fix: refresh talos tls certs

Addressing the short lifetime of Talos certificates by implementing a routine for regular recreation of the Talos client.

Signed-off-by: Serge Logvinov <serge.logvinov@sinextra.dev>

pkg/talos/client.go

@@ -47,6 +47,20 @@ func newClient(ctx context.Context, config *cloudConfig) (*client, error) {
 	}, nil
 }
 
+func (c *client) refreshClient(ctx context.Context) error {
+	if _, err := c.talos.Version(ctx); err != nil {
+		talos, err := newClient(ctx, c.config)
+		if err != nil {
+			return fmt.Errorf("failed to reinitialized talos client: %v", err)
+		}
+
+		c.talos.Close() //nolint:errcheck
+		c.talos = talos.talos
+	}
+
+	return nil
+}
+
 func (c *client) getNodeMetadata(ctx context.Context, nodeIP string) (*runtime.PlatformMetadataSpec, error) {
 	nodeCtx := clienttalos.WithNode(ctx, nodeIP)
 

pkg/talos/instances.go

@@ -56,6 +56,10 @@ func (i *instances) InstanceMetadata(ctx context.Context, node *v1.Node) (*cloud
 			nodeIP string
 		)
 
+		if err = i.c.refreshClient(ctx); err != nil {
+			return nil, fmt.Errorf("error refreshing client connection: %w", err)
+		}
+
 		for _, ip := range nodeIPs {
 			meta, err = i.c.getNodeMetadata(ctx, ip)
 			if err == nil {