aarnaud/LXD profile for kubernetes

## LXD profile for kubernetes
## k3s master
# curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="server --no-deploy traefik,metrics-server" sh -s -
## k3s node
# curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC="agent --server https://k3s-master.lxd:6443 --token ${K3S_TOKEN}" sh -s -
name: k8s
description: k8s unconfined
config:
  limits.memory.swap: "false"
  linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,nf_conntrack,ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
  raw.lxc: |
    lxc.cap.drop=
    lxc.cgroup.devices.allow=a
    lxc.apparmor.profile=unconfined
    # sys:rw for calico-node
    lxc.mount.auto=proc:rw sys:rw cgroup:rw
  security.nesting: "true"
  security.privileged: "true"
devices:
  /dev/kmsg:
    path: /dev/kmsg
    source: /dev/null
    type: unix-char
  /dev/sda:
    mode: "0440"
    path: /dev/sda
    type: unix-block
  /proc/swaps:
    path: /proc/swaps
    source: /dev/null
    type: unix-char
	## k3s master
	# curl -sfL https://get.k3s.io \| INSTALL_K3S_EXEC="server --no-deploy traefik,metrics-server" sh -s -
	## k3s node
	# curl -sfL https://get.k3s.io \| INSTALL_K3S_EXEC="agent --server https://k3s-master.lxd:6443 --token ${K3S_TOKEN}" sh -s -
	name: k8s
	description: k8s unconfined
	config:
	limits.memory.swap: "false"
	linux.kernel_modules: ip_vs,ip_vs_rr,ip_vs_wrr,ip_vs_sh,nf_conntrack,ip_tables,ip6_tables,netlink_diag,nf_nat,overlay
	raw.lxc: \|
	lxc.cap.drop=
	lxc.cgroup.devices.allow=a
	lxc.apparmor.profile=unconfined
	# sys:rw for calico-node
	lxc.mount.auto=proc:rw sys:rw cgroup:rw
	security.nesting: "true"
	security.privileged: "true"
	devices:
	/dev/kmsg:
	path: /dev/kmsg
	source: /dev/null
	type: unix-char
	/dev/sda:
	mode: "0440"
	path: /dev/sda
	type: unix-block
	/proc/swaps:
	path: /proc/swaps
	source: /dev/null
	type: unix-char