deploy/cluster/templates/kubeadmconfigtemplate.yaml

   1 ---
   2 apiVersion: bootstrap.cluster.x-k8s.io/v1alpha4
   3 kind: KubeadmConfigTemplate
   4 metadata:
   5   name: {{ .Values.clusterName }}-workers
   6 spec:
   7   template:
   8     spec:
   9       joinConfiguration:
  10         nodeRegistration:
  11           kubeletExtraArgs:
  12             {{- include "cluster.nodeIP" .Values.networkData | nindent 12 }}
  13             node-labels: metal3.io/uuid={{ "{{" }} ds.meta_data.uuid {{ "}}" }}
  14             cpu-manager-policy: static
  15             topology-manager-policy: best-effort
  16             kube-reserved: cpu=100m,memory=256Mi
  17           name: '{{ "{{" }} ds.meta_data.name {{ "}}" }}'
  18       preKubeadmCommands:
  19 {{- if .Values.preKubeadmCommands }}
  20 {{ toYaml .Values.preKubeadmCommands | indent 6 }}
  21 {{- end }}
  22       - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
  23       - add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"
  24       - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -
  25       - add-apt-repository "deb https://apt.kubernetes.io/ kubernetes-xenial main"
  26       - apt-get update -y
  27       - apt-get install -y ca-certificates
  28       - /usr/local/bin/install-container-runtime.sh
  29       - apt-get install -y kubelet={{ .Values.kubeVersion }} kubeadm={{ .Values.kubeVersion }} kubectl={{ .Values.kubeVersion }}
  30       - systemctl enable --now kubelet
  31       postKubeadmCommands:
  32       - /usr/local/bin/harden_os.sh
  33       # This must be done after kubeadm as the cabpk provider relies
  34       # on files in /var/run, which won't persist after a reboot
  35       - /usr/local/bin/set_kernel_cmdline.sh
  36       files:
  37 {{ include "cluster.containerRuntime" .Values | indent 6 }}
  38       - path: /etc/systemd/system/containerd.service.d/override.conf
  39         content: |
  40 {{ $.Files.Get "resources/override.conf" | indent 10 }}
  41       - path: /usr/local/bin/harden_os.sh
  42         permissions: '0777'
  43         content: |
  44 {{ $.Files.Get "resources/harden_os.sh" | indent 10 }}
  45       - path: /usr/local/bin/set_kernel_cmdline.sh
  46         permissions: '0777'
  47         content: |
  48 {{ $.Files.Get "resources/set_kernel_cmdline.sh" | indent 10 }}
  49 {{- if eq .Values.cni "calico" }}
  50       - path: /etc/NetworkManager/conf.d/calico.conf
  51         content: |
  52 {{ $.Files.Get "resources/calico.conf" | indent 10 }}
  53 {{- end }}
  54 {{- if .Values.userData }}
  55       users:
  56       - name: {{ .Values.userData.name }}
  57         shell: /bin/bash
  58         lockPassword: False # Necessary to allow password login
  59         passwd: {{ .Values.userData.hashedPassword }}
  60         sshAuthorizedKeys:
  61         - {{ .Values.userData.sshAuthorizedKey }}
  62         sudo: "ALL=(ALL) NOPASSWD:ALL"
  63         groups: sudo # Necessary to allow SSH logins (see /etc/ssh/sshd_config)
  64       - name: root
  65         sshAuthorizedKeys:
  66         - {{ .Values.userData.sshAuthorizedKey }}
  67 {{- end }}