deploy/cluster/templates/kubeadmconfigtemplate.yaml

   1 ---
   2 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
   3 kind: KubeadmConfigTemplate
   4 metadata:
   5   name: {{ .Values.clusterName }}-workers
   6 spec:
   7   template:
   8     spec:
   9       joinConfiguration:
  10         nodeRegistration:
  11           kubeletExtraArgs:
  12             node-labels: metal3.io/uuid={{ "{{" }} ds.meta_data.uuid {{ "}}" }}
  13             cpu-manager-policy: static
  14             topology-manager-policy: best-effort
  15             kube-reserved: cpu=100m,memory=256Mi
  16           name: '{{ "{{" }} ds.meta_data.name {{ "}}" }}'
  17       preKubeadmCommands:
  18 {{- if .Values.preKubeadmCommands }}
  19 {{ toYaml .Values.preKubeadmCommands | indent 6 }}
  20 {{- end }}
  21 {{- if .Values.networks }}
  22       # Without touching up /etc/hosts, kubeadm may pick the wrong
  23       # (i.e. provisioning network) address for the node IP
  24       - sed -i "1i $(ip -4 addr show dev {{ .Values.networks.baremetal.interface }} | grep -oP '(?<=inet\s)\d+(\.\d+){3}' | head -1) $(hostname)" /etc/hosts
  25 {{- end }}
  26       - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  27       - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  28       - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  29       - add-apt-repository "deb https://apt.kubernetes.io/ kubernetes-xenial main"
  30       - apt-get update -y
  31       - apt-get install -y ca-certificates
  32       - /usr/local/bin/install-container-runtime.sh
  33       - apt-get install -y kubelet={{ .Values.kubeVersion }} kubeadm={{ .Values.kubeVersion }} kubectl={{ .Values.kubeVersion }}
  34       - systemctl enable --now kubelet
  35       postKubeadmCommands:
  36       - /usr/local/bin/harden_os.sh
  37       # This must be done after kubeadm as the cabpk provider relies
  38       # on files in /var/run, which won't persist after a reboot
  39       - /usr/local/bin/set_kernel_cmdline.sh
  40       files:
  41 {{ include "cluster.containerRuntime" .Values | indent 6 }}
  42       - path: /etc/systemd/system/containerd.service.d/override.conf
  43         content: |
  44 {{ $.Files.Get "resources/override.conf" | indent 10 }}
  45       - path: /usr/local/bin/harden_os.sh
  46         permissions: '0777'
  47         content: |
  48 {{ $.Files.Get "resources/harden_os.sh" | indent 10 }}
  49       - path: /usr/local/bin/set_kernel_cmdline.sh
  50         permissions: '0777'
  51         content: |
  52 {{ $.Files.Get "resources/set_kernel_cmdline.sh" | indent 10 }}
  53 {{- if .Values.userData }}
  54       users:
  55       - name: {{ .Values.userData.name }}
  56         shell: /bin/bash
  57         lockPassword: False # Necessary to allow password login
  58         passwd: {{ .Values.userData.hashedPassword }}
  59         sshAuthorizedKeys:
  60         - {{ .Values.userData.sshAuthorizedKey }}
  61         sudo: "ALL=(ALL) NOPASSWD:ALL"
  62         groups: sudo # Necessary to allow SSH logins (see /etc/ssh/sshd_config)
  63       - name: root
  64         sshAuthorizedKeys:
  65         - {{ .Values.userData.sshAuthorizedKey }}
  66 {{- end }}