From bc53ba90689fb66c0943ce4743dab478084a6fd0 Mon Sep 17 00:00:00 2001
From: Max Pfeiffer <max@maxpfeiffer.ch>
Date: Thu, 6 Nov 2025 15:34:18 +0100
Subject: [PATCH] Updated talos, cilium and terraform providers

---
 kubernetes/.terraform.lock.hcl            | 42 +++++-----------
 kubernetes/providers.tf                   |  2 +-
 proxmox/.terraform.lock.hcl               | 59 +++++++++++------------
 proxmox/configuration.auto.tfvars.example | 21 ++++----
 proxmox/helm_templates.tf                 | 16 +++++-
 proxmox/providers.tf                      |  4 +-
 proxmox/variables.tf                      | 12 ++---
 7 files changed, 76 insertions(+), 80 deletions(-)

diff --git a/kubernetes/.terraform.lock.hcl b/kubernetes/.terraform.lock.hcl
index c9b3173..bbe9ff1 100644
--- a/kubernetes/.terraform.lock.hcl
+++ b/kubernetes/.terraform.lock.hcl
@@ -2,36 +2,18 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/hashicorp/helm" {
-  version     = "3.0.2"
-  constraints = "3.0.2"
+  version     = "3.1.0"
+  constraints = "3.1.0"
   hashes = [
-    "h1:GMW0C0TkkYmURt4OZIlwcLdvREL08PDbsSn5sfH4/TU=",
-    "zh:100f75a700074568cfaee7884e4477c50b5468e086db5bb95d7d519581b65621",
-    "zh:578d09c7319d0dd0fee03a7fcb48bf68ac978c1fefaa0752cfcb9ecfb0a56a4e",
-    "zh:64e7cce303362b4bf132d1c61858ef0ada221af4a2ea0fdfd16ec43e562d459c",
-    "zh:7a64933e70733aeec44bf9b9b6ea3617fd075acb346b082197ded993cfa7d2be",
-    "zh:7caf4655a5bf72e6d212209ad5ea5c619269eca6e0d9930c85b59bbbdf57ce28",
-    "zh:a1e0208423445e2443516e52a4d72c556b1303705c90aaeb139fbb64a10d7c1c",
-    "zh:ac9e4417e9e0486bc60f6796da06356b59161c9923c56a7a5c9b4900a46ee52d",
-    "zh:b9588da386c17456b242bd18122836baeccdce3227aac4752e189ec9ad218da7",
-    "zh:d5b6ac3b0b6beb3d94886f45a5a96eb6d78ca2b657efd62b8e0650d8097ee60f",
-    "zh:db6761e7cf86825f13628e8f4e32818683efff61b0d909211e1096cc6ad84f83",
-  ]
-}
-
-provider "registry.opentofu.org/opentofu/kubernetes" {
-  version = "2.32.0"
-  hashes = [
-    "h1:eQbVYFjsq9QjAeYvmRAXy7EOjvY8MO7XFV1vCsDD6ds=",
-    "zh:06d586c8fcd3ab8fe7f3ac99142ba48b9efbff8bebe05c52b3c7997f83146200",
-    "zh:12ce862493717118a6bf68328448d09023a60344da25633e124423cdd734263e",
-    "zh:33ee1cda5db58fd26576ba6be715282af30e04d25b38fd6752810fd206bc6422",
-    "zh:8f4e13c726a5fb84244eff7740b20678e7fb2d5df6ebc759101d4c58fb069112",
-    "zh:8fe15d350b5a018f535a93fa054bf4d05377a69f3b1e5cabe8c73d059a4b70cb",
-    "zh:953fc8c8a92ff0defafd22ee0aec12d483d7b80685de6838e513d4de7170a651",
-    "zh:a1ad6197105f9cda73c39f3b69dd688ec22708c736de05c03516561a88f4bbfc",
-    "zh:c1d60898c269f42ece0b3672901001ba26338c865f83a39b116c0d6c0cd8dbc1",
-    "zh:d26fcff2fda9421d9129fd407696481ecd2714ae3316e81ff977e2e40de068e5",
-    "zh:dc616b73095755245f211af0989bfcf2f76b43196bf7f8982183e4e3b1c3f6f6",
+    "h1:vORgIBuTBOxVX2zePdQkvOiiQYjVLIKVS22KmJRDxoU=",
+    "zh:06a22880bb89397d0a99a66e887e1e3b80868ff000bceddf1454e8272b17dc2c",
+    "zh:3c50a2b50911a0ff165532b11105b09537402c752c138902882264b58c0ac8be",
+    "zh:516c64e23146d2ed4c033d33064ae79c7e29cd47ec18a71ef2158b009f7d7748",
+    "zh:84aed195b24cc9c32f7e387b1fc40d1f4ac67ab6ab32d84e4eeeca2b0c20b851",
+    "zh:b87f6146284dc745b32b9612583ed9ebd9488e932ca2c210afb29a351be2dfec",
+    "zh:cbba392b7e9ec83299e37999c779f744ef4ca8b4abe0ba19e5feaadf2aee6580",
+    "zh:dd82576699bca89f503b9d1328e0194fb24cf7e99194df98844e8cc127dfc45f",
+    "zh:e78fa0476d67623c252672e01b81192c7df07c1416433136f4f82ce451d533ce",
+    "zh:eac219620b2abfe12a4b392f75d90bcb209d9734c8c6f63917f808881ec6ce30",
   ]
 }
diff --git a/kubernetes/providers.tf b/kubernetes/providers.tf
index bb3142e..c68b805 100644
--- a/kubernetes/providers.tf
+++ b/kubernetes/providers.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     helm = {
       source  = "hashicorp/helm"
-      version = "3.0.2"
+      version = "3.1.0"
     }
   }
 }
diff --git a/proxmox/.terraform.lock.hcl b/proxmox/.terraform.lock.hcl
index db98dd7..ef14fc9 100644
--- a/proxmox/.terraform.lock.hcl
+++ b/proxmox/.terraform.lock.hcl
@@ -2,20 +2,19 @@
 # Manual edits may be lost in future updates.
 
 provider "registry.opentofu.org/hashicorp/helm" {
-  version     = "3.0.2"
-  constraints = "3.0.2"
+  version     = "3.1.0"
+  constraints = "3.1.0"
   hashes = [
-    "h1:GMW0C0TkkYmURt4OZIlwcLdvREL08PDbsSn5sfH4/TU=",
-    "zh:100f75a700074568cfaee7884e4477c50b5468e086db5bb95d7d519581b65621",
-    "zh:578d09c7319d0dd0fee03a7fcb48bf68ac978c1fefaa0752cfcb9ecfb0a56a4e",
-    "zh:64e7cce303362b4bf132d1c61858ef0ada221af4a2ea0fdfd16ec43e562d459c",
-    "zh:7a64933e70733aeec44bf9b9b6ea3617fd075acb346b082197ded993cfa7d2be",
-    "zh:7caf4655a5bf72e6d212209ad5ea5c619269eca6e0d9930c85b59bbbdf57ce28",
-    "zh:a1e0208423445e2443516e52a4d72c556b1303705c90aaeb139fbb64a10d7c1c",
-    "zh:ac9e4417e9e0486bc60f6796da06356b59161c9923c56a7a5c9b4900a46ee52d",
-    "zh:b9588da386c17456b242bd18122836baeccdce3227aac4752e189ec9ad218da7",
-    "zh:d5b6ac3b0b6beb3d94886f45a5a96eb6d78ca2b657efd62b8e0650d8097ee60f",
-    "zh:db6761e7cf86825f13628e8f4e32818683efff61b0d909211e1096cc6ad84f83",
+    "h1:vORgIBuTBOxVX2zePdQkvOiiQYjVLIKVS22KmJRDxoU=",
+    "zh:06a22880bb89397d0a99a66e887e1e3b80868ff000bceddf1454e8272b17dc2c",
+    "zh:3c50a2b50911a0ff165532b11105b09537402c752c138902882264b58c0ac8be",
+    "zh:516c64e23146d2ed4c033d33064ae79c7e29cd47ec18a71ef2158b009f7d7748",
+    "zh:84aed195b24cc9c32f7e387b1fc40d1f4ac67ab6ab32d84e4eeeca2b0c20b851",
+    "zh:b87f6146284dc745b32b9612583ed9ebd9488e932ca2c210afb29a351be2dfec",
+    "zh:cbba392b7e9ec83299e37999c779f744ef4ca8b4abe0ba19e5feaadf2aee6580",
+    "zh:dd82576699bca89f503b9d1328e0194fb24cf7e99194df98844e8cc127dfc45f",
+    "zh:e78fa0476d67623c252672e01b81192c7df07c1416433136f4f82ce451d533ce",
+    "zh:eac219620b2abfe12a4b392f75d90bcb209d9734c8c6f63917f808881ec6ce30",
   ]
 }
 
@@ -43,23 +42,23 @@ provider "registry.opentofu.org/siderolabs/talos" {
 }
 
 provider "registry.opentofu.org/telmate/proxmox" {
-  version     = "3.0.2-rc04"
-  constraints = "3.0.2-rc04"
+  version     = "3.0.2-rc05"
+  constraints = "3.0.2-rc05"
   hashes = [
-    "h1:ZPr93UUVOw1aCqsODLXsqNQ9Lq/WafX5jgCCLxKBHl4=",
-    "zh:00586a3e02061734f5ff4c309696ec1bbd6e00a7ed1281c44626f02929417f6e",
-    "zh:05af12aababd0a67a95309a803123f3c238b16ecdb73dc59c8d9c3d4a0b691c5",
-    "zh:4b6457bd0138f5c66c8b7043bdbffe3b8abcce2383293d77f653dbd77d14428f",
-    "zh:7b1b6e76d6b03c7829b8dadeb30de236782be314f5146d9f29ee12bd01961d7a",
-    "zh:87c21e0a8244b73c62ad3221773ec1c72fb918e0025b0664183a8ad8bebeb5bc",
-    "zh:954997c550285dfc167977683b97b045dd62923c251fad32c4ca81b564c2005f",
-    "zh:98781ef0199877580256e9f9a7f0666107f76af23f54f67d6392a66a6f5001b5",
-    "zh:9fc4dbd1752e2b9125223be2dd25597c0e6d534aa784c4829af3c3e3e58eb973",
-    "zh:a3f672019aee2d45c202668b95c48113e3c50001b740bd48956738ad1418c6b7",
-    "zh:a539852a4034132442e6dc6f644444994d83b0dc7a4d30bbe6464de420cfdf2d",
-    "zh:aade0b50a559a1da683c49ec8527e5e66b12ed42d4b1f10e69b25cbbf6c67805",
-    "zh:bdb7c2b78cfe039247948fa75fad49f871f8a8bb9b969aec4c45a24edc80ab0f",
-    "zh:c16209a6748f87a379a5a3132ca4f471a4807bd478664499593e09433ba39b7b",
-    "zh:cb015fb4a0a50d151c35c6a3505cdf7a337edd0b65eba82a43c8142c523adfb8",
+    "h1:PG5/Mu1UUP6/WIdtytJKZ8NxQJg8OIGygFwJOoPdmZw=",
+    "zh:042d748367f33aaf440698644be4f2a2875f9db31915c1ef84616f176fc6174f",
+    "zh:1488781da1920d60d933c8ce926c34b5e989ffae58e3fbe437973d2b1d2faafc",
+    "zh:283dd6f74627f1d1d75d616b31f8ced3f97fd5277a07c9535e85cfa765d7a321",
+    "zh:378f1c2da21aeea083ac2e632db274a02c7a01e2486a40d3c813d05a21142db3",
+    "zh:38d63d0961f8c32273392caaace30f50cff8ab06e5dda17f67a8827ebffeba98",
+    "zh:52159782df101ec98f20faff81e8f2d9d92cb4ec903314fcddcc57ec16cdaacb",
+    "zh:6ca47b90c66b1d2706cb3cbb05da8b3f90a202c4865010202b2962e2b64d217e",
+    "zh:6e7b85cb2380e4dc0be694dd0e4a24927f7f66df41960eca3cfe907443d4f0b9",
+    "zh:758775f733673ab5c196db6a33648458037746f94d4bef7ce148cb01474efe2d",
+    "zh:7c31a3ca6d52db39da2bdd60be37af71d59d808fc206de50fe661535ea436da3",
+    "zh:af16984350a2f4d77c21f66a479007801e2527543310567c99cd82eb421e249e",
+    "zh:c1f965d3f96cf3f87af2c12ab9d4bde42f8ef660f8dc34ba3cfc9b20435a7269",
+    "zh:c2b9022a31103919a5ffbac6ee8d7feb6c4f5f580c1766f769569c2e8e4ce7f1",
+    "zh:e90162c42f1237323291e3d0de0c62701b3f89350fae18246da06702f41a6123",
   ]
 }
diff --git a/proxmox/configuration.auto.tfvars.example b/proxmox/configuration.auto.tfvars.example
index 7660228..244d1c8 100644
--- a/proxmox/configuration.auto.tfvars.example
+++ b/proxmox/configuration.auto.tfvars.example
@@ -8,10 +8,11 @@ proxmox_storage_device   = "samsung-ssd"
 # Talos Linux
 # Talos version needs to correspond to the install_image version in node_data
 # See: https://github.com/siderolabs/terraform-provider-talos/blob/main/docs/data-sources/machine_configuration.md
-talos_version = "1.11.1"
+talos_version                  = "1.11.4"
+kubernetes_version             = "1.34.1"
 # With these variables you can configure the ISO images which are uploaded to Proxmox for initially booting the VMs
-talos_linux_iso_image_url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso"
-talos_linux_iso_image_filename = "talos-linux-v1.11.1-qemu-guest-agent-amd64.iso"
+talos_linux_iso_image_url = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.4/nocloud-amd64.iso"
+talos_linux_iso_image_filename = "talos-linux-v1.11.4-qemu-guest-agent-amd64.iso"
 # Name of the cluster
 cluster_name = "your cluster name"
 # VIP address for the control planes, see https://www.talos.dev/v1.11/talos-guides/network/vip/
@@ -21,33 +22,33 @@ node_data = {
     controlplanes = {
       "192.168.10.101" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
       "192.168.10.102" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
       "192.168.10.103" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
     }
     workers = {
       "192.168.10.104" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
       "192.168.10.105" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
       "192.168.10.106" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
       "192.168.10.107" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
     }
   }
diff --git a/proxmox/helm_templates.tf b/proxmox/helm_templates.tf
index cbc5cc9..df16f35 100644
--- a/proxmox/helm_templates.tf
+++ b/proxmox/helm_templates.tf
@@ -3,7 +3,7 @@ data "helm_template" "cilium" {
   namespace    = "kube-system"
   repository   = "https://helm.cilium.io"
   chart        = "cilium"
-  version      = "1.18.1"
+  version      = "1.18.3"
   kube_version = var.kubernetes_version
   set = [
     {
@@ -62,6 +62,20 @@ data "helm_template" "cilium" {
       name  = "ingressController.loadbalancerMode"
       value = "dedicated"
     },
+    # Gateway API
+    # See: https://docs.cilium.io/en/stable/network/servicemesh/gateway-api/gateway-api/
+    {
+      name  = "gatewayAPI.enabled"
+      value = "true"
+    },
+    {
+      name  = "gatewayAPI.enableAlpn"
+      value = "true"
+    },
+    {
+      name  = "ggatewayAPI.enableAppProtocol"
+      value = "true"
+    },
     # Egress Gateway
     # See: https://docs.cilium.io/en/stable/network/egress-gateway/egress-gateway/
     {
diff --git a/proxmox/providers.tf b/proxmox/providers.tf
index a50e3e0..d21a196 100644
--- a/proxmox/providers.tf
+++ b/proxmox/providers.tf
@@ -2,7 +2,7 @@ terraform {
   required_providers {
     proxmox = {
       source  = "telmate/proxmox"
-      version = "3.0.2-rc04"
+      version = "3.0.2-rc05"
     }
     talos = {
       source  = "siderolabs/talos"
@@ -10,7 +10,7 @@ terraform {
     }
     helm = {
       source  = "hashicorp/helm"
-      version = "3.0.2"
+      version = "3.1.0"
     }
   }
 }
diff --git a/proxmox/variables.tf b/proxmox/variables.tf
index 86d9e65..b962ee9 100644
--- a/proxmox/variables.tf
+++ b/proxmox/variables.tf
@@ -22,24 +22,24 @@ variable "proxmox_storage_device" {
 
 variable "talos_version" {
   type    = string
-  default = "1.11.1"
+  default = "1.11.4"
 }
 
 variable "kubernetes_version" {
   type    = string
-  default = "1.34.0"
+  default = "1.34.1"
 }
 
 variable "talos_linux_iso_image_url" {
   description = "URL of the Talos ISO image for initially booting the VM"
   type        = string
-  default     = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.1/nocloud-amd64.iso"
+  default     = "https://factory.talos.dev/image/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515/v1.11.4/nocloud-amd64.iso"
 }
 
 variable "talos_linux_iso_image_filename" {
   description = "Filename of the Talos ISO image for initially booting the VM"
   type        = string
-  default     = "talos-linux-v1.11.1-qemu-guest-agent-amd64.iso"
+  default     = "talos-linux-v1.11.4-qemu-guest-agent-amd64.iso"
 }
 
 variable "cluster_name" {
@@ -72,13 +72,13 @@ variable "node_data" {
     controlplanes = {
       "192.168.1.101" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
     }
     workers = {
       "192.168.1.102" = {
         install_disk  = "/dev/vda"
-        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.1"
+        install_image = "factory.talos.dev/nocloud-installer/ce4c980550dd2ab1b17bbf2b08801c7eb59418eafe8f279833297925d67c7515:v1.11.4"
       },
     }
   }