GitHub release (release name instead of tag name) GitHub issues GitHub

A helper tool to help creating Talos cluster in your GitOps repository. · Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started

  3. Usage
  4. Roadmap
  5. Contributing
  6. License
  7. Acknowledgments

About The Project

The main reason of this tool is to help creating Talos cluster in GitOps way. Inspired by a python script written by @bjw-s here.

You can use this tool to generate Talos config file with talhelper genconfig command. You can also use this tool to generate Talos secrets with talhelper gensecret command.

This tool will:

  • Read your talconfig.yaml
  • Read and decrypt your talenv.yaml or talenv.sops.yaml with SOPS
  • Do envsubst if needed
  • Validate config file is good for talosctl
  • Generate Talos cluster and config yaml files for you based on your talconfig.yaml
  • Generate .gitignore file so you don’t commit your secret to the public

This tool is actually my first time programming something other than shell script. Any input and suggestion will be highly appreciated.

Getting Started

Scenario 1 (You already have your talos config but not GitOps it yet):

  1. Create a talconfig.yaml based on your current cluster, an example template is provided.
  2. Run talhelper gensecret -f <your-taloscfg.yaml> --patch-configfile > talenv.yaml. This will create a talenv.yaml file with all your current cluster secrets and patch your talconfig.yaml to link to those secrets.
  3. Encrypt the secret with SOPS: sops -e -i talenv.yaml.
  4. Commit your talconfig.yaml and talenv.yaml in Git repository.

Scenario 2 (You want talhelper to create from scratch):

  1. Create a talconfig.yaml, an example template is provided.
  2. Run talhelper gensecret --patch-configfile > talenv.sops.yaml (--patch-configfile will add inlinePatches inside your talconfig.yaml)
  3. Encrypt the secret with SOPS: sops -e -i talenv.sops.yaml
  4. Run talhelper genconfig and the output files will be in ./clusterconfig by default.
  5. Commit your talconfig.yaml and talenv.sops.yaml in Git repository.

To get help, run talhelper <subcommand> --help


[Recommended Way] You can install talhelper using aqua. You can also download the archives from release page. Or you can install it using this one liner, using tool from jpillora:

curl https://i.jpillora.com/budimanjojo/talhelper! | sudo bash


Available Commands:
  completion  Generate the autocompletion script for the specified shell
  genconfig   Generate Talos cluster config YAML file
  gensecret   Generate Talos cluster secrets
  help        Help about any command

  talhelper genconfig [flags]

  -c, --config-file string   File containing configurations for nodes (default "talconfig.yaml")
  -e, --env-file strings     List of files containing env variables for config file (default [talenv.yaml,talenv.sops.yaml,talenv.yml,talenv.sops.yml])
  -h, --help                 help for genconfig
      --no-gitignore         Create/update gitignore file too
  -o, --out-dir string       Directory where to dump the generated files (default "./clusterconfig")
  -m, --talos-mode string    Talos runtime mode to validate generated config (default "metal")

  talhelper gensecret [flags]

  -c, --config-file string       File containing configurations for talhelper (default "talconfig.yaml")
  -f, --from-configfile string   Talos cluster node configuration file to generate secret from
  -h, --help                     help for gensecret
  -p, --patch-configfile         Whether to generate inline patches into config file


  • Add tests
  • Add release workflows
  • More useful features


Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag “enhancement”. Don’t forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request


Distributed under the BSD-3 License. See LICENSE for more information.



View Github