Hey everyone! I'm currently managing a Kubernetes cluster on Talos using Terraform, and I've got a question about updates. How do you handle updating your Kubernetes version? Should I just upgrade the Talos image when there's a new Kubernetes release, or do I need to update the version within Talos and Kubernetes themselves?
If I'm maintaining my Talos cluster's infrastructure as code (IaC) through Terraform, should I be applying updates directly via Terraform with a new version? It seems to me that might not be the best approach. I feel like I should follow the Talos documentation and use talosctl for the actual updates, and only change the version in Terraform afterward. Looking forward to hearing your thoughts!
5 Answers
Using talosctl is the way to go since it performs important checks that the Terraform provider might miss. After you've done the update with talosctl, then you can go ahead and update your Terraform configuration.
I found this for you – check out the Talos lifecycle management docs, especially the upgrading section. It has all the steps you need: https://docs.siderolabs.com/talos/v1.8/configure-your-talos-cluster/lifecycle-management/upgrading-talos
Just a heads-up, the Terraform provider doesn’t actually support updating Talos, so it's better to manage OS updates through talosctl. Terraform should be used for defining the infrastructure, not for performing the upgrades.
Definitely follow the prescribed upgrade paths in the documentation. For instance, if you're upgrading from version 1.0.0 to 1.2.4, you should upgrade to the latest patch of the current version first, then step through the minor versions. This ensures a smoother upgrade process!
You don't update Kubernetes separately in Talos. Talos manages the whole setup together, so when you upgrade, you're upgrading everything as a unit. The best practice is to update your Talos MachineConfig with the new image version, run `talosctl upgrade` to rollout the update safely across your control plane, and only after confirming everything is stable, update your Terraform to reflect the new version. Avoid using Terraform to drive the upgrade as it might recreate nodes instead of performing a rolling update.
That sounds rough! I’ve had similar issues with drift in Terraform, especially when I refactor modules. It might be worth looking into state management tools or workflows that can help align manual changes back into your Terraform setup.
Yeah, I feel your pain. Terraform seems great for initial setup, but trying to manage upgrades with it can turn into a headache. My coworker insists on it for everything, but sometimes you really need to just handle upgrades the manual way!