147 lines
5.5 KiB
YAML
147 lines
5.5 KiB
YAML
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
labels:
|
|
airshipit.org/ephemeral-user-data: "true"
|
|
airshipit.org/deploy-k8s: "false"
|
|
name: ephemeral-bmc-secret # replacement rules key off this name
|
|
type: Opaque
|
|
data:
|
|
userData: null
|
|
stringData:
|
|
# These substrings must be overriden via the `replacements` entrypoint and networking catalogue:
|
|
# REPLACEMENT_CP_IP, REPLACEMENT_CP_PORT, REPLACEMENT_CERT_SANS, REPLACEMENT_POD_CIDR
|
|
# TODO: add download sources to the versions catalogue
|
|
userData: |
|
|
#cloud-config
|
|
# Expect that packages are already installed in base image
|
|
package_update: false
|
|
ssh_pwauth: True
|
|
chpasswd:
|
|
list: |
|
|
root:REPLACEMENT_ISO_PASSWORD_ROOT
|
|
deployer:REPLACEMENT_ISO_PASSWORD_DEPLOYER
|
|
expire: False
|
|
users:
|
|
- default
|
|
- name: deployer
|
|
gecos: deployer
|
|
ssh_pwauth: True
|
|
runcmd:
|
|
- mkdir -p /etc/containerd
|
|
- containerd config default | sed -r -e '/\[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc\]$/a\ SystemdCgroup = true' | tee /etc/containerd/config.toml
|
|
- systemctl daemon-reload
|
|
- systemctl restart containerd
|
|
- systemctl restart docker
|
|
- /bin/bash -c 'kernel_libsubdir="$(ls /lib/modules | head -1)"; config_dir="/lib/modules/${kernel_libsubdir}/build"; mkdir -p "${config_dir}"; if [ -f /run/live/medium/config ] && [ ! -f "${config_dir}/.config" ]; then ln -s /run/live/medium/config "${config_dir}/.config"; fi;'
|
|
- kubeadm init --config /tmp/kubeadm.yaml
|
|
- mkdir -p /opt/metal3-dev-env/ironic/html/images
|
|
write_files:
|
|
- path: /etc/systemd/system/containerd.service.d/http-proxy.conf
|
|
permissions: '0644'
|
|
owner: root:root
|
|
content: |
|
|
[Service]
|
|
Environment="HTTP_PROXY=REPLACEMENT_HTTP_PROXY"
|
|
Environment="HTTPS_PROXY=REPLACEMENT_HTTPS_PROXY"
|
|
Environment="NO_PROXY=REPLACEMENT_NO_PROXY"
|
|
- content: |
|
|
apiVersion: v1
|
|
clusters:
|
|
- cluster:
|
|
certificate-authority-data: REPLACEMENT_CP_KUBECONFIG_CA_CERT
|
|
server: https://REPLACEMENT_CP_IP:REPLACEMENT_CP_PORT
|
|
name: kubernetes
|
|
contexts:
|
|
- context:
|
|
cluster: kubernetes
|
|
user: kubernetes-admin
|
|
name: kubernetes-admin@kubernetes
|
|
current-context: kubernetes-admin@kubernetes
|
|
kind: Config
|
|
preferences: {}
|
|
users:
|
|
- name: kubernetes-admin
|
|
user:
|
|
client-certificate-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_CERT
|
|
client-key-data: REPLACEMENT_CP_KUBECONFIG_ADMIN_KEY
|
|
owner: root:root
|
|
path: /etc/kubernetes/admin.conf
|
|
permissions: "0640"
|
|
- content: |
|
|
REPLACEMENT_CP_CA_CERT
|
|
encoding: base64
|
|
owner: root:root
|
|
path: /etc/kubernetes/pki/ca.crt
|
|
permissions: "0640"
|
|
- content: |
|
|
REPLACEMENT_CP_CA_KEY
|
|
encoding: base64
|
|
owner: root:root
|
|
path: /etc/kubernetes/pki/ca.key
|
|
permissions: "0600"
|
|
- content: |
|
|
---
|
|
apiServer:
|
|
certSANs: REPLACEMENT_CERT_SANS
|
|
imageRepository: REPLACEMENT_IMAGE_REPOSITORY
|
|
apiVersion: kubeadm.k8s.io/v1beta2
|
|
controllerManager: {}
|
|
dns:
|
|
type: ""
|
|
etcd: {}
|
|
kind: ClusterConfiguration
|
|
networking:
|
|
podSubnet: REPLACEMENT_POD_CIDR
|
|
scheduler: {}
|
|
---
|
|
apiVersion: kubeadm.k8s.io/v1beta2
|
|
kind: InitConfiguration
|
|
localAPIEndpoint:
|
|
advertiseAddress: REPLACEMENT_CP_IP
|
|
bindPort: REPLACEMENT_CP_PORT
|
|
nodeRegistration:
|
|
ignorePreflightErrors:
|
|
- NumCPU
|
|
- SystemVerification
|
|
taints: []
|
|
kubeletExtraArgs:
|
|
cgroup-driver: "systemd"
|
|
container-runtime: remote
|
|
criSocket: "unix:///run/containerd/containerd.sock"
|
|
owner: root:root
|
|
path: /tmp/kubeadm.yaml
|
|
permissions: "0640"
|
|
bootcmd:
|
|
- NEED_MB=16384 # MB of storage needed for ironic images & bindmounts
|
|
- FREE_MB=$(df -m --output=avail /var/lib | tail -n 1)
|
|
- mkdir /mnt/ephemeral
|
|
# if there's enough memory-backed storage, mount an available disk
|
|
- if [ ${FREE_MB} -ge ${NEED_MB} ]; then
|
|
- mkdir -p /var/lib/images
|
|
- truncate -s ${NEED_MB}M /var/lib/images/ephemeral.img
|
|
- mkfs.ext4 /var/lib/images/ephemeral.img
|
|
- mount /var/lib/images/ephemeral.img /mnt/ephemeral
|
|
# Use vda if provided by a hypervisor
|
|
- elif [ -e /dev/vda ]; then
|
|
- mkfs.ext4 /dev/vda
|
|
- mount /dev/vda /mnt/ephemeral
|
|
# Fall back to sda
|
|
- elif [ -e /dev/sda ]; then
|
|
- mkfs.ext4 -F /dev/sda
|
|
- mount /dev/sda /mnt/ephemeral
|
|
- else
|
|
- echo "Not enough RAM to host images, and no available disks found"
|
|
- exit 1
|
|
- fi
|
|
- mkdir -p /opt/metal3-dev-env/ironic/html/images
|
|
- mkdir -p /mnt/ephemeral/opt/metal3-dev-env/ironic/html/images
|
|
- mount --bind /mnt/ephemeral/opt/metal3-dev-env/ironic/html/images /opt/metal3-dev-env/ironic/html/images
|
|
- mkdir -p /var/lib/containerd /mnt/ephemeral/var/lib/containerd
|
|
- mount --bind /mnt/ephemeral/var/lib/containerd /var/lib/containerd
|
|
- mkdir -p /var/lib/docker /mnt/ephemeral/var/lib/docker
|
|
- mount --bind /mnt/ephemeral/var/lib/docker /var/lib/docker
|
|
- mkdir -p /var/lib/docker-engine /mnt/ephemeral/var/lib/docker-engine
|
|
- mount --bind /mnt/ephemeral/var/lib/docker-engine /var/lib/docker-engine
|
|
- mkdir -p /mnt/ephemeral/var/lib/kubelet/ /var/lib/kubelet/
|
|
- mount --bind /mnt/ephemeral/var/lib/kubelet/ /var/lib/kubelet/ |