Talos machine config generated before VM IP assignment (KubeVirt + CABPT) #16
Description
I'm encountering an issue when using Cluster API with KubeVirt and Talos via CABPT. The problem seems that the talos config is generated before the Kubevirt VM ip assigned and couldn't bootstrap
# Extracted talosconfig from CAPI Secret:
k get secrets talos-talosconfig -o jsonpath='{.data.talosconfig}' | base64 -d > talosconfig
cat talosconfig
context: talos
contexts:
talos:
endpoints:
- 172.16.16.221
- 172.16.16.221
- 172.16.16.223
- 172.16.16.223
ca: <hidden>
crt: <hidden>
key: <hidden>
# Attempting to connect:
talosctl --talosconfig=talosconfig -n 172.16.16.223 services
🔴 Error:
rpc error: code = Unavailable desc = connection error: desc = "transport: authentication handshake failed: tls: failed to verify certificate: x509: certificate is valid for 10.0.2.2, 127.0.0.1, ::1, not 172.16.16.221"The Talos machine certificate was generated when the VM only had its default interface IPs (127.0.0.1, 10.0.2.2) but not the final KubeVirt-assigned IP (e.g., 172.16.16.221 or 172.16.16.223).