treasuremap/global/profiles/kubernetes-host.yaml

145 lines
4.6 KiB
YAML

---
schema: promenade/HostSystem/v1
metadata:
schema: metadata/Document/v1
name: host-system
layeringDefinition:
abstract: false
layer: global
storagePolicy: cleartext
substitutions:
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .files.kubelet
dest:
path: .files[0].tar_url
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.coredns.coredns
dest:
path: .images.coredns
# Initial CoreDNS image (used during node Genesis and node join)
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.haproxy.haproxy
dest:
path: .images.haproxy
# Operational tools
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.ucp.armada.helm
dest:
path: .images.helm.helm
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .images.kubernetes.kubectl
dest:
path: .images.kubernetes.kubectl
# System packages
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.docker
dest:
path: .packages.required.docker
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.named.socat
dest:
path: .packages.required.socat
- src:
schema: pegleg/SoftwareVersions/v1
name: software-versions
path: .packages.unnamed
dest:
path: .packages.additional
# Docker authorization
- src:
schema: deckhand/Passphrase/v1
path: .
name: private_docker_key
dest:
path: .files[2].content
pattern: DH_SUB_PRIVATE_DOCKER_KEY
data:
files:
- path: /opt/kubernetes/bin/kubelet
tar_path: kubernetes/node/bin/kubelet
mode: 0555
- path: /etc/logrotate.d/json-logrotate
mode: 0444
content: |-
/var/lib/docker/containers/*/*-json.log
{
compress
copytruncate
create 0644 root root
weekly
dateext
dateformat -%Y%m%d-%s
maxsize 100M
missingok
notifempty
su root root
rotate 1
}
- path: /var/lib/kubelet/.dockercfg
mode: 0400
# NOTE: Sample key, this repo does not exist
content: |-
{
"https://private.registry.com": {
"auth": "DH_SUB_PRIVATE_DOCKER_KEY"
}
}
packages:
repositories:
- deb http://apt.dockerproject.org/repo ubuntu-xenial main
keys:
- |-
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
Y2tlci5jb20+iQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIe
AQIXgAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+n
Ak40RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I
1WDalRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4Sl
uyMKH5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv
0C0V9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8
L5MxVPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzD
YBHhS8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR
7d+bNCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxc
jk6Y1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXP
HXITX660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVEL
MXg2UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQ
TvBR8Q==
=Fm3p
-----END PGP PUBLIC KEY BLOCK-----
...