More explicit instructions

00-provisioning/README.md

@@ -1,45 +1,33 @@
-# 00-Provisioning
+# 00 | Provisioning Machine, Operating System and Prerequisites
 
-Adding new nodes
+Provisioning is the process of creating and installing the machine and operating system to prepare it for workloads.  There are many terrafic tools for this, but my needs are simple and I don't like needless abstractions, so I rolled my own found in the **helpers.sh* file.  
 
-1. Call lighter and pass the new node's name to generate ignition files for the node, see below snippet.
+OS of choice is [Fedora CoreOS](https://fedoraproject.org/coreos/) because of all the distributions I've reviewed it seems to be the most lightweight, purpose-built choice that meets requirements.  
-2. Commit and check the resulting ignition/*.json files into version control at deadbeef.codes, they need to be present before booting the node.
+
+### Lighter
+
+Lighter is a small utility function in *helpers.sh* I made for templating Butane YAML files, allowing for value substitution.  It's a "lighter" method to template compared to something more featurerific like Jinja.
+
+### Butane
+
+Butane is a utility for transforming human-readable butane YAML configuration files and transpile them to machine-readable ignition JSON files.  The JSON is still readable in many cases, but good luck reading a systemd unit file or anything with more than a few lines
+
+### Ignition
+
+Core-OS comes with Ignition which is similar to utilities like cloud-init.  Allows completely configuring the system.  When adding a new node, or making a change to butane YAML files, be sure to run lighter and pass the node's hostname.  It will generate JSON files in the ignition directory which need to be checked into version control.  The machine needs to be able to access the files when it boots.
 
 ```bash
 # Be sure to run from 00-provisioning directory
 cd 00-provisioning
+source helpers.sh
 
-# Templating for Butane files to replace hostname with name passed 
+# Run lighter to substitute the machine's hostnames in the butane/full.yaml file, and call butane with each hostname to generate the ignition/*.yaml files
-# to lighter, then it calls butane to generate ignition files
-lighter() {
-    if [ -z "$1" ]; then
-        echo "error: lighter() called without specifying a VM name"
-        echo "Usage: lighter() <name>"
-        return
-    fi
-
-    # Create temporary working copies
-    cp butane/boot.yaml butane/boot~.yaml
-    cp butane/full.yaml butane/full~.yaml
-
-    # Replace hostname token with name provided
-    hostnameToken="{{HOSTNAME}}"
-    sed -i -e "s/$hostnameToken/$1/g" butane/boot~.yaml
-    sed -i -e "s/$hostnameToken/$1/g" butane/full~.yaml
-
-    # Butane transpile to ignition files
-    butane butane/boot~.yaml > ignition/$1-boot.json
-    butane butane/full~.yaml > ignition/$1-full.json
-
-    # Cleanup mess
-    rm -f butane/*~.yaml
-}
-
 lighter kube-control01
-lighter kube-node01
+lighter kube-control02
-lighter kube-node02
+lighter kube-control03
-lighter kube-node03
+lighter kube-worker01
-
+lighter kube-worker02
+lighter kube-worker03
 
 ```
 
@@ -47,25 +35,16 @@ After you've checked the ignition files into version control, provision the serv
 
 ```bash
 
-# Stop git bash being stupid
+# Controllers - if doing HA, need at least 3 for Raft concensus
-export MSYS_NO_PATHCONV=1
+create_vbox_vm kube-control01 "080027000001"
-# Function to create VirtualBox VM, accepts name of VM as argument
+create_vbox_vm kube-control02 "080027000002"
-create_vm() {
+create_vbox_vm kube-control03 "080027000003"
-    if [ -z "$1" ]; then
-        echo "error: create_vm() called without specifying a VM name"
-        echo "Usage: create_vm <name>"
-        return
-    fi
-    "C:/Program Files/Oracle/VirtualBox/vboxmanage.exe" import --vsys 0 --vmname "$1" "D:/VirtualBox/OVA/fedora-coreos-39.20231119.3.0-virtualbox.x86_64.ova"
-    "C:/Program Files/Oracle/VirtualBox/vboxmanage.exe" modifyvm $1 --nic1 bridged
-    "C:/Program Files/Oracle/VirtualBox/vboxmanage.exe" modifyvm $1 --bridge-adapter1 "Intel(R) Ethernet Controller I225-V"
-    "C:/Program Files/Oracle/VirtualBox/vboxmanage.exe" guestproperty set $1 "/Ignition/Config" "$(cat ignition/$1-boot.json)"
-    "C:/Program Files/Oracle/VirtualBox/vboxmanage.exe" startvm $1 --type headless
-}
 
-create_vm kube-control01
+# Workers
-create_vm kube-node01
+create_vbox_vm kube-worker01 "080027000010"
-create_vm kube-node02
+create_vbox_vm kube-worker02 "080027000011"
-create_vm kube-node03
+create_vbox_vm kube-worker03 "080027000012"
 
-```
+```
+
+If adding a new node or changing MAC address - be sure to update external firewall address objects and external load balancer.  

00-provisioning/butane/boot.yaml

@@ -3,4 +3,4 @@ version: 1.5.0
 ignition:
   config:
     replace:
-      source: https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/{{HOSTNAME}}-full.json
+      source: https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/{{HOSTNAME}}-full.json

00-provisioning/butane/full.yaml

@@ -1,8 +1,10 @@
+# DO NOT CALL BUTANE DIRECTLY AGAINST THIS FILE
+# IT IS MEANT TO BE CALLED BY lighter
 variant: fcos
 version: 1.5.0
 storage:
   files:
-    # Hostname
+    # Hostname gets replaced with lighter
     - path: /etc/hostname
       mode: 420
       overwrite: true
@@ -47,16 +49,15 @@ storage:
         inline: |
           net.bridge.bridge-nf-call-iptables=1
           net.ipv4.ip_forward=1
-    # script to install kubelet dependencies
+    # Runs on first boot, script to install kubelet dependencies
-    - path: /usr/local/bin/install-kubelet.sh
+    - path: /usr/local/bin/first-boot.sh
       mode: 0744
       overwrite: true
       contents:
         inline: |
           #!/bin/bash
-          rpm-ostree install kubelet kubeadm kubectl cri-o vim
+          rpm-ostree install kubelet kubeadm kubectl cri-o vim etcd
-          systemctl enable crio kubelet
+
-          sleep 1 # systemctl enable and reboot race condition?
           systemctl reboot
     - path: /home/steven/cluster-config.yaml
       mode: 0600
@@ -70,6 +71,7 @@ storage:
               flex-volume-plugin-dir: "/var/lib/kubelet/volumeplugins/nodeagent~uds"
           networking:
             podSubnet: "10.244.0.0/16"
+          controlPlaneEndpoint: "10.69.69.50"
           ---
           apiVersion: kubeadm.k8s.io/v1beta3
           kind: InitConfiguration
@@ -90,24 +92,42 @@ passwd: # setting login credentials
   users:
     - name: steven
       ssh_authorized_keys:
-        - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10
+        - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater
         - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a
       groups: [ sudo, docker ]
 systemd:
   units:
-    - name: install-kubelet.service
+    - name: first-boot.service
       enabled: true
       contents: |
         [Unit]
         Before=systemd-user-sessions.service
         Wants=network-online.target
         After=network-online.target
-        ConditionPathExists=!/var/lib/install-kubelet
+        ConditionPathExists=!/var/lib/first-boot
 
         [Service]
         Type=oneshot
-        ExecStart=/usr/local/bin/install-kubelet.sh
+        ExecStart=/usr/local/bin/first-boot.sh
-        ExecStartPost=/usr/bin/touch /var/lib/install-kubelet
+        ExecStartPost=/usr/bin/touch /var/lib/first-boot
+        RemainAfterExit=yes
+
+        [Install]
+        WantedBy=multi-user.target
+    - name: second-boot.service
+      enabled: true
+      contents: |
+        [Unit]
+        Before=systemd-user-sessions.service
+        Wants=network-online.target
+        After=network-online.target
+        ConditionPathExists=/var/lib/first-boot
+        ConditionPathExists=!/var/lib/second-boot
+
+        [Service]
+        Type=oneshot
+        ExecStart=/usr/bin/systemctl enable --now crio kubelet
+        ExecStartPost=/usr/bin/touch /var/lib/second-boot
         RemainAfterExit=yes
 
         [Install]

00-provisioning/helpers.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+# Terraform?  We roll our own.
+
+# Stop git bash being stupid
+export MSYS_NO_PATHCONV=1
+
+# Set your own
+VBOXMANAGE="C:/Program Files/Oracle/VirtualBox/vboxmanage"
+COREOSAPPLIANCEIMAGE="E:/VirtualBox/Images/fedora-coreos-39.20240128.3.0-virtualbox.x86_64.ova"
+
+# Function to create VirtualBox VM, accepts name of VM as argument
+create_vbox_vm() {
+    if [ -z "$1" ] || [ -z "$2" ]; then
+        echo "error: create_vm() called without specifying a VM name"
+        echo "Usage: create_vm <name> <MAC Address>"
+        echo "Example: create_vm kube_control01 \"08:00:27:00:00:01\""
+        return
+    fi
+
+    "$VBOXMANAGE" import --vsys 0 --vmname "$1" $COREOSAPPLIANCEIMAGE
+    "$VBOXMANAGE" modifyvm $1 --nic1 bridged
+    "$VBOXMANAGE" modifyvm $1 --bridge-adapter1 "Intel(R) Ethernet Controller I225-V"
+    "$VBOXMANAGE" modifyvm $1 --macaddress1 $2
+    "$VBOXMANAGE" guestproperty set $1 "/Ignition/Config" "$(cat ignition/$1-boot.json)"
+    "$VBOXMANAGE" startvm $1 --type headless
+}
+
+# Templating for Butane files to replace hostname with name passed 
+# to lighter, then it calls butane to generate ignition files
+# It's "lighter" than using jinja or some other bloat ;)
+# This allows us to re-use the same butane YAML files for multiple hosts,
+# we can substitute values with whatever we want.
+lighter() {
+    if [ -z "$1" ]; then
+        echo "error: lighter() called without specifying a VM name"
+        echo "Usage: lighter() <name>"
+        return
+    fi
+
+    # Create temporary working copies 
+    cp butane/boot.yaml butane/boot~.yaml
+    cp butane/full.yaml butane/full~.yaml
+
+    # Replace hostname token with name provided
+    hostnameToken="{{HOSTNAME}}"
+    sed -i -e "s/$hostnameToken/$1/g" butane/boot~.yaml
+    sed -i -e "s/$hostnameToken/$1/g" butane/full~.yaml
+
+    # Butane transpile to ignition files
+    butane butane/boot~.yaml > ignition/$1-boot.json
+    butane butane/full~.yaml > ignition/$1-full.json
+
+    # Cleanup mess
+    rm -f butane/*~.yaml
+}

00-provisioning/ignition/kube-control01-boot.json

@@ -1 +1 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-control01-full.json"}},"version":"3.4.0"}}
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control01-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control01-full.json

@@ -1 +1 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/install-kubelet.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SMQarDMAxE9z6FPlmH8E/Qs8j2QEVlKVhqobcvSSkUunow82aWv62KbZXjWuY+Vo+cAIlFsird7hWKPMl9nGyp1KasTg8ZJZ6RGEcG46o4Kv/sSiiw0z8t9OOxdZqo7kmTG6i5dUlxu3x9voXyCgAA///0QT0CpgAAAA=="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPsU7EMAxA93xF1D3NFU4IZUMnBgYWkNhT4ous5uzKccpNfDuKynIbEqOtJz+/uOIHSEWmYJc2Q0yXcXmsI7Lfphk03psFKQV7Kq0qyInpjLlJVGQyn0wqXArIa6SYQYKxFq4q8Uly7YO15wJXt3FpF3BraRnJJZRgB79F8QVn370F1O/QzlRPnCBmIP1uqQ6GQL9YFqTcz66c3ttMoMEO02G8Ox7Hw3jw08NgnHPmz1UvhHqb1LVvkLHqvui23wefb8P+3/QTAAD//14yTSt9AQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/install-kubelet\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/install-kubelet.sh\nExecStartPost=/usr/bin/touch /var/lib/install-kubelet\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"install-kubelet.service"}]}}
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-control02-boot.json

@@ -0,0 +1 @@
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control02-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control02-full.json

@@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-control03-boot.json

@@ -0,0 +1 @@
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-control03-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-control03-full.json

@@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-control03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-node01-boot.json

@@ -1 +0,0 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-node01-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-node01-full.json

@@ -1 +0,0 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-node01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/install-kubelet.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SMQarDMAxE9z6FPlmH8E/Qs8j2QEVlKVhqobcvSSkUunow82aWv62KbZXjWuY+Vo+cAIlFsird7hWKPMl9nGyp1KasTg8ZJZ6RGEcG46o4Kv/sSiiw0z8t9OOxdZqo7kmTG6i5dUlxu3x9voXyCgAA///0QT0CpgAAAA=="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPsU7EMAxA93xF1D3NFU4IZUMnBgYWkNhT4ous5uzKccpNfDuKynIbEqOtJz+/uOIHSEWmYJc2Q0yXcXmsI7Lfphk03psFKQV7Kq0qyInpjLlJVGQyn0wqXArIa6SYQYKxFq4q8Uly7YO15wJXt3FpF3BraRnJJZRgB79F8QVn370F1O/QzlRPnCBmIP1uqQ6GQL9YFqTcz66c3ttMoMEO02G8Ox7Hw3jw08NgnHPmz1UvhHqb1LVvkLHqvui23wefb8P+3/QTAAD//14yTSt9AQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/install-kubelet\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/install-kubelet.sh\nExecStartPost=/usr/bin/touch /var/lib/install-kubelet\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"install-kubelet.service"}]}}

00-provisioning/ignition/kube-node02-boot.json

@@ -1 +0,0 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-node02-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-node02-full.json

@@ -1 +0,0 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-node02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/install-kubelet.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SMQarDMAxE9z6FPlmH8E/Qs8j2QEVlKVhqobcvSSkUunow82aWv62KbZXjWuY+Vo+cAIlFsird7hWKPMl9nGyp1KasTg8ZJZ6RGEcG46o4Kv/sSiiw0z8t9OOxdZqo7kmTG6i5dUlxu3x9voXyCgAA///0QT0CpgAAAA=="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPsU7EMAxA93xF1D3NFU4IZUMnBgYWkNhT4ous5uzKccpNfDuKynIbEqOtJz+/uOIHSEWmYJc2Q0yXcXmsI7Lfphk03psFKQV7Kq0qyInpjLlJVGQyn0wqXArIa6SYQYKxFq4q8Uly7YO15wJXt3FpF3BraRnJJZRgB79F8QVn370F1O/QzlRPnCBmIP1uqQ6GQL9YFqTcz66c3ttMoMEO02G8Ox7Hw3jw08NgnHPmz1UvhHqb1LVvkLHqvui23wefb8P+3/QTAAD//14yTSt9AQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/install-kubelet\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/install-kubelet.sh\nExecStartPost=/usr/bin/touch /var/lib/install-kubelet\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"install-kubelet.service"}]}}

00-provisioning/ignition/kube-node03-boot.json

@@ -1 +0,0 @@
-{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/deadbeef.codes-k8s/raw/branch/main/00-provisioning/ignition/kube-node03-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-node03-full.json

@@ -1 +0,0 @@
-{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-node03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/install-kubelet.sh","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/2SMQarDMAxE9z6FPlmH8E/Qs8j2QEVlKVhqobcvSSkUunow82aWv62KbZXjWuY+Vo+cAIlFsird7hWKPMl9nGyp1KasTg8ZJZ6RGEcG46o4Kv/sSiiw0z8t9OOxdZqo7kmTG6i5dUlxu3x9voXyCgAA///0QT0CpgAAAA=="},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPsU7EMAxA93xF1D3NFU4IZUMnBgYWkNhT4ous5uzKccpNfDuKynIbEqOtJz+/uOIHSEWmYJc2Q0yXcXmsI7Lfphk03psFKQV7Kq0qyInpjLlJVGQyn0wqXArIa6SYQYKxFq4q8Uly7YO15wJXt3FpF3BraRnJJZRgB79F8QVn370F1O/QzlRPnCBmIP1uqQ6GQL9YFqTcz66c3ttMoMEO02G8Ox7Hw3jw08NgnHPmz1UvhHqb1LVvkLHqvui23wefb8P+3/QTAAD//14yTSt9AQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/install-kubelet\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/install-kubelet.sh\nExecStartPost=/usr/bin/touch /var/lib/install-kubelet\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"install-kubelet.service"}]}}

00-provisioning/ignition/kube-worker01-boot.json

@@ -0,0 +1 @@
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker01-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker01-full.json

@@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker01%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-worker02-boot.json

@@ -0,0 +1 @@
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker02-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker02-full.json

@@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker02%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

00-provisioning/ignition/kube-worker03-boot.json

@@ -0,0 +1 @@
+{"ignition":{"config":{"replace":{"source":"https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/00-provisioning/ignition/kube-worker03-full.json"}},"version":"3.4.0"}}

00-provisioning/ignition/kube-worker03-full.json

@@ -0,0 +1 @@
+{"ignition":{"version":"3.4.0"},"passwd":{"users":[{"groups":["sudo","docker"],"name":"steven","sshAuthorizedKeys":["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFup2oRKxwGCalMZ2CyguodtmUDDCkLm/sYHhnaAtDn5 zelle@tater","ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a"]}]},"storage":{"files":[{"overwrite":true,"path":"/etc/hostname","contents":{"compression":"","source":"data:,kube-worker03%0A"},"mode":420},{"overwrite":true,"path":"/etc/dnf/modules.d/cri-o.module","contents":{"compression":"","source":"data:,%5Bcri-o%5D%0Aname%3Dcri-o%0Astream%3D1.29%0Aprofiles%3D%0Astate%3Denabled%0A"},"mode":420},{"overwrite":true,"path":"/etc/yum.repos.d/kubernetes.repo","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/5TMPa7CMBDE8X4P41Ve9YjkE3AEhJCTjBy0/lh5HURuj0KBaOlm/sXvItuEVtBhVyohw58/gaZg2Frya+9qI7NKNCf/5u6V59owsvUwJYz8GNzfiZtmJpQjLX6gqHFeMYsfqEHr7etHjYL9J/ggltDDe+TFPXNygp1eAQAA//9ze8vVwgAAAA=="},"mode":420},{"overwrite":true,"path":"/etc/modules-load.d/br_netfilter.conf","contents":{"compression":"","source":"data:,br_netfilter"},"mode":420},{"overwrite":true,"path":"/etc/sysctl.d/kubernetes.conf","contents":{"compression":"","source":"data:,net.bridge.bridge-nf-call-iptables%3D1%0Anet.ipv4.ip_forward%3D1%0A"},"mode":420},{"overwrite":true,"path":"/usr/local/bin/first-boot.sh","contents":{"compression":"","source":"data:,%23!%2Fbin%2Fbash%0Arpm-ostree%20install%20kubelet%20kubeadm%20kubectl%20cri-o%20vim%20etcd%0A%0Asystemctl%20reboot%0A"},"mode":484},{"overwrite":true,"path":"/home/steven/cluster-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/6SPMWszMQxAd/8Kc7vPl+9LQ3tbCRk6FEoL3X21YsQ50iHLaab+9mIuHbIVCl4sHtJ7YcF3kIJMo53rBCGe+vm+9Mj+vJlAw38zI8XR7nMtCrJnOmKqEhSZzAeTCucM8hwoJJDRWAsXlfAoqbSPtccMF3fmXE/gllwTkosoo+38OYjPOPl2N4P6FVqZ4okjhASkXzWWzhDoJ8uMlNraheNbnQh0tN1m6P9tt/3QD36z636cXnIgOFBcGOlK7R7auxs645wzvy5/ItTb7Kb2CgmLroNmdI043Mb/vfs7AAD//5RZDtOhAQAA"},"mode":384},{"overwrite":true,"path":"/home/steven/join-config.yaml","contents":{"compression":"gzip","source":"data:;base64,H4sIAAAAAAAC/yyMsa7CMAwA93xF1L2Nnt6CsiHEwsjA7iomspraVexUTHw7KmE93R1s9MCqJBz90maEtE7LSSeSsP/NaPDvFuIU/U2IL8JPyq2CkbBjSXjHTGodROe/i4J2fVmFc816MO93KW3FcSstE4+JavRD2KGGQnP4JaFL3dFwzCEj27slHdwnAAD//8EKj5enAAAA"},"mode":384}]},"systemd":{"units":[{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=!/var/lib/first-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/local/bin/first-boot.sh\nExecStartPost=/usr/bin/touch /var/lib/first-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"first-boot.service"},{"contents":"[Unit]\nBefore=systemd-user-sessions.service\nWants=network-online.target\nAfter=network-online.target\nConditionPathExists=/var/lib/first-boot\nConditionPathExists=!/var/lib/second-boot\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/systemctl enable --now crio kubelet\nExecStartPost=/usr/bin/touch /var/lib/second-boot\nRemainAfterExit=yes\n\n[Install]\nWantedBy=multi-user.target\n","enabled":true,"name":"second-boot.service"}]}}

01-cluster-bootstrap/README.md

@@ -0,0 +1,19 @@
+# 01 | Cluster Bootstrap
+
+Assumption is that an external load balancer is already configured for the cluster control plane IP address.  Initialize the cluster on one control node, but do not join any other nodes to it yet.  
+
+```bash
+
+# Only run on one control plane node - do not join other nodes until after CNI is configured
+sudo kubeadm init --config cluster-config.yaml --upload-certs
+
+```
+
+Copy kube admin config to local profile.  This is also a good time to copy it to your desktop with SCP or something.  
+
+```bash
+mkdir -p $HOME/.kube
+sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
+sudo chown $(id -u):$(id -g) $HOME/.kube/config
+
+```

02-cni-cilium/README.md

@@ -0,0 +1,40 @@
+# 02 | CNI Cilium
+
+Only install one CNI, do not install Flannel if using Cilium.  Cilium brings network policy capabilities and uses eBPF technology to provide increased performance.
+
+Reference: https://docs.cilium.io/en/stable/gettingstarted/k8s-install-default/
+
+First we must install the cilium CLI binary, as root:
+
+```bash
+sudo su -
+CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)
+CLI_ARCH=amd64
+if [ "$(uname -m)" = "aarch64" ]; then CLI_ARCH=arm64; fi
+curl -L --fail --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+sha256sum --check cilium-linux-${CLI_ARCH}.tar.gz.sha256sum
+sudo tar xzvfC cilium-linux-${CLI_ARCH}.tar.gz /usr/local/bin
+rm cilium-linux-${CLI_ARCH}.tar.gz{,.sha256sum}
+
+```
+
+Then we can use it to install cilium into Kubernetes:
+
+```bash
+cilium install --version 1.14.5
+
+```
+
+Validate the install:
+
+```bash
+cilium status --wait
+
+```
+
+The following test can be performed, but it won't work until worker nodes are joined.  
+
+```bash
+cilium connectivity test
+
+```

02-cni-flannel/README.md

@@ -0,0 +1,12 @@
+# 02 | CNI = Flannel
+
+### It is not recommended to use flannel, and instead should use 02-cni-cilium.   Do not install both flannel and cilium.
+
+[https://github.com/flannel-io/flannel](https://github.com/flannel-io/flannel)
+
+Flannel provides the pod to pod networking, using [VXLAN](https://en.wikipedia.org/wiki/Virtual_Extensible_LAN).
+
+```bash
+kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml
+
+```

03-join-nodes/README.md

@@ -0,0 +1,20 @@
+# 03 | Join Additional Controller and Worker Nodes
+
+At this point, other nodes can be joined to the cluster.  From a control node, you can get the join command by doing the following.
+
+```bash
+sudo kubeadm token create --print-join-command
+
+```
+
+You can then take the command in the output and use it to join other nodes.  
+
+```bash
+
+# Example to join a control node, add --control-plane
+sudo kubeadm join 10.69.69.50:6443 --token drazx3.qa70i6wfatxujdqo --discovery-token-ca-cert-hash sha256:5dccc0b4113ffc2543e2d453c35bf4db998719c1c73b60e4467f5c20d3f7b9ad --control-plane
+
+# Example to join a worker node
+sudo kubeadm join 10.69.69.50:6443 --token drazx3.qa70i6wfatxujdqo --discovery-token-ca-cert-hash sha256:5dccc0b4113ffc2543e2d453c35bf4db998719c1c73b60e4467f5c20d3f7b9ad
+
+```

04-nfs-subdir-provisioner/README.md

@@ -0,0 +1,48 @@
+# 04 | Dynamic Volume Provisiong to NFS Subdirectory
+
+[https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner](https://github.com/kubernetes-sigs/nfs-subdir-external-provisioner)
+
+To support persistent volume claims on NFS external storage, a provisioner can be configured and deployed easily with helm.
+
+```bash
+
+helm repo add nfs-subdir-external-provisioner https://kubernetes-sigs.github.io/nfs-subdir-external-provisioner/
+
+helm install nfs-subdir-external-provisioner nfs-subdir-external-provisioner/nfs-subdir-external-provisioner \
+    --set nfs.server=10.69.71.105 \
+    --set nfs.path=/data/nfs
+
+```
+
+A PVC can then be created similar to below example:
+
+```yaml
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: myclaim
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: nfs-client
+---
+apiVersion: v1
+kind: Pod
+metadata:
+  name: mypod
+spec:
+  containers:
+    - name: myfrontend
+      image: nginx
+      volumeMounts:
+      - mountPath: "/var/www/html"
+        name: mypd
+  volumes:
+    - name: mypd
+      persistentVolumeClaim:
+        claimName: myclaim
+```

05-ingress-controller-nginx/README.md

@@ -0,0 +1,89 @@
+# 05 | Ingress Controller = NGINX
+
+[https://kubernetes.github.io/ingress-nginx/](https://kubernetes.github.io/ingress-nginx/)
+
+[https://github.com/kubernetes/ingress-nginx](https://github.com/kubernetes/ingress-nginx)
+
+The ingress controller provides external access to services in the cluster by acting as a reverse proxy.  In this case, I've selected nginx which is simple to configure, and very fast.  It does not have as many fancy features as some other options though.  
+
+```bash
+helm upgrade --install ingress-nginx ingress-nginx   --repo https://kubernetes.github.io/ingress-nginx   --namespace ingress-nginx --create-namespace -f values.yaml
+
+```
+
+Example usage:
+
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-mandelmapper
+  annotations:
+    cert-manager.io/issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: mandelmap.home.stevenpolley.net
+    http:
+      paths:
+      - path: /
+        pathType: Prefix
+        backend:
+          service:
+            name: mandelmapper
+            port:
+              number: 6161
+  tls:
+    - hosts:
+      - mandelmap.home.stevenpolley.net
+      secretName: mandelmap-cert
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myservicea
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myservicea.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myservicea
+            port:
+              number: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: ingress-myserviceb
+  cert-manager.io/issuer: letsencrypt
+spec:
+  ingressClassName: nginx
+  rules:
+  - host: myserviceb.foo.org
+    http:
+      paths:
+      - path: /
+        backend:
+          service:
+            name: myserviceb
+            port:
+              number: 8443
+  tls:
+    - hosts:
+      - myserviceb.foo.org
+      secretName: example-tls
+---
+# A secret must also be provided, this will be created by cert-manager
+apiVersion: v1
+kind: Secret
+metadata:
+  name: example-tls
+data:
+  tls.crt: <base64 encoded cert>
+  tls.key: <base64 encoded key>
+type: kubernetes.io/tls
+```

05-ingress-controller-nginx/values.yaml

@@ -0,0 +1,14 @@
+## nginx configuration
+## Ref: https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/index.md
+
+controller:
+  service:
+    # -- Provisioned manually on external hardware load balancer
+    externalIPs: 
+    - "10.69.69.51"
+    nodePorts:
+      # -- Node port allocated for the external HTTP listener. If left empty, the service controller allocates one from the configured node port range.
+      http: "31451"
+      # -- Node port allocated for the external HTTPS listener. If left empty, the service controller allocates one from the configured node port range.
+      https: "31207"
+    externalTrafficPolicy: Local

06-cert-manager/README.md

@@ -0,0 +1,34 @@
+# 06 | Cert Manager
+
+https://cert-manager.io/docs/installation/kubectl/
+
+Install cert-manager - check for latest version.
+
+```yaml
+kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.13.3/cert-manager.yaml
+```
+
+After cert manager is installed, create API tokens (not keys, but tokens) on cloudflare (User Profile > API Tokens > API Tokens) with permissions:
+
+Permissions:
+
+* Zone - DNS - Edit
+* Zone - Zone - Read
+
+Zone Resources:
+
+* Include - All Zones
+
+Configure a the API token as a secret in Kubernetes and replace the <APITOKEN> in the below command with the token from cloudflare.
+
+```bash
+kubectl create secret generic cloudflare-api-token-secret --namespace=cert-manager --type=Opaque --from-literal=api-token=<APIKEY>
+```
+
+Create the Let's Encrypt ClusterIssuer:
+
+```yaml
+
+# Be sure to edit the file and set the production URL if not a test cluster
+kubectl apply -f lets-encrypt-issuer.yaml
+```

06-cert-manager/lets-encrypt-issuer.yaml

@@ -0,0 +1,24 @@
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: letsencrypt
+spec:
+  acme:
+    # The ACME server URL
+    # production is https://acme-v02.api.letsencrypt.org/directory
+    # stagiong is https://acme-staging-v02.api.letsencrypt.org/directory
+    server: https://acme-v02.api.letsencrypt.org/directory
+    # Email address used for ACME registration
+    email: himself@stevenpolley.net
+    # Name of a secret used to store the ACME account private key
+    privateKeySecretRef:
+      name: letsencrypt
+    # Enable the HTTP-01 challenge provider
+    solvers:
+    # An empty 'selector' means that this solver matches all domains
+    - selector: {}
+      dns01:
+        cloudflare:
+          apiTokenSecretRef:
+            name: cloudflare-api-token-secret
+            key: api-token

10-applications/README.md

@@ -0,0 +1,8 @@
+# 10 | Deploy Applications
+
+Ready to deploy applications to the cluster at this point, for example: 
+
+```yaml
+kubectl apply -f mandelmap.yaml
+
+```

README.md

@@ -0,0 +1,11 @@
+# Kubernetes Bootstrapping | Roll your own
+
+
+![alt text][logo]
+
+[logo]: https://deadbeef.codes/steven/kubernetes-bootstrapping/raw/branch/main/logo.png "Kubernetes Bootstrapping"
+
+This is documentation and a process I've created for bootstrapping a Kubernetes cluster on bare metal or VMs without using a cloud provider managed service.   My use case for this is running my own personal services, and learning more about Kubernetes as I study for the CKA exam.
+
+Each section can be followed in numerical order.  
+