2 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
3 kind: KubeadmConfigTemplate
5 name: {{ .Values.clusterName }}-workers
12 node-labels: metal3.io/uuid={{ "{{" }} ds.meta_data.uuid {{ "}}" }}
13 cpu-manager-policy: static
14 topology-manager-policy: best-effort
15 kube-reserved: cpu=100m,memory=256Mi
16 name: '{{ "{{" }} ds.meta_data.name {{ "}}" }}'
18 {{- if .Values.preKubeadmCommands }}
19 {{ toYaml .Values.preKubeadmCommands | indent 6 }}
21 {{- if .Values.networks }}
22 # Without touching up /etc/hosts, kubeadm may pick the wrong
23 # (i.e. provisioning network) address for the node IP
24 - sed -i "1i $(ip -4 addr show dev {{ .Values.networks.baremetal.interface }} | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -1) $(hostname)" /etc/hosts
26 - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
27 - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
28 - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
29 - add-apt-repository "deb https://apt.kubernetes.io/ kubernetes-xenial main"
31 - apt-get install -y ca-certificates
32 - /usr/local/bin/install-container-runtime.sh
33 - apt-get install -y kubelet={{ .Values.kubeVersion }} kubeadm={{ .Values.kubeVersion }} kubectl={{ .Values.kubeVersion }}
34 - systemctl enable --now kubelet
36 - /usr/local/bin/harden_os.sh
37 # This must be done after kubeadm as the cabpk provider relies
38 # on files in /var/run, which won't persist after a reboot
39 - /usr/local/bin/set_kernel_cmdline.sh
41 {{ include "cluster.containerRuntime" .Values | indent 6 }}
42 - path: /etc/systemd/system/containerd.service.d/override.conf
44 {{ $.Files.Get "resources/override.conf" | indent 10 }}
45 - path: /usr/local/bin/harden_os.sh
48 {{ $.Files.Get "resources/harden_os.sh" | indent 10 }}
49 - path: /usr/local/bin/set_kernel_cmdline.sh
52 {{ $.Files.Get "resources/set_kernel_cmdline.sh" | indent 10 }}
53 {{- if eq .Values.cni "calico" }}
54 - path: /etc/NetworkManager/conf.d/calico.conf
56 {{ $.Files.Get "resources/calico.conf" | indent 10 }}
58 {{- if .Values.userData }}
60 - name: {{ .Values.userData.name }}
62 lockPassword: False # Necessary to allow password login
63 passwd: {{ .Values.userData.hashedPassword }}
65 - {{ .Values.userData.sshAuthorizedKey }}
66 sudo: "ALL=(ALL) NOPASSWD:ALL"
67 groups: sudo # Necessary to allow SSH logins (see /etc/ssh/sshd_config)
70 - {{ .Values.userData.sshAuthorizedKey }}