- apt-get install -y kubelet={{ $cluster.kubeVersion }} kubeadm={{ $cluster.kubeVersion }} kubectl={{ $cluster.kubeVersion }}
- systemctl enable --now kubelet
postKubeadmCommands:
+ - /usr/local/bin/harden_os.sh
# This must be done after kubeadm as the cabpk provider relies
# on files in /var/run, which won't persist after a reboot
- /usr/local/bin/set_kernel_cmdline.sh
- path: /etc/systemd/system/containerd.service.d/override.conf
content: |
{{ $.Files.Get "resources/override.conf" | indent 10 }}
+ - path: /usr/local/bin/harden_os.sh
+ permissions: '0777'
+ content: |
+{{ $.Files.Get "resources/harden_os.sh" | indent 10 }}
- path: /usr/local/bin/set_kernel_cmdline.sh
permissions: '0777'
content: |
sshAuthorizedKeys:
- {{ $cluster.userData.sshAuthorizedKey }}
sudo: "ALL=(ALL) NOPASSWD:ALL"
+ groups: sudo # Necessary to allow SSH logins (see /etc/ssh/sshd_config)
- name: root
sshAuthorizedKeys:
- {{ $cluster.userData.sshAuthorizedKey }}