Closed Sapp00 closed 1 month ago
Sapp00
commented
1 month ago I could track it down and the error message appears because of malformed patches, which is not really intuitive.
This is the error causing patch:
- |-
- op: replace
path: /cluster/etcd/ca
value:
crt: ${etcdCACert}
key: ${etcdCAKey}any idea what is wrong with it?
budimanjojo
commented
1 month ago Thanks for the report!
I just tried the talconfig.yaml you provided above (with the ${} replaced) and talhelper genconfig ran fine. I think the error message is you have wrong kind of value in your talenv.yaml file? Make sure they are in key: value format, for example yours should look somethine like this:
clusterEndpointName: clustername
domainName: domainname
nameServer: 1.2.3.4
etcdCACert: LS0tLS1CRUdblbalbalballaba
etcdCAKey: LS0tLS1CRUdblbalbalballabaAnother one is there's no controlplane key, it should be controlPlane.
Sapp00
commented
1 month ago The controlplane is a typo, but just occured when I truncated some info.
My talenv.sops.yaml is actually in the right format:
domainName: cluster.local
nameServer: 10.10.10.1
clusterEndpointName: home
clusterEndpointIP: 10.10.10.10
aggregatorCert: 123456
aggregatorKey: 123456
clusterCACert: 123456
clusterCAKey: 59hadfa9
etcdCACert: afsidiisafjafjidaf
etcdCAKey: afiadsfiansfaindfaasfiodsafo
machineCACert: asfjoiadsfijdsfoia
machineCAKey: 2orijaiusdfinsafadsf
serviceAccountKey: ab123
secretboxEncryptionSecret: aaijdfaf
clusterSecret: sdnidasgindgd
clusterToken: adjifaiugdu
machineToken: uhefiasdiufsMy whole controlPlane section:
controlPlane:
patches:
- |-
- op: add
path: /cluster/proxy/extraArgs
value:
feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true
disabled: true
- |-
- op: add
path: /cluster/controllermanager/extraArgs
value:
feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true
bind-address: 0.0.0.0
- |-
- op: add
path: /cluster/scheduler/extraArgs
value:
feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true
bind-address: 0.0.0.0
- |-
- op: add
path: /cluster/apiserver/extraArgs
value:
feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true
admissionControl: []
- |-
- op: add
path: /machine/secretboxEncryptionSecret
value: ${secretboxEncryptionSecret}
- |-
- op: add
path: /cluster/aggregatorCA
value:
crt: ${aggregatorCert}
key: ${aggregatorKey}
- |-
- op: add
path: /cluster/ca
crt: ${clusterCACert}
key: ${clusterCAKey}
- |-
- op: add
path: /cluster/discovery/registries/service
value:
disabled: true
- |-
- op: replace
path: /cluster/etcd/ca
value:
crt: ${etcdCACert}
key: ${etcdCAKey}
- |-
- op: replace
path: /cluster/secret
value: ${clusterSecret}
- |-
- op: add
path: /cluster/serviceAccount
value:
key: ${serviceAccountKey}
- |-
- op: replace
path: /cluster/token
value: ${clusterToken}
- |-
- op: add
path: /machine/ca
value:
crt: ${machineCACert}
key: ${machineCAKey}
- |-
- op: add
path: /machine/kubelet/extraArgs
value:
feature-gates: GracefulNodeShutdown=true,MixedProtocolLBService=true
rotate-server-certificates: "true"
- |-
- op: add
path: /machine/kubelet/nodeIP
value:
validSubnets:
- 10.10.10.0/24
- |-
- op: add
path: /machine/time
value:
disabled: false
servers:
- ${nameServer}
- |-
- op: replace
path: /machine/token
value: ${machineToken}
schematic:
customization:
extraKernelArgs:
- security=apparmor
systemExtensions:
officialExtensions:
- siderolabs/iscsi-tools
- siderolabs/intel-ucodeI found a lot of problem with your patches:
path: /cluster/controllermanager/extraArgs should be path: /cluster/controllerManager/extraArgspath: /cluster/apiserver/extraArgs should be path: /cluster/apiServer/extraArgs and please remove admissionControl: [] from the valuevalue: after the line path: /cluster/caI also suggest you to use talsecret.sops.yaml to store those secrets instead of putting so many patches. Not sure why you prefer using patches. Read this documentation for more information: https://budimanjojo.github.io/talhelper/latest/getting-started/#you-already-have-a-talos-cluster-running
budimanjojo
commented
1 month ago Closing this now as it seems like not a bug.
Hi,
I am facing the error "mapping values are not allowed in this context" when parsing my talconfig.
The respective block is the following:
I have no clue where this error is coming from, before reworking my configs, it was "working". Working means, that it did not throw an error, but somehow the configs were just the basic configs without my customization.