docs: explicitly cover which APIs can be used in `--insecure` mode

siderolabs / talos

Talos Linux is a modern Linux distribution built for Kubernetes.

https://www.talos.dev

Mozilla Public License 2.0

6.39k stars 514 forks source link

docs: explicitly cover which APIs can be used in `--insecure` mode #5311

Open TimJones opened 2 years ago

TimJones commented 2 years ago

It is unclear currently which of the APIs/talosctl commands are available when a node is not configured, using --insecure flag.

sanmai-NL commented 5 months ago

@TimJones Is there any documentation on the necessity of ‘insecure’ (unauthenticated, it deserves a rename) bootstrapping the config (in maintainance mode)? Can it be avoided? What impact does it have when network-level security can't be guaranteed?

steverfrancis commented 5 months ago

It can be avoided with Omni (as SideroLink has a secure tunnel to Omni), but not with plain Talos - have to get the config onto the system somehow...

sanmai-NL commented 5 months ago

In the meantime I found out that some installation procedures do allow providing the machine config out-of-band/without networking, e.g. NoCloud with cloud-init.