talos/website/content/docs/v0.15/Guides/editing-machine-configuration.md

---
title: "Editing Machine Configuration"
description: "How to edit and patch Talos machine configuration, with reboot, immediately, or stage update on reboot."
---

Talos node state is fully defined by [machine configuration](../../reference/configuration/).
Initial configuration is delivered to the node at bootstrap time, but configuration can be updated while the node is running.

> Note: Be sure that config is persisted so that configuration updates are not overwritten on reboots.
> Configuration persistence was enabled by default since Talos 0.5 (`persist: true` in machine configuration).

There are three `talosctl` commands which facilitate machine configuration updates:

* `talosctl apply-config` to apply configuration from the file
* `talosctl edit machineconfig` to launch an editor with existing node configuration, make changes and apply configuration back
* `talosctl patch machineconfig` to apply automated machine configuration via JSON patch

Each of these commands can operate in one of four modes:

* apply change in automatic mode(default): reboot if the change can't be applied without a reboot, otherwise apply the change immediately
* apply change with a reboot (`--mode=reboot`): update configuration, reboot Talos node to apply configuration change
* apply change immediately (`--mode=no-reboot` flag): change is applied immediately without a reboot, fails if the change contains any fields that can not be updated without a reboot
* apply change on next reboot (`--mode=staged`): change is staged to be applied after a reboot, but node is not rebooted
* apply change in the interactive mode (`--mode=interactive`; only for `talosctl apply-config`): launches TUI based interactive installer

> Note: applying change on next reboot (`--mode=staged`) doesn't modify current node configuration, so next call to
> `talosctl edit machineconfig --mode=staged` will not see changes

The list of config changes allowed to be applied immediately in talos v0.15:

* `.debug`
* `.cluster`
* `.machine.time`
* `.machine.certCANs`
* `.machine.install` (configuration is only applied during install/upgrade)
* `.machine.network`
* `.machine.sysctls`
* `.machine.logging`
* `.machine.controlplane`
* `.machine.kubelet`
* `.machine.pods`
* `.machine.kernel`
* `.machine.registries` (CRI containerd plugin will not pick up the registry authentication settings without a reboot)

### `talosctl apply-config`

This command is mostly used to submit initial machine configuration to the node (generated by `talosctl gen config`).
It can be used to apply new configuration from the file to the running node as well, but most of the time it's not convenient, as it doesn't operate on the current node machine configuration.

Example:

```bash
talosctl -n <IP> apply-config -f config.yaml
```

Command `apply-config` can also be invoked as `apply machineconfig`:

```bash
talosctl -n <IP> apply machineconfig -f config.yaml
```

Applying machine configuration immediately (without a reboot):

```bash
talosctl -n IP apply machineconfig -f config.yaml --mode=no-reboot
```

Starting the interactive installer:

```bash
talosctl -n IP apply machineconfig --mode=interactive
```

> Note: when a Talos node is running in the maintenance mode it's necessary to provide `--insecure (-i)` flag to connect to the API and apply the config.

### `taloctl edit machineconfig`

Command `talosctl edit` loads current machine configuration from the node and launches configured editor to modify the config.
If config hasn't been changed in the editor (or if updated config is empty), update is not applied.

> Note: Talos uses environment variables `TALOS_EDITOR`, `EDITOR` to pick up the editor preference.
> If environment variables are missing, `vi` editor is used by default.

Example:

```bash
talosctl -n <IP> edit machineconfig
```

Configuration can be edited for multiple nodes if multiple IP addresses are specified:

```bash
talosctl -n <IP1>,<IP2>,... edit machineconfig
```

Applying machine configuration change immediately (without a reboot):

```bash
talosctl -n <IP> edit machineconfig --mode=no-reboot
```

### `talosctl patch machineconfig`

Command `talosctl patch` works similar to `talosctl edit` command - it loads current machine configuration, but instead of launching configured editor it applies a set of [JSON patches](http://jsonpatch.com/) to the configuration and writes the result back to the node.

Example, updating kubelet version (in auto mode):

```bash
$ talosctl -n <IP> patch machineconfig -p '[{"op": "replace", "path": "/machine/kubelet/image", "value": "ghcr.io/talos-systems/kubelet:v1.20.5"}]'
patched mc at the node <IP>
```

Updating kube-apiserver version in immediate mode (without a reboot):

```bash
$ talosctl -n <IP> patch machineconfig --mode=no-reboot -p '[{"op": "replace", "path": "/cluster/apiServer/image", "value": "k8s.gcr.io/kube-apiserver:v1.20.5"}]'
patched mc at the node <IP>
```

A patch might be applied to multiple nodes when multiple IPs are specified:

```bash
talosctl -n <IP1>,<IP2>,... patch machineconfig -p '[{...}]'
```

Patches can also be sourced from files using `@file` syntax:

```bash
talosctl -n <IP> patch machineconfig -p @kubelet-patch.json -p @manifest-patch.json
```

It might be easier to store patches in YAML format vs. the default JSON format.
Talos can detect file format automatically:

```yaml
# kubelet-patch.yaml
- op: replace
  path: /machine/kubelet/image
  value: ghcr.io/talos-systems/kubelet:v1.23.3
```

```bash
talosctl -n <IP> patch machineconfig -p @kubelet-patch.yaml
```

### Recovering from Node Boot Failures

If a Talos node fails to boot because of wrong configuration (for example, control plane endpoint is incorrect), configuration can be updated to fix the issue.