Merge branch 'feature/talosctl-improvements'

mlinares1998 · mlinares1998 · commit ce1e9674bf2a · 2025-10-25T21:15:45.000+02:00
diff --git a/README.md b/README.md
@@ -134,7 +134,8 @@ Talos Linux is a secure, minimal, and immutable OS for Kubernetes, removing SSH
 
 - [terraform](https://developer.hashicorp.com/terraform/install) or [tofu](https://opentofu.org/docs/intro/install/) to deploy the Cluster
 - [packer](https://developer.hashicorp.com/packer/install) to upload Talos Images
-- [talosctl](https://www.talos.dev/latest/talos-guides/install/talosctl/) to control the Talos Cluster
+- [jq](https://jqlang.org/download/) for internal API Communication
+- [talosctl](https://www.talos.dev/latest/talos-guides/install/talosctl) to control the Talos Cluster
 - [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) to control Kubernetes (optional)
 
 > [!IMPORTANT]
@@ -349,7 +350,7 @@ cluster_autoscaler_helm_values = {
 ##### Talos Upgrades and Configuration Changes
 Cluster Autoscaler does not support upgrading nodes or changing their configuration, as its primary purpose is to manage short-lived nodes that handle load peaks. If you require long-lived autoscaled nodes, you can upgrade them manually using `talosctl` or use this Terraform module, which supports discovery of autoscaled nodes and manages their upgrades and configuration changes.
 
-To enable this feature, install [jq](https://jqlang.org/download/) and add the following to your configuration:
+To enable this feature, add the following to your configuration:
 ```hcl
 cluster_autoscaler_discovery_enabled = true
 ```
diff --git a/client.tf b/client.tf
@@ -127,7 +127,39 @@ resource "terraform_data" "create_kubeconfig" {
   depends_on = [talos_machine_configuration_apply.control_plane]
 }
 
+data "external" "client_prerequisites_check" {
+  count = var.client_prerequisites_check_enabled ? 1 : 0
+
+  program = [
+    "sh", "-c", <<-EOT
+      set -eu
+
+      missing=0
+
+      if ! command -v packer >/dev/null 2>&1; then
+          printf '\n%s' ' - packer is not installed or not in PATH. Install it at https://developer.hashicorp.com/packer/install' >&2
+          missing=1
+      fi
+
+      if ! command -v jq >/dev/null 2>&1; then
+          printf '\n%s' ' - jq is not installed or not in PATH. Install it at https://jqlang.org/download/' >&2
+          missing=1
+      fi
+
+      if ! command -v talosctl >/dev/null 2>&1; then
+          printf '\n%s' ' - talosctl is not installed or not in PATH. Install it at https://www.talos.dev/latest/talos-guides/install/talosctl' >&2
+          missing=1
+      fi
+
+      printf '%s' '{}'
+      exit "$missing"
+    EOT
+  ]
+}
+
 data "external" "talosctl_version_check" {
+  count = var.talosctl_version_check_enabled ? 1 : 0
+
   program = [
     "sh", "-c", <<-EOT
       set -eu
@@ -140,7 +172,7 @@ data "external" "talosctl_version_check" {
             r=$${v#*.}
             min=$${r%%.*}
             patch=$${r#*.}
-            patch=$${patch%%[^0-9]*}
+            patch=$${patch%%[!0-9]*}
             printf '%s %s %s\n' "$maj" "$min" "$patch"
             return 0
             ;;
@@ -157,18 +189,24 @@ data "external" "talosctl_version_check" {
           fi
         done
       )
-      [ -n "$parsed_version" ] || { echo "Could not parse talosctl client version" >&2; exit 1; }
+
+      if [ -z "$parsed_version" ]; then
+        printf '%s\n' "Could not parse talosctl client version" >&2
+        exit 1
+      fi
 
       set -- $parsed_version; major=$1; minor=$2; patch=$3
       if [ "$major" -lt "${local.talos_version_major}" ] ||
        { [ "$major" -eq "${local.talos_version_major}" ] && [ "$minor" -lt "${local.talos_version_minor}" ]; } ||
        { [ "$major" -eq "${local.talos_version_major}" ] && [ "$minor" -eq "${local.talos_version_minor}" ] && [ "$patch" -lt "${local.talos_version_patch}" ]; }
       then
-        echo "talosctl version ($major.$minor.$patch) is lower than Talos target version: ${local.talos_version_major}.${local.talos_version_minor}.${local.talos_version_patch}" >&2
+        printf '%s\n' "talosctl version ($major.$minor.$patch) is lower than Talos target version: ${local.talos_version_major}.${local.talos_version_minor}.${local.talos_version_patch}" >&2
         exit 1
       fi
 
-      printf '%s\n' "{\"talosctl_version\": \"$major.$minor.$patch\"}"
+      printf '%s' "{\"talosctl_version\": \"$major.$minor.$patch\"}"
     EOT
   ]
+
+  depends_on = [data.external.client_prerequisites_check]
 }
diff --git a/image.tf b/image.tf
@@ -117,6 +117,8 @@ resource "terraform_data" "packer_init" {
     working_dir = "${path.module}/packer/"
     command     = "packer init -upgrade requirements.pkr.hcl"
   }
+
+  depends_on = [data.external.client_prerequisites_check]
 }
 
 resource "terraform_data" "amd64_image" {
@@ -150,7 +152,10 @@ resource "terraform_data" "amd64_image" {
     }
   }
 
-  depends_on = [terraform_data.packer_init]
+  depends_on = [
+    data.external.client_prerequisites_check,
+    terraform_data.packer_init
+  ]
 }
 
 resource "terraform_data" "arm64_image" {
@@ -184,7 +189,10 @@ resource "terraform_data" "arm64_image" {
     }
   }
 
-  depends_on = [terraform_data.packer_init]
+  depends_on = [
+    data.external.client_prerequisites_check,
+    terraform_data.packer_init
+  ]
 }
 
 data "hcloud_image" "amd64" {
diff --git a/network.tf b/network.tf
@@ -37,9 +37,9 @@ locals {
   worker_private_ipv4_list = compact(distinct([for server in hcloud_server.worker : tolist(server.network)[0].ip]))
 
   # Lists for cluster autoscaler nodes
-  cluster_autoscaler_public_ipv4_list  = compact(distinct([for server in local.cluster_autoscaler_server : server.public_ipv4_address]))
-  cluster_autoscaler_public_ipv6_list  = compact(distinct([for server in local.cluster_autoscaler_server : server.public_ipv6_address]))
-  cluster_autoscaler_private_ipv4_list = compact(distinct([for server in local.cluster_autoscaler_server : server.private_ipv4_address]))
+  cluster_autoscaler_public_ipv4_list  = compact(distinct([for server in local.talos_discovery_cluster_autoscaler : server.public_ipv4_address]))
+  cluster_autoscaler_public_ipv6_list  = compact(distinct([for server in local.talos_discovery_cluster_autoscaler : server.public_ipv6_address]))
+  cluster_autoscaler_private_ipv4_list = compact(distinct([for server in local.talos_discovery_cluster_autoscaler : server.private_ipv4_address]))
 }
 
 data "hcloud_location" "this" {
diff --git a/packer/image_amd64.pkr.hcl b/packer/image_amd64.pkr.hcl
@@ -50,10 +50,10 @@ build {
       <<-EOT
         set -euo pipefail
 
-        echo 'Zeroing disk first before writing Talos image'
+        printf '%s\n' 'Zeroing disk first before writing Talos image'
         blkdiscard -v /dev/sda 2>/dev/null
 
-        echo 'Download Talos ${var.talos_version} image (${var.talos_schematic_id})'
+        printf '%s\n' 'Download Talos ${var.talos_version} image (${var.talos_schematic_id})'
         wget \
           --quiet \
           --timeout=20 \
@@ -66,7 +66,7 @@ build {
         | xz -T0 -dc \
         | dd of=/dev/sda bs=1M iflag=fullblock oflag=direct conv=fsync status=none
 
-        echo 'Talos ${var.talos_version} image (${var.talos_schematic_id}) downloaded'
+        printf '%s\n' 'Talos ${var.talos_version} image (${var.talos_schematic_id}) downloaded'
       EOT
     ]
   }
diff --git a/packer/image_arm64.pkr.hcl b/packer/image_arm64.pkr.hcl
@@ -50,10 +50,10 @@ build {
       <<-EOT
         set -euo pipefail
 
-        echo 'Zeroing disk first before writing Talos image'
+        printf '%s\n' 'Zeroing disk first before writing Talos image'
         blkdiscard -v /dev/sda 2>/dev/null
 
-        echo 'Download Talos ${var.talos_version} image (${var.talos_schematic_id})'
+        printf '%s\n' 'Download Talos ${var.talos_version} image (${var.talos_schematic_id})'
         wget \
           --quiet \
           --timeout=20 \
@@ -66,7 +66,7 @@ build {
         | xz -T0 -dc \
         | dd of=/dev/sda bs=1M iflag=fullblock oflag=direct conv=fsync status=none
 
-        echo 'Talos ${var.talos_version} image (${var.talos_schematic_id}) downloaded'
+        printf '%s\n' 'Talos ${var.talos_version} image (${var.talos_schematic_id}) downloaded'
       EOT
     ]
   }
diff --git a/server.tf b/server.tf
@@ -149,8 +149,8 @@ locals {
   # documentation 2001:db8::/32, IPv4-mapped ::ffff:0:0/96
   ipv6_non_public_pattern = "^(::$|::1$|fe[89ab][0-9a-f]:|f[cd][0-9a-f]*:|ff[0-9a-f]*:|2001:db8:|::ffff:)"
 
-  cluster_autoscaler_server = var.cluster_autoscaler_discovery_enabled ? {
-    for m in jsondecode(data.external.talos_members[0].result.cluster_autoscaler) : m.spec.hostname => {
+  talos_discovery_cluster_autoscaler = {
+    for m in jsondecode(data.external.talos_member.result.cluster_autoscaler) : m.spec.hostname => {
       nodepool = regex(local.cluster_autoscaler_hostname_pattern, m.spec.hostname)[0]
 
       private_ipv4_address = try(
@@ -183,12 +183,10 @@ locals {
         ][0], null
       )
     }
-  } : {}
+  }
 }
 
-data "external" "talos_members" {
-  count = var.cluster_autoscaler_discovery_enabled ? 1 : 0
-
+data "external" "talos_member" {
   program = [
     "sh", "-c", <<-EOT
       set -eu
@@ -198,15 +196,30 @@ data "external" "talos_members" {
       jq -r '.talosconfig' > "$talosconfig"
 
       if ${local.cluster_initialized}; then
-        if json=$(talosctl --talosconfig "$talosconfig" get member -n '${terraform_data.talos_access_data.output.talos_primary_node}' -o json); then
-          printf '%s' "$json" | \
-          jq -c -s '{cluster_autoscaler: (map(select(.spec.hostname | test("${local.cluster_autoscaler_hostname_pattern}"))) | tostring)}'
+        if talos_member_json=$(talosctl --talosconfig "$talosconfig" get member -n '${terraform_data.talos_access_data.output.talos_primary_node}' -o json); then
+          printf '%s' "$talos_member_json" | jq -c -s '{
+            control_plane: (
+              map(select(.spec.machineType == "controlplane")) | tostring
+            ),
+            worker: (
+              map(select(
+                .spec.machineType == "worker"
+                and (.spec.hostname | test("${local.cluster_autoscaler_hostname_pattern}") | not)
+              )) | tostring
+            ),
+            cluster_autoscaler: (
+              map(select(
+                .spec.machineType == "worker"
+                and (.spec.hostname | test("${local.cluster_autoscaler_hostname_pattern}"))
+              )) | tostring
+            )
+          }'
         else
-          echo "talosctl failed" >&2
+          printf '%s\n' "talosctl failed" >&2
           exit 1
         fi
       else
-        echo '{"cluster_autoscaler": "[]"}'
+        printf '%s\n' '{"control_plane":"[]","cluster_autoscaler":"[]","worker":"[]"}'
       fi
     EOT
   ]
@@ -216,8 +229,10 @@ data "external" "talos_members" {
   }
 
   depends_on = [
+    data.external.client_prerequisites_check,
     data.external.talosctl_version_check,
-    terraform_data.upgrade_control_plane,
-    terraform_data.upgrade_worker
+    data.talos_machine_configuration.control_plane,
+    data.talos_machine_configuration.worker,
+    data.talos_machine_configuration.cluster_autoscaler
   ]
 }
diff --git a/talos.tf b/talos.tf
diff --git a/variables.tf b/variables.tf

Original file line number	Diff line number	Diff line change
`@@ -117,6 +117,8 @@ resource "terraform_data" "packer_init" {`
`117`	`117`	`working_dir = "${path.module}/packer/"`
`118`	`118`	`command = "packer init -upgrade requirements.pkr.hcl"`
`119`	`119`	`}`
	`120`	`+`
	`121`	`+ depends_on = [data.external.client_prerequisites_check]`
`120`	`122`	`}`
`121`	`123`
`122`	`124`	`resource "terraform_data" "amd64_image" {`
`@@ -150,7 +152,10 @@ resource "terraform_data" "amd64_image" {`
`150`	`152`	`}`
`151`	`153`	`}`
`152`	`154`
`153`		`- depends_on = [terraform_data.packer_init]`
	`155`	`+ depends_on = [`
	`156`	`+ data.external.client_prerequisites_check,`
	`157`	`+ terraform_data.packer_init`
	`158`	`+ ]`
`154`	`159`	`}`
`155`	`160`
`156`	`161`	`resource "terraform_data" "arm64_image" {`
`@@ -184,7 +189,10 @@ resource "terraform_data" "arm64_image" {`
`184`	`189`	`}`
`185`	`190`	`}`
`186`	`191`
`187`		`- depends_on = [terraform_data.packer_init]`
	`192`	`+ depends_on = [`
	`193`	`+ data.external.client_prerequisites_check,`
	`194`	`+ terraform_data.packer_init`
	`195`	`+ ]`
`188`	`196`	`}`
`189`	`197`
`190`	`198`	`data "hcloud_image" "amd64" {`