You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add an opt‑in flag to talosctl health which allows the command to exit successfully once a node is ready for CNI installation, even though the Kubernetes NodeReady condition is still False because no CNI has been deployed yet.
Proposed syntax:
talosctl -n <node-ip> health --ignore-no-cni
With the flag set, talosctl health should return exit code 0 when all Talos subsystems (apid, control‑plane components, etc.) are healthy and the only remaining blocker is the missing CNI.
Motivation / Problem Statement
When Talos is provisioned with no built‑in CNI (to allow a custom CNI such as Cilium to be installed afterwards), the bootstrap process pauses at phase 18/19:
For automation tools (Terraform/OpenTofu, CI/CD pipelines) there is no reliable signal that the node is healthy enough to proceed with installing the CNI. Current workarounds involve brittle log‑parsing or scripting.
Example workaround (PowerShell)
trimmed for brevity
if ($loginResult | Select-String -Pattern 'waiting for apid to be ready: OK') {
return $true # assume safe to install CNI
}
This relies on internal log messages and may break with future Talos releases.
Proposal
Add a new flag (name bikesheddable — --ignore-no-cni, --allow-pending-cni, --cni-not-required, …).
When the flag is present:
talosctl health should ignore NodeReady=False only when the cause is CNI not initialized.
Any other unhealthy condition (e.g., apid down, kubelet crashloop) must still cause a non‑zero exit code.
Default behaviour remains unchanged ➜ totally backwards‑compatible.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
Summary
Add an opt‑in flag to talosctl health which allows the command to exit successfully once a node is ready for CNI installation, even though the Kubernetes NodeReady condition is still False because no CNI has been deployed yet.
Proposed syntax:
talosctl -n <node-ip> health --ignore-no-cniWith the flag set, talosctl health should return exit code 0 when all Talos subsystems (apid, control‑plane components, etc.) are healthy and the only remaining blocker is the missing CNI.
Motivation / Problem Statement
When Talos is provisioned with no built‑in CNI (to allow a custom CNI such as Cilium to be installed afterwards), the bootstrap process pauses at phase 18/19:
Talos will reboot every 10 minutes until a CNI marks the node Ready (see Talos docs v1.9 → Deploying Cilium → Method 1).
For automation tools (Terraform/OpenTofu, CI/CD pipelines) there is no reliable signal that the node is healthy enough to proceed with installing the CNI. Current workarounds involve brittle log‑parsing or scripting.
Example workaround (PowerShell)
trimmed for brevity
if ($loginResult | Select-String -Pattern 'waiting for apid to be ready: OK') {
return $true # assume safe to install CNI
}
This relies on internal log messages and may break with future Talos releases.
Proposal
Beta Was this translation helpful? Give feedback.
All reactions