Parameters
The parent key for all of the following parameters is tuppr.
|
The resource parameters (
|
|
tuppr requires the Talos API to be accessible from within the cluster. The following patch must be applied to your control-plane machine configs: Without this, the tuppr controller can’t issue Talos API calls to perform upgrades. |
talos_upgrades
| type |
dictionary |
||||||
| default |
|
||||||
| example |
|
Defines TalosUpgrade resources. Each TalosUpgrade manages automated upgrades of Talos Linux nodes with configurable parallelism, health checks, drain configuration, and maintenance windows.
Key spec fields:
-
talos.version— target Talos version (semver) -
policy— upgrade behavior:rebootMode(default/powercycle),force,debug,stage,placement(hard/soft),timeout -
parallelism— number of nodes to upgrade concurrently (default: 1) -
drain— pod eviction settings before upgrade -
nodeSelector— label-based node filtering -
healthChecks— health checks between node upgrades using CEL expressions withapiVersion,kind,expr, andtimeout -
maintenance— maintenance window configuration -
hooks— pre/post-upgrade job definitions -
talosctl.image— override talosctl image (defaults toghcr.io/siderolabs/talosctl)
kubernetes_upgrades
| type |
dictionary |
||||||
| default |
|
||||||
| example |
|
Defines KubernetesUpgrade resources. Each KubernetesUpgrade manages automated upgrades of Kubernetes components (apiserver, controller-manager, scheduler, proxy, kubelet).
| Only one KubernetesUpgrade resource is allowed per cluster (enforced by a validating webhook). |
Key spec fields:
-
kubernetes.version— target Kubernetes version -
kubernetes.imageRepository— private registry for Kubernetes images (optional) -
kubernetes.hostAliases— host alias entries (optional) -
healthChecks— health checks using CEL expressions withapiVersion,kind,expr, andtimeout -
maintenance— maintenance window configuration -
talosctl.image— override talosctl image (defaults toghcr.io/siderolabs/talosctl)
rbac.aggregated_cluster_reader
| type |
bool |
| default |
|
Whether to create a ClusterRole aggregated to cluster-reader that grants read access to tuppr CRDs.
helm_values
| type |
dictionary |
| default |
|
Helm values to pass to the tuppr Helm chart.
See the upstream values.yaml for available options.
Example
Full configuration with both a Talos and Kubernetes upgrade resource:
parameters:
tuppr:
talos_upgrades:
talos:
spec:
talos:
version: v1.13.0
policy:
rebootMode: powercycle
healthChecks:
- apiVersion: v1
kind: Node
expr: 'status.conditions.exists(c, c.type == "Ready" && c.status == "True")'
timeout: 10m
kubernetes_upgrades:
kubernetes:
spec:
kubernetes:
version: v1.36.0
healthChecks:
- apiVersion: v1
kind: Node
expr: 'status.conditions.exists(c, c.type == "Ready" && c.status == "True")'
timeout: 10m
helm_values:
serviceMonitor:
enabled: true
prometheusRule:
enabled: true