
            trim=True,
        ),
        cdrom=proxmox.vm.VirtualMachineCdromArgs(
            file_id=talos_iso.id,
        ),
        cpu=proxmox.vm.VirtualMachineCpuArgs(
            cores=4,
            type="host",
        ),
        disks=[
            proxmox.vm.VirtualMachineDiskArgs(
                interface="scsi0",
                datastore_id="Synology-NFS",
                size=100,
                file_format="qcow2",
            )
        ],
        memory=proxmox.vm.VirtualMachineMemoryArgs(dedicated=4 * 1024),
        network_devices=[proxmox.vm.VirtualMachineNetworkDeviceArgs()],
        stop_on_destroy=True,
    )

    ip_address = vm.ipv4_addresses.apply(lambda x: x[-1][0])

    configuration = talos.machine.get_configuration_output(
        cluster_name="K8s Cluster",
        machine_type="controlplane",
        cluster_endpoint=ip_address.apply(lambda ip: f"https://{ip}:6443"),
        machine_secrets=talos.machine.MachineSecretsArgs(
            certs=secrets.machine_secrets.certs,
            cluster=secrets.machine_secrets.cluster,
            secrets=secrets.machine_secrets.secrets,
            trustdinfo=secrets.machine_secrets.trustdinfo,
        ),
    )

    configuration_apply = talos.machine.ConfigurationApply(
        f"configurationApply ({name})",
        client_configuration=cast(
            "Input[talos.machine.ClientConfigurationArgs]", secrets.client_configuration
        ),
        machine_configuration_input=configuration.machine_configuration,
        node=ip_address,
    )

    bootstrap = talos.machine.Bootstrap(
        f"bootstrap ({name})",
        node=ip_address,
        client_configuration=cast(
            "Input[talos.machine.ClientConfigurationArgs]", secrets.client_configuration
        ),
        opts=pulumi.ResourceOptions(depends_on=[configuration_apply]),
    )

    config = talos.cluster.get_kubeconfig_output(
        node=ip_address,
        client_configuration=cast(
            "Input[talos.cluster.GetKubeconfigClientConfigurationArgs]",
            secrets.client_configuration,
        ),
    )
m
hey @melodic-carpet-45864, I created a Talos cluster on DigitalOcean and for me it worked with 
KubeConfig
Copy code
const clusterKubeconfig = new talos.cluster.Kubeconfig("talosKubeconfig", {
    clientConfiguration: machineSecrets.clientConfiguration,
    node: controlPlaneDropletsIP4s[0],
})

export const kubeconfig = clusterKubeconfig.kubeconfigRaw
I used Typescript but it should work with Python too. Can you change to KubeConfig
The secrets problem you mentioned before I worked like this:
Copy code
const machineSecrets = new talos.machine.Secrets("machineSecrets", {});
Copy code
const machineConfigCP = talos.machine.getConfigurationOutput({
    clusterName: config.require("clusterName"),
    clusterEndpoint: pulumi.interpolate`https://${lb.ip}:6443`,
    machineType: "controlplane",
    machineSecrets: machineSecrets.machineSecrets,
})
Setting the 
machineSecrets.machineSecrets
to the property 
machineSecrets
from 
getConfigurationOutput
- Again I used Typescript.
s
I was trying to make this work in Go and never could, I assume due to strict type checking. Haven’t touched it in quite a while. Glad to see that maybe you can get it working with another language.
Open in Slack
PreviousNext
Powered by