Skip to content

talosctl upgrade-k8s ignores machine/kubelet/clusterDNS configuration #12618

New issue
New issue
Open
Open
talosctl upgrade-k8s ignores machine/kubelet/clusterDNS configuration#12618
@tlemarchand

Description

@tlemarchand
tlemarchand
opened on Jan 17, 2026

Bug Report

Description

I had to change my kube-dns service IP. I've updated my cluster configuration files to reflect the change, so my cluster is in functional, pods can resolve names.

version: v1alpha1 # Indicates the schema used to decode the contents.
debug: false # Enable verbose logging to the console.
persist: true
# Provides machine specific configuration options.
machine:
    kubelet:
        # # The `ClusterDNS` field is an optional reference to an alternative kubelet clusterDNS ip list.
        clusterDNS:
            - 10.96.0.42

However I cannot upgrade my kubernetes cluster anymore, because upgrade-k8s tries to rewrite my kube-dns service to old values :

talosctl --nodes controlplane01 upgrade-k8s --to v1.34.3 --dry-run

[...]

 < dry run, change skipped
1 error(s) occurred:
        Service "kube-dns" is invalid: spec.clusterIPs[0]: Invalid value: []string{"10.96.0.10", "fd00::a"}: may not change once set

I believe it's caused by this function :

talos/pkg/machinery/config/types/v1alpha1/v1alpha1_clusterconfig.go

Line 264 in 150c41c

return sideronet.NthIPInCIDRSet(serviceCIDRs, 10)

In my opinion, the machine/kubelet configuration, if it exists, should be used to generate kube-dns service. This way any service IP could be used for kube-dns and upgrade would still be possible.

Logs

Environment

  • Talos version: v1.11.6
  • Kubernetes version: v1.33.4
  • Platform: "bare metal" (actually VMs in Proxmox)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions