variant: flatcar version: 1.1.0 passwd: users: - name: core ssh_authorized_keys: - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud" storage: directories: - path: /opt/bin overwrite: true mode: 0755 - path: /opt/cni/bin overwrite: true mode: 0755 files: - path: /etc/hostname mode: 0644 contents: inline: | worker4 - path: /etc/systemd/network/00-eth.network mode: 0644 contents: inline: | [Match] Name=eth* [Network] Address=fd00:0:0:2::104/64 Address=2001:470:7116:2::104/64 Gateway=2001:470:7116:2::3 DNS=fd00:0:0:1::1 Address=10.0.2.104/24 Gateway=10.0.2.3 DNS=10.0.1.1 Domains=undercloud.local IPv6AcceptRA=no IPv6PrivacyExtensions=no - path: /etc/hosts mode: 0644 overwrite: true contents: inline: | 127.0.0.1 localhost ::1 localhost ip6-localhost ip6-loopback 2001:470:7116:2::91 control-plane1.undercloud.local control-plane1 2001:470:7116:2::92 control-plane2.undercloud.local control-plane2 2001:470:7116:2::93 control-plane3.undercloud.local control-plane3 2001:470:7116:2::101 worker1.undercloud.local worker1 2001:470:7116:2::102 worker2.undercloud.local worker2 2001:470:7116:2::103 worker3.undercloud.local worker3 2001:470:7116:2::104 worker4.undercloud.local worker4 fd00:0:0:2::91 control-plane1.undercloud.local control-plane1 fd00:0:0:2::92 control-plane2.undercloud.local control-plane2 fd00:0:0:2::93 control-plane3.undercloud.local control-plane3 fd00:0:0:2::101 worker1.undercloud.local worker1 fd00:0:0:2::102 worker2.undercloud.local worker2 fd00:0:0:2::103 worker3.undercloud.local worker3 fd00:0:0:2::104 worker4.undercloud.local worker4 10.0.2.91 control-plane1.undercloud.local control-plane1 10.0.2.92 control-plane2.undercloud.local control-plane2 10.0.2.93 control-plane3.undercloud.local control-plane3 10.0.2.101 worker1.undercloud.local worker1 10.0.2.102 worker2.undercloud.local worker2 10.0.2.103 worker3.undercloud.local worker3 10.0.2.104 worker4.undercloud.local worker4 - path: /etc/motd mode: 0644 overwrite: true contents: inline: | ******************************************************************* * AUTHORIZED ACCESS ONLY * * * * This system is part of a secured infrastructure. * * All activities are monitored and logged. * * Unauthorized access or misuse is strictly prohibited and * * may result in disciplinary and legal action. * ******************************************************************* -------------------------------------------------------------------------------- kubernetes worker Node dont manage -------------------------------------------------------------------------------- - path: /etc/sysctl.d/99-k8s.conf mode: 0644 contents: inline: | net.ipv4.ip_forward = 1 net.ipv6.ip_forward = 1 net.ipv6.conf.all.forwarding = 1 net.ipv4.conf.all.forwarding = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.netfilter.nf_conntrack_max = 1000000 net.ipv4.conf.all.rp_filter = 0 net.ipv6.conf.all.disable_ipv6 = 0 vm.overcommit_memory = 1 fs.inotify.max_user_watches = 524288 fs.inotify.max_user_instances = 4096 kernel.panic = 10 kernel.panic_on_oops = 1 - path: /etc/flatcar/update.conf overwrite: true mode: 0420 contents: inline: | REBOOT_STRATEGY=off - path: /opt/bin/kubeadm mode: 0755 contents: source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm" - path: /opt/bin/kubelet mode: 0755 contents: source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet" - path: /opt/bin/kubectl mode: 0755 contents: source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl" - path: /opt/bin/calicoctl mode: 0755 contents: source: "http://git.undercloud.local:3000/Undercloud/undercloud-infrastructure/raw/branch/main/k8s-binaries/calicoctl" - path: /etc/kubernetes/kubeadm-join.yaml mode: 0644 contents: inline: | apiVersion: kubeadm.k8s.io/v1beta3 kind: JoinConfiguration nodeRegistration: name: worker4 criSocket: unix:///run/containerd/containerd.sock kubeletExtraArgs: node-ip: "2001:470:7116:2::104" cluster-dns: "10.0.91.53,2001:470:7116:f:1::53" volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/" discovery: bootstrapToken: apiServerEndpoint: "[fd00:0:0:2::100]:6443" token: "kvg1hc.t3rewovrps426rof" unsafeSkipCAVerification: true --- apiVersion: kubelet.config.k8s.io/v1beta1 kind: KubeletConfiguration address: "::" healthzBindAddress: "::" clusterDomain: "k8s.undercloud.local" clusterDNS: - "2001:470:7116:f:1::53" - "10.0.91.53" cgroupDriver: "systemd" volumePluginDir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/" systemd: units: - name: modules-load.service enabled: true contents: | [Unit] Description=Load necessary kernel modules Before=containerd.service kubeadm-init.service [Service] Type=oneshot ExecStart=/usr/bin/modprobe br_netfilter ExecStart=/usr/bin/modprobe overlay RemainAfterExit=yes [Install] WantedBy=multi-user.target - name: systemd-networkd-wait-online.service enabled: true - name: containerd.service enabled: true contents: | [Unit] Description=containerd container runtime After=network.target modules-load.service [Service] ExecStart=/usr/bin/containerd Restart=always RestartSec=5 Delegate=yes KillMode=process OOMScoreAdjust=-999 [Install] WantedBy=multi-user. - name: set-timezone.service enabled: true contents: | [Unit] Description=Set Timezone After=network-online.target Wants=network-online.target [Service] StandardOutput=journal+console StandardError=journal+console Type=oneshot Restart=on-failure ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin ExecStart=/usr/bin/timedatectl set-ntp true [Install] WantedBy=kubeadm.service - name: kubelet.service enabled: true contents: | [Unit] Description=kubelet, the Kubernetes Node Agent Documentation=https://kubernets.io/docs/home Wants=network-online.target After=network-online.target [Service] #StandardOutput=journal+console #StandardError=journal+console #EnvironmentFile=/run/metadata/coreos Environment="KUBELET_KUBECONFIG_ARGS=--bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf" Environment="KUBELET_CONFIG_ARGS=--config=/var/lib/kubelet/config.yaml" # This is a file that "kubeadm init" and "kubeadm join" generates at runtime, populating the KUBELET_KUBEADM_ARGS variable dynamically EnvironmentFile=-/var/lib/kubelet/kubeadm-flags.env ExecStart=/opt/bin/kubelet $KUBELET_KUBECONFIG_ARGS $KUBELET_CONFIG_ARGS $KUBELET_KUBEADM_ARGS $KUBELET_EXTRA_ARGS Restart=always StartLimitInterval=0 RestartSec=10 [Install] WantedBy=multi-user.target - name: kubeadm-join.service enabled: true contents: | [Unit] Description=Join node to Kubernetes cluster After=network-online.target containerd.service kubelet.service Wants=network-online.target [Service] Type=oneshot # Environment Environment=KUBECONFIG=/etc/kubernetes/admin.conf Environment=DATASTORE_TYPE=kubernetes Environment=PATH=/usr/bin/:/usr/sbin:/opt/bin:/opt/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent-uds/ ExecStartPre=/bin/sleep 30s ExecStart=/opt/bin/kubeadm join --config=/etc/kubernetes/kubeadm-join.yaml #ExecStartPost=/usr/bin/systemctl disable kubeadm-init.service Restart=on-failure RestartSec=120s [Install] WantedBy=multi-user.target