You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To recover from a snapshot, please refer to the Talos Disaster Recovery section in the [Documentation](https://www.talos.dev/latest/advanced/disaster-recovery/#recovery).
601
601
</details>
602
602
603
-
<!-- Talos Discovery Service -->
604
-
<details>
605
-
<summary><b>Talos Discovery Service</b></summary>
606
-
607
-
Talos supports two node discovery mechanisms:
608
-
609
-
- **Discovery Service Registry** (default): A public, external registry operated by Sidero Labs that works even when Kubernetes is unavailable. Nodes must have outbound access to TCP port 443 to communicate with it.
610
-
- **Kubernetes Registry**: Relies on Kubernetes Node metadata stored in etcd.
611
-
612
-
This module uses the discovery service to perform additional health checks during Talos upgrades, Kubernetes upgrades, and Kubernetes manifest synchronization. If no discovery mechanism is enabled, these additional checks will be skipped.
613
-
614
-
> :warning: **Important:** Kubernetes-based discovery is **incompatible by default** with Kubernetes **v1.32+** due to the `AuthorizeNodeWithSelectors` feature gate, which restricts access to Node metadata. This can cause broken discovery behavior, such as failing or incomplete results from `talosctl health` or `talosctl get members`.
615
-
616
-
##### Example Configuration
617
-
618
-
```hcl
619
-
# Disable Kubernetes-based discovery (deprecated in Kubernetes >= 1.32)
- **Discovery Service Registry** (default): A public, external registry operated by Sidero Labs that works even when Kubernetes is unavailable. Nodes must have outbound access to TCP port 443 to communicate with it.
692
+
- **Kubernetes Registry**: Relies on Kubernetes Node metadata stored in etcd.
693
+
694
+
This module uses the discovery service to perform additional health checks during Talos upgrades, Kubernetes upgrades, and Kubernetes manifest synchronization. If no discovery mechanism is enabled, these additional checks will be skipped.
695
+
696
+
> :warning: **Important:** Kubernetes-based discovery is **incompatible by default** with Kubernetes **v1.32+** due to the `AuthorizeNodeWithSelectors` feature gate, which restricts access to Node metadata. This can cause broken discovery behavior, such as failing or incomplete results from `talosctl health` or `talosctl get members`.
697
+
698
+
##### Example Configuration
699
+
700
+
```hcl
701
+
# Disable Kubernetes-based discovery (deprecated in Kubernetes >= 1.32)
# Enable the external Sidero Labs discovery service (default)
705
+
talos_siderolabs_discovery_service_enabled = true
706
+
```
707
+
708
+
For more details, refer to the [official Talos discovery guide](https://www.talos.dev/latest/talos-guides/discovery/).
709
+
</details>
710
+
711
711
<!-- Lifecycle -->
712
712
## :recycle: Lifecycle
713
713
The [Talos Terraform Provider](https://registry.terraform.io/providers/siderolabs/talos) does not support declarative upgrades of Talos or Kubernetes versions. This module compensates for these limitations using `talosctl` to implement the required functionalities. Any minor or major upgrades to Talos and Kubernetes will result in a major version change of this module. Please be aware that downgrades are typically neither supported nor tested.
0 commit comments