1. Using a dict instead of set in proxmox_virtual_environment_download_file to maintain consistant order and avoid destroying and recreating resource.

2. Pointing the update_schematic to existing file and added a comment. 3. Reverted to using http api for getting schematic id. 4. Left the official provider code intact and added a comment. 5. Fixed a typo in cert generation comment Signed-off-by: Karteek <120569182+karteekiitg@users.noreply.github.com>
2025-10-31 01:47:53 +00:00 · 2025-02-23 01:02:30 +05:30
parent 25cfa2bbb6
commit dee7911259
3 changed files with 42 additions and 7 deletions
--- a/tofu/kubernetes/main.tf
+++ b/tofu/kubernetes/main.tf
@@ -9,6 +9,8 @@ module "talos" {
    version = "v1.9.2"
    update_version = "v1.9.3" # renovate: github-releases=siderolabs/talos
    schematic = file("${path.module}/talos/image/schematic.yaml")
+    # Point this to a new schematic file to update the schematic
+    update_schematic = file("${path.module}/talos/image/schematic.yaml")
  }

  cilium = {
@@ -77,7 +79,7 @@ module "sealed_secrets" {
    kubernetes = kubernetes
  }

-  // openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout sealed-secrets.key -out sealed-secrets.cert -subj "/CN=sealed-secret/O=sealed-secret"
+  // openssl req -x509 -days 365 -nodes -newkey rsa:4096 -keyout sealed-secrets.key -out sealed-secrets.crt -subj "/CN=sealed-secret/O=sealed-secret"
  cert = {
    cert = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.crt")
    key = file("${path.module}/bootstrap/sealed-secrets/certificate/sealed-secrets.key")
--- a/tofu/kubernetes/talos/image.tf
+++ b/tofu/kubernetes/talos/image.tf
@@ -1,11 +1,33 @@
 locals {
  version = var.image.version
  schematic = var.image.schematic
-  image_id = "${talos_image_factory_schematic.this.id}_${local.version}"
+  schematic_id = jsondecode(data.http.schematic_id.response_body)["id"]

  update_version = coalesce(var.image.update_version, var.image.version)
  update_schematic = coalesce(var.image.update_schematic, var.image.schematic)
-  update_image_id = "${talos_image_factory_schematic.updated.id}_${local.update_version}"
+  update_schematic_id = jsondecode(data.http.updated_schematic_id.response_body)["id"]
+
+  image_id = "${local.schematic_id}_${local.version}"
+  update_image_id = "${local.update_schematic_id}_${local.update_version}"
+
+  # Comment the above 2 lines and un-comment the below 2 lines to use the provider schematic ID instead of the HTTP one
+  # ref - https://github.com/vehagn/homelab/issues/106
+  # image_id = "${talos_image_factory_schematic.this.id}_${local.version}"
+  # update_image_id = "${talos_image_factory_schematic.updated.id}_${local.update_version}"
+
+
+}
+
+data "http" "schematic_id" {
+  url          = "${var.image.factory_url}/schematics"
+  method       = "POST"
+  request_body = local.schematic
+}
+
+data "http" "updated_schematic_id" {
+  url          = "${var.image.factory_url}/schematics"
+  method       = "POST"
+  request_body = local.update_schematic
 }

 resource "talos_image_factory_schematic" "this" {
@@ -17,14 +39,21 @@ resource "talos_image_factory_schematic" "updated" {
 }

 resource "proxmox_virtual_environment_download_file" "this" {
-  for_each = toset(distinct([for k, v in var.nodes : "${v.host_node}_${v.update == true ? local.update_image_id : local.image_id}"]))
+  for_each = {
+    for k, v in var.nodes :
+    "${v.host_node}_${v.update == true ? local.update_image_id : local.image_id}" => {
+      host_node = v.host_node
+      version   = v.update == true ? local.update_version : local.version
+      schematic = v.update == true ? talos_image_factory_schematic.updated.id : talos_image_factory_schematic.this.id
+    }
+  }

-  node_name    = split("_", each.key)[0]
+  node_name    = each.value.host_node
  content_type = "iso"
  datastore_id = var.image.proxmox_datastore

-  file_name               = "talos-${split("_",each.key)[1]}-${split("_", each.key)[2]}-${var.image.platform}-${var.image.arch}.img"
-  url = "${var.image.factory_url}/image/${split("_", each.key)[1]}/${split("_", each.key)[2]}/${var.image.platform}-${var.image.arch}.raw.gz"
+  file_name               = "talos-${each.value.schematic}-${each.value.version}-${var.image.platform}-${var.image.arch}.img"
+  url                     = "${var.image.factory_url}/image/${each.value.schematic}/${each.value.version}/${var.image.platform}-${var.image.arch}.raw.gz"
  decompression_algorithm = "gz"
  overwrite               = false
 }
--- a/tofu/kubernetes/talos/providers.tf
+++ b/tofu/kubernetes/talos/providers.tf
@@ -8,5 +8,9 @@ terraform {
      source  = "siderolabs/talos"
      version = ">=0.6.0"
    }
+    http = {
+      source  = "hashicorp/http"
+      version = ">=3.4.5"
+    }
  }
 }