Undercloud/undercloud-infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
Gitea Root Administrator
2025-08-02 00:18:16 +02:00
parent d0c399622a
commit e62e0fb4ec
4 changed files with 632 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
terraform/control-plane3.bu
View File

@@ -132,12 +132,12 @@ storage:
mode: 0644
contents:
inline: |
apiVersion: kubeadm.k8s.io/v1beta4
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
controlPlane:
#localAPIEndpoint:
# advertiseAddress: "fd00:0:0:2::93"
# bindPort: 6443
localAPIEndpoint:
advertiseAddress: "fd00:0:0:2::93"
bindPort: 6443
certificateKey: "fee7c3e5cfcac7e4774c6efca0464a42d897f30f7300340d6578b5cfb4a3d34b"
nodeRegistration:
name: control-plane3
@@ -222,19 +222,21 @@ systemd:
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernetes.io/docs/home
Documentation=https://kubernets.io/docs/home
Wants=network-online.target
After=network-online.target containerd.service
After=network-online.target
[Service]
#Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
#Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
#EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
#StandardOutput=journal+console
#StandardError=journal+console
#EnvironmentFile=/run/metadata/coreos
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target

249
terraform/worker1.bu
View File

@@ -8,79 +8,183 @@ passwd:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"
storage:
directories:
- path: /opt/bin
overwrite: true
mode: 0755
- path: /opt/cni/bin
overwrite: true
mode: 0755
files:
# --- Hostname
- path: /etc/hostname
mode: 0644
contents:
inline: "worker1"
# --- Kubernetes sysctl tweaks ---
- path: /etc/sysctl.d/99-kubernetes-cri.conf
mode: 0644
contents:
inline: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
worker1
# --- Netzwerkkonfiguration eth0 ---
- path: /etc/systemd/network/10-eth0.network
- path: /etc/systemd/network/00-eth.network
mode: 0644
contents:
inline: |
[Match]
Name=eth0
Name=eth*
[Network]
Address=10.0.2.101/24
Gateway=10.0.2.3
Address=fd00:0:0:2::101/64
Gateway=fd00:0:0:2::3
DNS=10.0.3.1
DNS=fd00:0:0:3::1
Address=10.0.2.101/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
# --- Kubernetes Binaries (aus deinem Gitea) ---
- path: /opt/bin/kubelet
mode: 0755
- path: /etc/hosts
mode: 0644
overwrite: true
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet
inline: |
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fd00:0:0:2::91 control-plane1.undercloud.local control-plane1
fd00:0:0:2::92 control-plane2.undercloud.local control-plane2
fd00:0:0:2::93 control-plane3.undercloud.local control-plane3
fd00:0:0:2::101 worker1.undercloud.local worker1
fd00:0:0:2::102 worker2.undercloud.local worker2
fd00:0:0:2::103 worker3.undercloud.local worker3
10.0.2.91 control-plane1.undercloud.local control-plane1
10.0.2.92 control-plane2.undercloud.local control-plane2
10.0.2.93 control-plane3.undercloud.local control-plane3
10.0.2.101 worker1.undercloud.local worker1
10.0.2.102 worker2.undercloud.local worker2
10.0.2.103 worker3.undercloud.local worker3
- path: /etc/motd
mode: 0644
overwrite: true
contents:
inline: |
*******************************************************************
* AUTHORIZED ACCESS ONLY *
* *
* This system is part of a secured infrastructure. *
* All activities are monitored and logged. *
* Unauthorized access or misuse is strictly prohibited and *
* may result in disciplinary and legal action. *
*******************************************************************
--------------------------------------------------------------------------------
kubernetes controle plane Node
Manage via:
kubectl (kubectl)
calico (calicoctl)
velero - backup (velero)
argocd https://argocd-server.argocd.svc.k8aux.undercloud.cf/
--------------------------------------------------------------------------------
- path: /etc/sysctl.d/99-k8s.conf
mode: 0644
contents:
inline: |
net.ipv4.ip_forward = 1
net.ipv6.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
net.ipv4.conf.all.rp_filter = 0
net.ipv6.conf.all.disable_ipv6 = 0
vm.overcommit_memory = 1
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 512
kernel.panic = 10
kernel.panic_on_oops = 1
- path: /etc/flatcar/update.conf
overwrite: true
mode: 0420
contents:
inline: |
REBOOT_STRATEGY=off
- path: /opt/bin/kubeadm
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm"
- path: /opt/bin/kubelet
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet"
- path: /opt/bin/kubectl
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl"
# --- Containerd Config (Minimal) ---
- path: /etc/containerd/config.toml
- path: /opt/bin/calicoctl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl"
- path: /etc/kubernetes/kubeadm-join.yaml
mode: 0644
contents:
inline: |
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
nodeRegistration:
name: worker1
criSocket: unix:///run/containerd/containerd.sock
kubeletExtraArgs:
node-ip: "fd00:0:0:2::101"
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
discovery:
bootstrapToken:
apiServerEndpoint: "[fd00:0:0:2::100]:6443"
token: "kvg1hc.t3rewovrps426rof"
unsafeSkipCAVerification: true
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "::"
healthzBindAddress: "::"
clusterDomain: "k8aux.undercloud.local"
clusterDNS:
- "2001:470:72f0:f:1::a"
cgroupDriver: "systemd"
volumePluginDir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
systemd:
units:
# --- containerd service aktivieren ---
- name: modules-load.service
enabled: true
contents: |
[Unit]
Description=Load necessary kernel modules
Before=containerd.service kubeadm-init.service
[Service]
Type=oneshot
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/modprobe overlay
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- name: systemd-networkd-wait-online.service
enabled: true
- name: containerd.service
enabled: true
contents: |
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
After=network.target modules-load.service
[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStartPre=/sbin/modprobe br_netfilter
ExecStart=/usr/bin/containerd
Restart=always
RestartSec=5
@@ -88,19 +192,76 @@ systemd:
KillMode=process
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.
- name: set-timezone.service
enabled: true
contents: |
[Unit]
Description=Set Timezone
After=network-online.target
Wants=network-online.target
[Service]
StandardOutput=journal+console
StandardError=journal+console
Type=oneshot
Restart=on-failure
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
[Install]
WantedBy=kubeadm.service
- name: kubelet.service
enabled: true
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernets.io/docs/home
Wants=network-online.target
After=network-online.target
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
#EnvironmentFile=/run/metadata/coreos
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- sysctl Settings aktivieren ---
- name: systemd-sysctl.service
- name: kubeadm-join.service
enabled: true
contents: |
[Unit]
Description=Join node to Kubernetes cluster
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
# --- networkd & resolved aktivieren ---
- name: systemd-networkd.service
enabled: true
- name: systemd-resolved.service
enabled: true
[Service]
Type=oneshot
# Environment
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
# kubelet wird erst nach kubeadm init gestartet
- name: kubelet.service
enabled: false
ExecStartPre=/bin/sleep 30s
ExecStart=/opt/bin/kubeadm join --config=/etc/kubernetes/kubeadm-join.yaml
# copy files for kubectl
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target

249
terraform/worker2.bu
View File

@@ -8,79 +8,183 @@ passwd:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"
storage:
directories:
- path: /opt/bin
overwrite: true
mode: 0755
- path: /opt/cni/bin
overwrite: true
mode: 0755
files:
# --- Hostname
- path: /etc/hostname
mode: 0644
contents:
inline: "worker2"
# --- Kubernetes sysctl tweaks ---
- path: /etc/sysctl.d/99-kubernetes-cri.conf
mode: 0644
contents:
inline: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
worker2
# --- Netzwerkkonfiguration eth0 ---
- path: /etc/systemd/network/10-eth0.network
- path: /etc/systemd/network/00-eth.network
mode: 0644
contents:
inline: |
[Match]
Name=eth0
Name=eth*
[Network]
Address=10.0.2.102/24
Gateway=10.0.2.3
Address=fd00:0:0:2::102/64
Gateway=fd00:0:0:2::3
DNS=10.0.3.1
DNS=fd00:0:0:3::1
Address=10.0.2.102/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
# --- Kubernetes Binaries (aus deinem Gitea) ---
- path: /opt/bin/kubelet
mode: 0755
- path: /etc/hosts
mode: 0644
overwrite: true
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet
inline: |
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fd00:0:0:2::91 control-plane1.undercloud.local control-plane1
fd00:0:0:2::92 control-plane2.undercloud.local control-plane2
fd00:0:0:2::93 control-plane3.undercloud.local control-plane3
fd00:0:0:2::101 worker1.undercloud.local worker1
fd00:0:0:2::102 worker2.undercloud.local worker2
fd00:0:0:2::103 worker3.undercloud.local worker3
10.0.2.91 control-plane1.undercloud.local control-plane1
10.0.2.92 control-plane2.undercloud.local control-plane2
10.0.2.93 control-plane3.undercloud.local control-plane3
10.0.2.101 worker1.undercloud.local worker1
10.0.2.102 worker2.undercloud.local worker2
10.0.2.103 worker3.undercloud.local worker3
- path: /etc/motd
mode: 0644
overwrite: true
contents:
inline: |
*******************************************************************
* AUTHORIZED ACCESS ONLY *
* *
* This system is part of a secured infrastructure. *
* All activities are monitored and logged. *
* Unauthorized access or misuse is strictly prohibited and *
* may result in disciplinary and legal action. *
*******************************************************************
--------------------------------------------------------------------------------
kubernetes controle plane Node
Manage via:
kubectl (kubectl)
calico (calicoctl)
velero - backup (velero)
argocd https://argocd-server.argocd.svc.k8aux.undercloud.cf/
--------------------------------------------------------------------------------
- path: /etc/sysctl.d/99-k8s.conf
mode: 0644
contents:
inline: |
net.ipv4.ip_forward = 1
net.ipv6.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
net.ipv4.conf.all.rp_filter = 0
net.ipv6.conf.all.disable_ipv6 = 0
vm.overcommit_memory = 1
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 512
kernel.panic = 10
kernel.panic_on_oops = 1
- path: /etc/flatcar/update.conf
overwrite: true
mode: 0420
contents:
inline: |
REBOOT_STRATEGY=off
- path: /opt/bin/kubeadm
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm"
- path: /opt/bin/kubelet
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet"
- path: /opt/bin/kubectl
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl"
# --- Containerd Config (Minimal) ---
- path: /etc/containerd/config.toml
- path: /opt/bin/calicoctl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl"
- path: /etc/kubernetes/kubeadm-join.yaml
mode: 0644
contents:
inline: |
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
nodeRegistration:
name: worker2
criSocket: unix:///run/containerd/containerd.sock
kubeletExtraArgs:
node-ip: "fd00:0:0:2::102"
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
discovery:
bootstrapToken:
apiServerEndpoint: "[fd00:0:0:2::100]:6443"
token: "kvg1hc.t3rewovrps426rof"
unsafeSkipCAVerification: true
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "::"
healthzBindAddress: "::"
clusterDomain: "k8aux.undercloud.local"
clusterDNS:
- "2001:470:72f0:f:1::a"
cgroupDriver: "systemd"
volumePluginDir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
systemd:
units:
# --- containerd service aktivieren ---
- name: modules-load.service
enabled: true
contents: |
[Unit]
Description=Load necessary kernel modules
Before=containerd.service kubeadm-init.service
[Service]
Type=oneshot
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/modprobe overlay
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- name: systemd-networkd-wait-online.service
enabled: true
- name: containerd.service
enabled: true
contents: |
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
After=network.target modules-load.service
[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStartPre=/sbin/modprobe br_netfilter
ExecStart=/usr/bin/containerd
Restart=always
RestartSec=5
@@ -88,19 +192,76 @@ systemd:
KillMode=process
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.
- name: set-timezone.service
enabled: true
contents: |
[Unit]
Description=Set Timezone
After=network-online.target
Wants=network-online.target
[Service]
StandardOutput=journal+console
StandardError=journal+console
Type=oneshot
Restart=on-failure
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
[Install]
WantedBy=kubeadm.service
- name: kubelet.service
enabled: true
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernets.io/docs/home
Wants=network-online.target
After=network-online.target
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
#EnvironmentFile=/run/metadata/coreos
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- sysctl Settings aktivieren ---
- name: systemd-sysctl.service
- name: kubeadm-join.service
enabled: true
contents: |
[Unit]
Description=Join node to Kubernetes cluster
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
# --- networkd & resolved aktivieren ---
- name: systemd-networkd.service
enabled: true
- name: systemd-resolved.service
enabled: true
[Service]
Type=oneshot
# Environment
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
# kubelet wird erst nach kubeadm init gestartet
- name: kubelet.service
enabled: false
ExecStartPre=/bin/sleep 30s
ExecStart=/opt/bin/kubeadm join --config=/etc/kubernetes/kubeadm-join.yaml
# copy files for kubectl
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target

249
terraform/worker3.bu
View File

@@ -8,79 +8,183 @@ passwd:
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"
storage:
directories:
- path: /opt/bin
overwrite: true
mode: 0755
- path: /opt/cni/bin
overwrite: true
mode: 0755
files:
# --- Hostname
- path: /etc/hostname
mode: 0644
contents:
inline: "worker3"
# --- Kubernetes sysctl tweaks ---
- path: /etc/sysctl.d/99-kubernetes-cri.conf
mode: 0644
contents:
inline: |
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
worker3
# --- Netzwerkkonfiguration eth0 ---
- path: /etc/systemd/network/10-eth0.network
- path: /etc/systemd/network/00-eth.network
mode: 0644
contents:
inline: |
[Match]
Name=eth0
Name=eth*
[Network]
Address=10.0.2.103/24
Gateway=10.0.2.3
Address=fd00:0:0:2::103/64
Gateway=fd00:0:0:2::3
DNS=10.0.3.1
DNS=fd00:0:0:3::1
Address=10.0.2.103/24
Gateway=10.0.2.3
DNS=10.0.3.1
Domains=undercloud.local
# --- Kubernetes Binaries (aus deinem Gitea) ---
- path: /opt/bin/kubelet
mode: 0755
- path: /etc/hosts
mode: 0644
overwrite: true
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet
inline: |
127.0.0.1 localhost
::1 localhost ip6-localhost ip6-loopback
fd00:0:0:2::91 control-plane1.undercloud.local control-plane1
fd00:0:0:2::92 control-plane2.undercloud.local control-plane2
fd00:0:0:2::93 control-plane3.undercloud.local control-plane3
fd00:0:0:2::101 worker1.undercloud.local worker1
fd00:0:0:2::102 worker2.undercloud.local worker2
fd00:0:0:2::103 worker3.undercloud.local worker3
10.0.2.91 control-plane1.undercloud.local control-plane1
10.0.2.92 control-plane2.undercloud.local control-plane2
10.0.2.93 control-plane3.undercloud.local control-plane3
10.0.2.101 worker1.undercloud.local worker1
10.0.2.102 worker2.undercloud.local worker2
10.0.2.103 worker3.undercloud.local worker3
- path: /etc/motd
mode: 0644
overwrite: true
contents:
inline: |
*******************************************************************
* AUTHORIZED ACCESS ONLY *
* *
* This system is part of a secured infrastructure. *
* All activities are monitored and logged. *
* Unauthorized access or misuse is strictly prohibited and *
* may result in disciplinary and legal action. *
*******************************************************************
--------------------------------------------------------------------------------
kubernetes controle plane Node
Manage via:
kubectl (kubectl)
calico (calicoctl)
velero - backup (velero)
argocd https://argocd-server.argocd.svc.k8aux.undercloud.cf/
--------------------------------------------------------------------------------
- path: /etc/sysctl.d/99-k8s.conf
mode: 0644
contents:
inline: |
net.ipv4.ip_forward = 1
net.ipv6.ip_forward = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.conf.all.forwarding = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.netfilter.nf_conntrack_max = 1000000
net.ipv4.conf.all.rp_filter = 0
net.ipv6.conf.all.disable_ipv6 = 0
vm.overcommit_memory = 1
fs.inotify.max_user_watches = 524288
fs.inotify.max_user_instances = 512
kernel.panic = 10
kernel.panic_on_oops = 1
- path: /etc/flatcar/update.conf
overwrite: true
mode: 0420
contents:
inline: |
REBOOT_STRATEGY=off
- path: /opt/bin/kubeadm
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm"
- path: /opt/bin/kubelet
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet"
- path: /opt/bin/kubectl
mode: 0755
contents:
source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl"
# --- Containerd Config (Minimal) ---
- path: /etc/containerd/config.toml
- path: /opt/bin/calicoctl
mode: 0755
contents:
source: "http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl"
- path: /etc/kubernetes/kubeadm-join.yaml
mode: 0644
contents:
inline: |
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
runtime_type = "io.containerd.runc.v2"
[plugins."io.containerd.grpc.v1.cri".cni]
bin_dir = "/opt/cni/bin"
conf_dir = "/etc/cni/net.d"
apiVersion: kubeadm.k8s.io/v1beta3
kind: JoinConfiguration
nodeRegistration:
name: worker3
criSocket: unix:///run/containerd/containerd.sock
kubeletExtraArgs:
node-ip: "fd00:0:0:2::103"
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
discovery:
bootstrapToken:
apiServerEndpoint: "[fd00:0:0:2::100]:6443"
token: "kvg1hc.t3rewovrps426rof"
unsafeSkipCAVerification: true
---
apiVersion: kubelet.config.k8s.io/v1beta1
kind: KubeletConfiguration
address: "::"
healthzBindAddress: "::"
clusterDomain: "k8aux.undercloud.local"
clusterDNS:
- "2001:470:72f0:f:1::a"
cgroupDriver: "systemd"
volumePluginDir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
systemd:
units:
# --- containerd service aktivieren ---
- name: modules-load.service
enabled: true
contents: |
[Unit]
Description=Load necessary kernel modules
Before=containerd.service kubeadm-init.service
[Service]
Type=oneshot
ExecStart=/usr/bin/modprobe br_netfilter
ExecStart=/usr/bin/modprobe overlay
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
- name: systemd-networkd-wait-online.service
enabled: true
- name: containerd.service
enabled: true
contents: |
[Unit]
Description=containerd container runtime
Documentation=https://containerd.io
After=network.target
After=network.target modules-load.service
[Service]
ExecStartPre=/sbin/modprobe overlay
ExecStartPre=/sbin/modprobe br_netfilter
ExecStart=/usr/bin/containerd
Restart=always
RestartSec=5
@@ -88,19 +192,76 @@ systemd:
KillMode=process
OOMScoreAdjust=-999
[Install]
WantedBy=multi-user.
- name: set-timezone.service
enabled: true
contents: |
[Unit]
Description=Set Timezone
After=network-online.target
Wants=network-online.target
[Service]
StandardOutput=journal+console
StandardError=journal+console
Type=oneshot
Restart=on-failure
ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
ExecStart=/usr/bin/timedatectl set-ntp true
[Install]
WantedBy=kubeadm.service
- name: kubelet.service
enabled: true
contents: |
[Unit]
Description=kubelet, the Kubernetes Node Agent
Documentation=https://kubernets.io/docs/home
Wants=network-online.target
After=network-online.target
[Service]
#StandardOutput=journal+console
#StandardError=journal+console
#EnvironmentFile=/run/metadata/coreos
Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf"
Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml"
# This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically
EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env
ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS
Restart=always
StartLimitInterval=0
RestartSec=10
[Install]
WantedBy=multi-user.target
# --- sysctl Settings aktivieren ---
- name: systemd-sysctl.service
- name: kubeadm-join.service
enabled: true
contents: |
[Unit]
Description=Join node to Kubernetes cluster
After=network-online.target containerd.service kubelet.service
Wants=network-online.target
# --- networkd & resolved aktivieren ---
- name: systemd-networkd.service
enabled: true
- name: systemd-resolved.service
enabled: true
[Service]
Type=oneshot
# Environment
Environment=KUBECONFIG=/etc/kubernetes/admin.conf
Environment=DATASTORE_TYPE=kubernetes
Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/
# kubelet wird erst nach kubeadm init gestartet
- name: kubelet.service
enabled: false
ExecStartPre=/bin/sleep 30s
ExecStart=/opt/bin/kubeadm join --config=/etc/kubernetes/kubeadm-join.yaml
# copy files for kubectl
ExecStartPost=/usr/bin/mkdir -p /home/core/.kube
ExecStartPost=/usr/bin/cp -i /etc/kubernetes/admin.conf /home/core/.kube/config
ExecStartPost=/usr/bin/chown core:core /home/core/.kube/config
ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service
Restart=on-failure
RestartSec=120s
[Install]
WantedBy=multi-user.target