fix(charts,commands): skip empty bond config and honor --endpoints in init

[lexfrei]

What

Two operator-visible bugs in the talm init / multidoc-render flow.

Empty-slaves bond emits invalid BondConfig

Both the cozystack and generic presets unconditionally rendered BondConfig{name: bond0, links: <empty>, bondMode: ...} for any discovered link with spec.kind == "bond". Talos's link controller can auto-create a bond stub in COSI link state before any operator configuration enslaves physical NICs to it — the master link carries a bondMaster spec but no other link has slaveKind: bond + masterIndex pointing at it. Under those conditions the rendered document fails Talos validation with BondConfig/bond0: at least one link must be specified.

Fix: skip the BondConfig document when talm.discovered.bond_slaves returns an empty list. A discovered bond without enslaved links is a stub, not a user-configured bond. An operator who intends a bond declares its slaves via a per-node body overlay.

Pattern mirrors the existing fail-fast guardrail for VLAN-without-parent in the same files; chose skip over fail-fast because the operator does not control the Talos-side stub creation, so forcing them to declare the bond explicitly would be a usability regression.

talm init --endpoints X silently writes 127.0.0.1 to talosconfig

The assignment site at pkg/commands/init.go:598 hardcoded defaultLocalEndpoint, discarding the operator's --endpoints flag. Fix: extract resolveTalosconfigEndpoints: when GlobalArgs.Endpoints is non-empty, propagate; otherwise fall back to the loopback placeholder. Helper returns a defensive copy so callers mutating the talosconfig field do not alias the operator-visible GlobalArgs.Endpoints across init invocations.

Tests

• TestContract_NetworkMultidoc_BondWithoutSlaves_SkipsBondConfig (NEW) — pins the cozystack-side bond-skip contract. Asserts kind: BondConfig and name: bond0 absent when slaves is empty, AND that the non-enslaved physical link still emits as a LinkConfig (positive-shape pin against a guard that accidentally swallows all link emission).
• TestContract_NetworkMultidoc_BondWithoutSlaves_SkipsBondConfig_Generic (NEW) — counterpart for the generic preset.
• TestResolveTalosconfigEndpoints_{GlobalNonEmpty_UsesGlobal, GlobalEmpty_UsesLoopbackFallback, ReturnsCopy, MultipleEndpoints} (NEW) — pin the helper's four behaviour axes.
• emptyBondTopologyLookup fixture mirrors bondTopologyLookup but drops eth0/eth1 enslavement so talm.discovered.bond_slaves returns an empty list.
• Existing TestContract_NetworkMultidoc_BondRendersBondConfig and _BondSlavesNotEmittedAsLinkConfig keep passing — slaves-present case unaffected.

Local CI: go test ./... clean, golangci-lint run ./... 0 issues, GOOS=windows go vet ./... clean.

Scope

Covers both multidoc (v1.12+) presets — cozystack and generic. The legacy v1.11 nested form lives in charts/talm/templates/_helpers.tpl::talm.discovered.bond_config and exhibits the same empty-slaves shape; deliberately out of scope here because the multidoc presets are where the reported reproductions live and the legacy path has different downstream test coverage. Track as a follow-up if 1.11 operators hit this shape.

[coderabbitai]

Warning

Rate limit exceeded

@lexfrei has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 4 minutes and 37 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: c54328b0-586e-4045-bec3-2c6988aa5d38

📥 Commits

Reviewing files that changed from the base of the PR and between d3c602c and 44c6520.

📒 Files selected for processing (6)

• charts/cozystack/templates/_helpers.tpl
• charts/generic/templates/_helpers.tpl
• pkg/commands/init.go
• pkg/commands/init_test.go
• pkg/engine/contract_network_multidoc_test.go
• pkg/engine/render_test.go

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/bond-empty-slaves-skip

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request prevents the emission of BondConfig documents for bond interfaces that have no enslaved links. This change addresses an issue where Talos 1.13 auto-creates bond stubs, which, if rendered as empty BondConfig documents, are rejected by Talos. The PR includes a template update in _helpers.tpl to skip empty bonds and adds a regression test with a corresponding mock topology. I have no feedback to provide as there were no review comments.