undercloud-infrastructure/terraform/control-plane1.bu

variant: flatcar
version: 1.1.0

passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHHEAlPo3v4U67Y3411pTjIMkQxwlFWdXrBJkSzXenDH flatcar@undercloud"

storage:
  files:
    # --- Hostname
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: "control-plane1"
    # --- hosts
    - path: /etc/hosts
      overwrite: true
      mode: 0644
      contents:
        inline: |
          127.0.0.1		localhost
          ::1           	localhost
          10.0.2.91     	control-plane1.undercloud.local control-plane1
          fd00:0:0:2::91	control-plane1.undercloud.local control-plane1
          10.0.2.92		control-plane2.undercloud.local control-plane2
          fd00:0:0:2::92	control-plane2.undercloud.local control-plane2
          10.0.2.93		control-plane3.undercloud.local control-plane3
          fd00:0:0:2::93        control-plane3.undercloud.local control-plane3
          10.0.2.101		worker1.undercloud.local worker1
          fd00:0:0:2::101	worker1.undercloud.local worker1
          10.0.2.102		worker2.undercloud.local worker2
          fd00:0:0:2::102	worker2.undercloud.local worker2
          10.0.2.103		worker3.undercloud.local worker3
          fd00:0:0:2::103	worker3.undercloud.local worker3
    # --- Kubernetes sysctl tweaks ---
    - path: /etc/sysctl.d/99-kubernetes-cri.conf
      mode: 0644
      contents:
        inline: |
          net.bridge.bridge-nf-call-iptables  = 1
          net.bridge.bridge-nf-call-ip6tables = 1
          net.ipv4.ip_forward                 = 1

    # --- Netzwerkkonfiguration eth0 ---
    - path: /etc/systemd/network/10-eth0.network
      mode: 0644
      contents:
        inline: |
          [Match]
          Name=eth0

          [Network]
          Address=10.0.2.91/24
          Gateway=10.0.2.3
          Address=fd00:0:0:2::91/64
          Gateway=fd00:0:0:2::3
          DNS=10.0.3.1
          DNS=fd00:0:0:3::1
          Domains=undercloud.local.

    # --- Message of the day ---
    - path: /etc/motd
      overwrite: true
      mode: 0644
      contents:
        inline: |
           =========== Welcome to control-plane1 ============
           --------------------------------------------------
           this is a System of Undercloud!
           --------------------------------------------------

           --------------------------------------------------
           kubernetes control-plane node
           
           manage via:
           kubectl (kubectl)
           calico (calicoctl)
           argocd (https...)
           --------------------------------------------------

    # --- Kubernetes Binaries (aus deinem Gitea) ---
    - path: /opt/bin/kubelet
      mode: 0755
      contents:
        source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubelet

    - path: /opt/bin/kubeadm
      mode: 0755
      contents:
        source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubeadm

    - path: /opt/bin/kubectl
      mode: 0755
      contents:
        source: http://build-node.undercloud.local:3000/admin/undercloud-infrastructure/raw/branch/main/k8s-binaries/kubectl

    # --- Containerd Config (Minimal) ---
    - path: /etc/containerd/config.toml
      mode: 0644
      contents:
        inline: |
          version = 2
          [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
            runtime_type = "io.containerd.runc.v2"
          [plugins."io.containerd.grpc.v1.cri".cni]
            bin_dir = "/opt/cni/bin"
            conf_dir = "/etc/cni/net.d"

systemd:
  units:
    # --- timezone
    - name: set-timezone.service
      enabled: true
      contents: |
        [Unit]
        Description=Set Timezone
        After=network-online.target
        Wants=network-online.target

        [Service]
        StandardOutput=journal+console
        StandardError=journal+console
        Type=oneshot
        Restart=on-failure
        ExecStart=/usr/bin/timedatectl set-timezone Europe/Berlin
        ExecStart=/usr/bin/timedatectl set-ntp true

        [Install]
        WantedBy=multi-user.target
    # --- containerd service aktivieren ---
    - name: containerd.service
      enabled: true
      contents: |
        [Unit]
        Description=containerd container runtime
        Documentation=https://containerd.io
        After=network.target

        [Service]
        ExecStartPre=/sbin/modprobe overlay
        ExecStartPre=/sbin/modprobe br_netfilter
        ExecStart=/usr/bin/containerd
        Restart=always
        RestartSec=5
        Delegate=yes
        KillMode=process
        OOMScoreAdjust=-999

        [Install]
        WantedBy=multi-user.target

    # --- sysctl Settings aktivieren ---
    - name: systemd-sysctl.service
      enabled: true

    # --- networkd & resolved aktivieren ---
    - name: systemd-networkd.service
      enabled: true
    - name: systemd-resolved.service
      enabled: true

    # kubelet wird erst nach kubeadm init gestartet
    - name: kubelet.service
      enabled: false