More explicit instructions

00-provisioning/README.md

@@ -1,4 +1,4 @@
-# 00-Provisioning
+# 00 | Provisioning Machine, Operating System and Prerequisites
 
 Provisioning is the process of creating and installing the machine and operating system to prepare it for workloads.  There are many terrafic tools for this, but my needs are simple and I don't like needless abstractions, so I rolled my own found in the **helpers.sh* file.  
 

00-provisioning/butane/boot.yaml

@@ -3,4 +3,4 @@ version: 1.5.0
 ignition:
   config:
     replace:
-      source: https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/{{HOSTNAME}}-full.json
+      source: https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/{{HOSTNAME}}-full.json

00-provisioning/butane/full.yaml

@@ -58,11 +58,6 @@ storage:
           #!/bin/bash
           rpm-ostree install kubelet kubeadm kubectl cri-o vim etcd
 
-          # Control plane node hook
-          if [[ $(hostname) = *control* ]]; then
-            git clone https://deadbeef.codes/steven/deadbeef.codes-k8s.git /home/steven/
-            chown -R steven:steven /home/steven/deadbeef.codes-k8s
-          fi
           systemctl reboot
     - path: /home/steven/cluster-config.yaml
       mode: 0600
@@ -97,7 +92,7 @@ passwd: # setting login credentials
   users:
     - name: steven
       ssh_authorized_keys:
-        - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater
         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a
       groups: [ sudo, docker ]
 systemd:

00-provisioning/helpers.sh

@@ -7,7 +7,7 @@ export MSYS_NO_PATHCONV=1
 
 # Set your own
 VBOXMANAGE="C:/Program Files/Oracle/VirtualBox/vboxmanage"
-COREOSAPPLIANCEIMAGE="D:/VirtualBox/OVA/fedora-coreos-39.20231119.3.0-virtualbox.x86_64.ova"
+COREOSAPPLIANCEIMAGE="E:/VirtualBox/Images/fedora-coreos-39.20240128.3.0-virtualbox.x86_64.ova"
 
 # Function to create VirtualBox VM, accepts name of VM as argument
 create_vbox_vm() {

00-provisioning/ignition/kube-control01-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-control01-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control01-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control01-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-control02-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-control02-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control02-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control02-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-control03-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-control03-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control03-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control03-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-worker01-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-worker01-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker01-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker01-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-worker02-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-worker02-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker02-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker02-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-worker03-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-worker03-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker03-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker03-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SPvUpDQRBG+32KT2KhgZttJWLlG9iGFPsz113u7sxlZ4z49pJcLNTqwOHMwLe787Gyj0GLG2ufRG0QobJaaA3LR6RGdmPI/cZkDWnUSXCpHWQpO7fDq7ANaVhbYAJLJhSRxdUZpxPuH4qocej0iBfs0xbvcT4/wwqxA96rITVhQjFb9eh9ppAj0XxIkkm9Gl2I/9hpedLD9dQX6fTTOCAV+WRMb9jUccPv7P8rN1enX2rUrysHRRFz3wEAAP//ggMsXCQBAAA="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

01-cluster-bootstrap/README.md

@@ -1,14 +1,15 @@
-# 05-Cluster-Bootstrap
+# 01 | Cluster Bootstrap
 
-Assumption is that an external load balancer is already configured for the cluster control plane IP address.  Initialize the cluster
+Assumption is that an external load balancer is already configured for the cluster control plane IP address.  Initialize the cluster on one control node, but do not join any other nodes to it yet.  
 
 ```bash
 
+# Only run on one control plane node - do not join other nodes until after CNI is configured
 sudo kubeadm init --config cluster-config.yaml --upload-certs
 
 ```
 
-Copy kubectl config
+Copy kube admin config to local profile.  This is also a good time to copy it to your desktop with SCP or something.  
 
 ```bash
 mkdir -p $HOME/.kube
@@ -16,5 +17,3 @@ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 sudo chown $(id -u):$(id -g) $HOME/.kube/config
 
 ```
-
-Before you join other nodes, deploy the CNI in 06!  If you don't, there is sometimes an issue where the br0 adapter will use the crio CNI configuration.

02-cni-cilium/README.md

@@ -0,0 +1,40 @@
+# 02 | CNI Cilium
+
+Only install one CNI, do not install Flannel if using Cilium.  Cilium brings network policy capabilities and uses eBPF technology to provide increased performance.
+
+Reference: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/
+
+First we must install the cilium CLI binary, as root:
+
+```bash
+sudo su -
+CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
+CLI_ARCH=amd64
+if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
+curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
+sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
+rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+
+```
+
+Then we can use it to install cilium into Kubernetes:
+
+```bash
+cilium install --version 1.14.5
+
+```
+
+Validate the install:
+
+```bash
+cilium status --wait
+
+```
+
+The following test can be performed, but it won't work until worker nodes are joined.  
+
+```bash
+cilium connectivity test
+
+```

02-cni-flannel/README.md

@@ -0,0 +1,12 @@
+# 02 | CNI = Flannel
+
+### It is not recommended to use flannel, and instead should use 02-cni-cilium.   Do not install both flannel and cilium.
+
+[https://github.com/flannel-io/flannel](https://github.com/flannel-io/flannel)
+
+Flannel provides the pod to pod networking, using [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN).
+
+```bash
+kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
+
+```

03-join-nodes/README.md

@@ -0,0 +1,20 @@
+# 03 | Join Additional Controller and Worker Nodes
+
+At this point, other nodes can be joined to the cluster.  From a control node, you can get the join command by doing the following.
+
+```bash
+sudo kubeadm token create --print-join-command
+
+```
+
+You can then take the command in the output and use it to join other nodes.  
+
+```bash
+
+# Example to join a control node, add --control-plane
+sudo kubeadm join 10.69.69.50:6443 --token drazx3.qa70i6wfatxujdqo --discovery-token-ca-cert-hash sha256:5dccc0b4113ffc2543e2d453c35bf4db998719c1c73b60e4467f5c20d3f7b9ad --control-plane
+
+# Example to join a worker node
+sudo kubeadm join 10.69.69.50:6443 --token drazx3.qa70i6wfatxujdqo --discovery-token-ca-cert-hash sha256:5dccc0b4113ffc2543e2d453c35bf4db998719c1c73b60e4467f5c20d3f7b9ad
+
+```

04-nfs-subdir-provisioner/README.md

@@ -1,4 +1,6 @@
-# 07-NFS-Subdir-Provisioner
+# 04 | Dynamic Volume Provisiong to NFS Subdirectory
+
+[https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner)
 
 To support persistent volume claims on NFS external storage, a provisioner can be configured and deployed easily with helm.
 
@@ -12,7 +14,6 @@ helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs
 
 ```
 
-
 A PVC can then be created similar to below example:
 
 ```yaml

05-ingress-controller-nginx/README.md

@@ -0,0 +1,89 @@
+# 05 | Ingress Controller = NGINX
+
+[https://kubernetes.github.io/ingress-nginx/](https://kubernetes.github.io/ingress-nginx/)
+
+[https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)
+
+The ingress controller provides external access to services in the cluster by acting as a reverse proxy.  In this case, I've selected nginx which is simple to configure, and very fast.  It does not have as many fancy features as some other options though.  
+
+```bash
+helm upgrade --install ingress-nginx ingress-nginx   --repo https://kubernetes.github.io/ingress-nginx   --namespace ingress-nginx --create-namespace -f values.yaml
+
+```
+
+Example usage:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-mandelmapper
+  annotations:
+    cert-manager.io/issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: mandelmap.home.stevenpolley.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: mandelmapper
+            port:
+              number: 6161
+  tls:
+    - hosts:
+      - mandelmap.home.stevenpolley.net
+      secretName: mandelmap-cert
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myservicea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myservicea.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myservicea
+            port:
+              number: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myserviceb
+  cert-manager.io/issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myserviceb.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myserviceb
+            port:
+              number: 8443
+  tls:
+    - hosts:
+      - myserviceb.foo.org
+      secretName: example-tls
+---
+# A secret must also be provided, this will be created by cert-manager
+apiVersion: v1
+kind: Secret
+metadata:
+  name: example-tls
+data:
+  tls.crt: <base64 encoded cert>
+  tls.key: <base64 encoded key>
+type: kubernetes.io/tls
+```

05-ingress-controller-nginx/values.yaml

@@ -3,10 +3,12 @@
 
 controller:
   service:
+    # -- Provisioned manually on external hardware load balancer
     externalIPs: 
     - "10.69.69.51"
     nodePorts:
       # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
       http: "31451"
       # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
-      https: "31207"
+      https: "31207"
+    externalTrafficPolicy: Local

06-cert-manager/README.md

@@ -0,0 +1,34 @@
+# 06 | Cert Manager
+
+https://cert-manager.io/docs/installation/kubectl/
+
+Install cert-manager - check for latest version.
+
+```yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
+```
+
+After cert manager is installed, create API tokens (not keys, but tokens) on cloudflare (User Profile > API Tokens > API Tokens) with permissions:
+
+Permissions:
+
+* Zone - DNS - Edit
+* Zone - Zone - Read
+
+Zone Resources:
+
+* Include - All Zones
+
+Configure a the API token as a secret in Kubernetes and replace the <APITOKEN> in the below command with the token from cloudflare.
+
+```bash
+kubectl create secret generic cloudflare-api-token-secret --namespace=cert-manager --type=Opaque --from-literal=api-token=<APIKEY>
+```
+
+Create the Let's Encrypt ClusterIssuer:
+
+```yaml
+
+# Be sure to edit the file and set the production URL if not a test cluster
+kubectl apply -f lets-encrypt-issuer.yaml
+```

06-cert-manager/lets-encrypt-issuer.yaml

@@ -0,0 +1,24 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # The ACME server URL
+    # production is https://acme-v02.api.letsencrypt.org/directory
+    # stagiong is https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: himself@stevenpolley.net
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    # An empty 'selector' means that this solver matches all domains
+    - selector: {}
+      dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token

06-cni-flannel/README.md

@@ -1,6 +0,0 @@
-# 06-CNI-Flannel
-
-```bash
-kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
-
-```

08-ingress-nginx-controller/README.md

@@ -1,54 +0,0 @@
-# 08-Ingress-Nginx-Controller
-
-```bash
-helm upgrade --install ingress-nginx ingress-nginx   --repo https://kubernetes.github.io/ingress-nginx   --namespace ingress-nginx --create-namespace -f values.yaml
-
-```
-
-Example usage:
-
-```yaml
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-myservicea
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: myservicea.foo.org
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: myservicea
-          servicePort: 8080
----
-apiVersion: networking.k8s.io/v1beta1
-kind: Ingress
-metadata:
-  name: ingress-myserviceb
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: myserviceb.foo.org
-    http:
-      paths:
-      - path: /
-        backend:
-          serviceName: myserviceb
-          servicePort: 8443
-  tls:
-    - hosts:
-      - myserviceb.foo.org
-      secretName: example-tls
----
-# A secret must also be provided, likely by a cert-manager of some kind
-apiVersion: v1
-kind: Secret
-metadata:
-  name: example-tls
-data:
-  tls.crt: <base64 encoded cert>
-  tls.key: <base64 encoded key>
-type: kubernetes.io/tls
-```

10-applications/README.md

@@ -0,0 +1,8 @@
+# 10 | Deploy Applications
+
+Ready to deploy applications to the cluster at this point, for example: 
+
+```yaml
+kubectl apply -f mandelmap.yaml
+
+```

10-join-nodes/README.md

@@ -1,7 +0,0 @@
-# 10-Join-Nodes
-
-```bash
-
-kubeadm join 10.69.69.147:6443 --config join-config.yaml
-
-```

30-applications/mandelmap.yaml

@@ -1,60 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  labels:
-    app: mandelmapper
-  name: mandelmapper
-spec:
-  replicas: 3
-  selector:
-    matchLabels:
-      app: mandelmapper
-  strategy: {}
-  template:
-    metadata:
-      labels:
-        app: mandelmapper
-    spec:
-      containers:
-      - image: registry.deadbeef.codes/mandelmapper
-        name: mandelmapper
-        resources:
-          requests:
-            memory: "24Mi"
-            cpu: "50m"
-status: {}
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: mandelmapper
-  name: mandelmapper
-spec:
-  type: NodePort
-  ports:
-  - port: 6161
-    protocol: TCP
-    targetPort: 6161
-  selector:
-    app: mandelmapper
-status:
-  loadBalancer: {}
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
-  name: ingress-mandelmapper
-spec:
-  ingressClassName: nginx
-  rules:
-  - host: mandelmap.home.stevenpolley.net
-    http:
-      paths:
-      - path: /
-        pathType: Prefix
-        backend:
-          service:
-            name: mandelmapper
-            port:
-              number: 6161

README.md

@@ -1,4 +1,9 @@
-# deadbeef.codes-k8s
+# Kubernetes Bootstrapping | Roll your own
+
+
+![alt text][logo]
+
+[logo]: https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/logo.png "Kubernetes Bootstrapping"
 
 This is documentation and a process I've created for bootstrapping a Kubernetes cluster on bare metal or VMs without using a cloud provider managed service.   My use case for this is running my own personal services, and learning more about Kubernetes as I study for the CKA exam.