search

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.
https://www.talos.dev
Mozilla Public License 2.0
5.75k stars 466 forks source link

Add gen subcommand for generating cluster id and secret #4348

Closed andrewrynhard closed 2 years ago

andrewrynhard commented 2 years ago

It would be convenient if talosctl gen had the ability to generate the cluster id and secret. It would make things like going from 0.12 to 0.13 easier, potentially useful for rotating.

Ulexus commented 2 years ago

It does do this for new clusters as a matter of course (it's not optional). Are you envisioning some kind of migration path for existing configs?

$ talosctl gen config alpha https://alpha.test.com:6443
generating PKI and tokens
created controlplane.yaml
created worker.yaml
created talosconfig
$ yq read controlplane.yaml 'cluster.id'
aDyxAIjAqT3xQn477suiKu0VrBDCiZYfu2I5y9bPLdY=
$ yq read controlplane.yaml 'cluster.secret'
6fRi1GLOoPYwhrskCOSSW7bSWiN1vFUe07vVHvCfVmQ=
$ yq read worker.yaml 'cluster.id'
aDyxAIjAqT3xQn477suiKu0VrBDCiZYfu2I5y9bPLdY=
$ yq read worker.yaml 'cluster.secret'
6fRi1GLOoPYwhrskCOSSW7bSWiN1vFUe07vVHvCfVmQ=
Ulexus commented 2 years ago

Oh... I see. You mean to generate the ID and secret discretely for insertion into existing configs. Like wg genkey (which does exactly the same thing).

Ulexus commented 2 years ago

Something like this, perhaps?

$ talosctl gen clusterkey
Cluster ID:        8Ikkeyarw60jJ0boEM0cpZ+dhfGtb3AIk8ZjftDOd3I=
Cluster Secret: AG9LSRTy8UgFSDuHzT5/ClGB7LkY5ji3hwDlLjGqsX4=

We could do that.

smira commented 2 years ago

We have it covered in 0.12 docs: https://www.talos.dev/docs/v0.12/guides/upgrading-talos/#machine-configuration-changes