# DO NOT CALL BUTANE DIRECTLY AGAINST THIS FILE # IT IS MEANT TO BE CALLED BY lighter variant: fcos version: 1.5.0 storage: files: # Hostname gets replaced with lighter - path: /etc/hostname mode: 420 overwrite: true contents: inline: | {{HOSTNAME}} # CRI-O DNF module - path: /etc/dnf/modules.d/cri-o.module mode: 0644 overwrite: true contents: inline: | [cri-o] name=cri-o stream=1.29 profiles= state=enabled # YUM repository for kubeadm, kubelet and kubectl - path: /etc/yum.repos.d/kubernetes.repo mode: 0644 overwrite: true contents: inline: | [kubernetes] name=Kubernetes baseurl=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/ enabled=1 gpgcheck=1 repo_gpgcheck=1 gpgkey=https://pkgs.k8s.io/core:/stable:/v1.29/rpm/repodata/repomd.xml.key # configuring automatic loading of br_netfilter on startup - path: /etc/modules-load.d/br_netfilter.conf mode: 0644 overwrite: true contents: inline: br_netfilter # setting kernel parameters required by kubelet - path: /etc/sysctl.d/kubernetes.conf mode: 0644 overwrite: true contents: inline: | net.bridge.bridge-nf-call-iptables=1 net.ipv4.ip_forward=1 # Runs on first boot, script to install kubelet dependencies - path: /usr/local/bin/first-boot.sh mode: 0744 overwrite: true contents: inline: | #!/bin/bash rpm-ostree install kubelet kubeadm kubectl cri-o vim etcd # Control plane node hook if [[ $(hostname) = *control* ]]; then git clone https://deadbeef.codes/steven/deadbeef.codes-k8s.git /home/steven/ chown -R steven:steven /home/steven/deadbeef.codes-k8s fi systemctl reboot - path: /home/steven/cluster-config.yaml mode: 0600 overwrite: true contents: inline: | apiVersion: kubeadm.k8s.io/v1beta3 kind: ClusterConfiguration controllerManager: extraArgs: flex-volume-plugin-dir: "/var/lib/kubelet/volumeplugins/nodeagent~uds" networking: podSubnet: "10.244.0.0/16" controlPlaneEndpoint: "10.69.69.50" --- apiVersion: kubeadm.k8s.io/v1beta3 kind: InitConfiguration nodeRegistration: kubeletExtraArgs: volume-plugin-dir: "/var/lib/kubelet/volumeplugins/nodeagent~uds" - path: /home/steven/join-config.yaml mode: 0600 overwrite: true contents: inline: | apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration nodeRegistration: kubeletExtraArgs: volume-plugin-dir: "/var/lib/kubelet/volumeplugins/nodeagent~uds" passwd: # setting login credentials users: - name: steven ssh_authorized_keys: - ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAsPq55j525p1ntk37oeel83i6FVm9+ptWk/4csqZivKRrtfhSebtWj0GHg7mnN+XIvQFEXY1HuPSfAByuwURN7LrBTKYNDHM5VxyHSP3s6Ik9OYngbVDCcDRc94teivYalYPyC5rCfIFYRg+vrxD1Gl7eASpiS7z2YD5w6WSxEnQ9tk+GQgsbRcsDBpKTZL/yHZbNNOamUwv3FNmaDpq7V8d1IrKCQiivYQ5n/sWpQnOzMOnY5i7OKr2G56KbaVIXRe3JKIF7ifAK0aJ5q+45RmwdgVh+SgwIFBzQD4GZJbr8jbvxYO9NjbF9fm7qLYnbHNyT7cDx8ClQqAz/2cL0xw== taterwin10 - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCf2HvSx2ls2KhHn3tISbYbx9NpYSKw+ESmOdxscZJuCEMKDEOdBuOJ5E3CpA+A+QiLY+qlXGPOyNKwmjVPFr6TzNwBciehcs3bFKAvar2vrJsQkUXAJiBzJWiQceGwto3zq6nIAO/tx7s3P6KVPuxegGyXAMv/7Fc8cytOk8q05Xt+7hUyz0LbCZ6j66/Qa7c8eJz8Vho1Oe1BpIhhcZbSovZrKgBOhpyIdUtxh/W5KnFsbIq4MPPVCRHN7IVrXcvkPsTQ6OGeJAsqun+zF3KupQs0Xqt157EmOn5D41x5QY7kts11QZiKmeeSFYt2gRaY7VtAlEfar0fgXWOyQ/Uf steven-pixel6a groups: [ sudo, docker ] systemd: units: - name: first-boot.service enabled: true contents: | [Unit] Before=systemd-user-sessions.service Wants=network-online.target After=network-online.target ConditionPathExists=!/var/lib/first-boot [Service] Type=oneshot ExecStart=/usr/local/bin/first-boot.sh ExecStartPost=/usr/bin/touch /var/lib/first-boot RemainAfterExit=yes [Install] WantedBy=multi-user.target - name: second-boot.service enabled: true contents: | [Unit] Before=systemd-user-sessions.service Wants=network-online.target After=network-online.target ConditionPathExists=/var/lib/first-boot ConditionPathExists=!/var/lib/second-boot [Service] Type=oneshot ExecStart=/usr/bin/systemctl enable --now crio kubelet ExecStartPost=/usr/bin/touch /var/lib/second-boot RemainAfterExit=yes [Install] WantedBy=multi-user.target