dgiebert/cilium-cloud-init.yaml

## cilium-cloud-init.yaml
#cloud-config
# Cloud-Init for the Rancher+Harvester deploying Cilium (no kube-proxy, egress gateway, wireguard encryption)
# Tested on CentOS Stream 9 and openSUSE Leap 15.4
user: rancher
package_update: true
package_upgrade: true
packages:
  - qemu-guest-agent
  - wireguard-tools
write_files:
  - path: /var/lib/rancher/rke2/server/manifests/rke2-cilium-cfg.yaml
    content: |
      apiVersion: helm.cattle.io/v1
      kind: HelmChartConfig
      metadata:
        name: rke2-cilium
        namespace: kube-system
      spec:
        valuesContent: |-
          kubeProxyReplacement: strict
          k8sServiceHost: 127.0.0.1
          k8sServicePort: 6443
          egressGateway:
            enabled: true
          bpf:
            masquerade: true
          l7Proxy: false
          hubble:
            enabled: true
            relay:
              enabled: true
            ui:
              enabled: true
          encryption:
            enabled: true
            type: wireguard
  - path: /etc/rancher/rke2/config.yaml
    content: |
      disable-kube-proxy: "true"
      protect-kernel-defaults: "true"
  - path: /root/.bashrc
    content: |
      PATH=/var/lib/rancher/rke2/bin:$PATH
      export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
  - path: /etc/sysctl.d/90-kubelet.conf
    content: |
      vm.panic_on_oom=0
      vm.overcommit_memory=1
      kernel.panic=10
      kernel.panic_on_oops=1
      kernel.keys.root_maxbytes=25000000
  - path: /etc/sysctl.d/90-rke2.conf
    content: |
      net.ipv4.conf.all.forwarding=1
      net.ipv6.conf.all.forwarding=1
runcmd:
  - systemctl enable --now qemu-guest-agent
  - sysctl -p /etc/sysctl.d/90-kubelet.conf /etc/sysctl.d/90-rke2.conf
  - curl -o /var/lib/rancher/rke2/server/manifests/longhorn-iscsi-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-iscsi-installation.yaml
  - curl -o /var/lib/rancher/rke2/server/manifests/longhorn-nfs-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-nfs-installation.yaml
	#cloud-config
	# Cloud-Init for the Rancher+Harvester deploying Cilium (no kube-proxy, egress gateway, wireguard encryption)
	# Tested on CentOS Stream 9 and openSUSE Leap 15.4
	user: rancher
	package_update: true
	package_upgrade: true
	packages:
	- qemu-guest-agent
	- wireguard-tools
	write_files:
	- path: /var/lib/rancher/rke2/server/manifests/rke2-cilium-cfg.yaml
	content: \|
	apiVersion: helm.cattle.io/v1
	kind: HelmChartConfig
	metadata:
	name: rke2-cilium
	namespace: kube-system
	spec:
	valuesContent: \|-
	kubeProxyReplacement: strict
	k8sServiceHost: 127.0.0.1
	k8sServicePort: 6443
	egressGateway:
	enabled: true
	bpf:
	masquerade: true
	l7Proxy: false
	hubble:
	enabled: true
	relay:
	enabled: true
	ui:
	enabled: true
	encryption:
	enabled: true
	type: wireguard
	- path: /etc/rancher/rke2/config.yaml
	content: \|
	disable-kube-proxy: "true"
	protect-kernel-defaults: "true"
	- path: /root/.bashrc
	content: \|
	PATH=/var/lib/rancher/rke2/bin:$PATH
	export KUBECONFIG=/etc/rancher/rke2/rke2.yaml
	- path: /etc/sysctl.d/90-kubelet.conf
	content: \|
	vm.panic_on_oom=0
	vm.overcommit_memory=1
	kernel.panic=10
	kernel.panic_on_oops=1
	kernel.keys.root_maxbytes=25000000
	- path: /etc/sysctl.d/90-rke2.conf
	content: \|
	net.ipv4.conf.all.forwarding=1
	net.ipv6.conf.all.forwarding=1
	runcmd:
	- systemctl enable --now qemu-guest-agent
	- sysctl -p /etc/sysctl.d/90-kubelet.conf /etc/sysctl.d/90-rke2.conf
	- curl -o /var/lib/rancher/rke2/server/manifests/longhorn-iscsi-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-iscsi-installation.yaml
	- curl -o /var/lib/rancher/rke2/server/manifests/longhorn-nfs-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-nfs-installation.yaml