Last active
October 14, 2022 14:11
-
-
Save dgiebert/95494ee8adbc28b1b3a2917c3633a3ee to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# Cloud-Init for the Rancher+Harvester deploying Cilium (no kube-proxy, egress gateway, wireguard encryption) | |
# Tested on CentOS Stream 9 and openSUSE Leap 15.4 | |
user: rancher | |
package_update: true | |
package_upgrade: true | |
packages: | |
- qemu-guest-agent | |
- wireguard-tools | |
write_files: | |
- path: /var/lib/rancher/rke2/server/manifests/rke2-cilium-cfg.yaml | |
content: | | |
apiVersion: helm.cattle.io/v1 | |
kind: HelmChartConfig | |
metadata: | |
name: rke2-cilium | |
namespace: kube-system | |
spec: | |
valuesContent: |- | |
kubeProxyReplacement: strict | |
k8sServiceHost: 127.0.0.1 | |
k8sServicePort: 6443 | |
egressGateway: | |
enabled: true | |
bpf: | |
masquerade: true | |
l7Proxy: false | |
hubble: | |
enabled: true | |
relay: | |
enabled: true | |
ui: | |
enabled: true | |
encryption: | |
enabled: true | |
type: wireguard | |
- path: /etc/rancher/rke2/config.yaml | |
content: | | |
disable-kube-proxy: "true" | |
protect-kernel-defaults: "true" | |
- path: /root/.bashrc | |
content: | | |
PATH=/var/lib/rancher/rke2/bin:$PATH | |
export KUBECONFIG=/etc/rancher/rke2/rke2.yaml | |
- path: /etc/sysctl.d/90-kubelet.conf | |
content: | | |
vm.panic_on_oom=0 | |
vm.overcommit_memory=1 | |
kernel.panic=10 | |
kernel.panic_on_oops=1 | |
kernel.keys.root_maxbytes=25000000 | |
- path: /etc/sysctl.d/90-rke2.conf | |
content: | | |
net.ipv4.conf.all.forwarding=1 | |
net.ipv6.conf.all.forwarding=1 | |
runcmd: | |
- systemctl enable --now qemu-guest-agent | |
- sysctl -p /etc/sysctl.d/90-kubelet.conf /etc/sysctl.d/90-rke2.conf | |
- curl -o /var/lib/rancher/rke2/server/manifests/longhorn-iscsi-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-iscsi-installation.yaml | |
- curl -o /var/lib/rancher/rke2/server/manifests/longhorn-nfs-installation.yaml https://raw.githubusercontent.com/longhorn/longhorn/master/deploy/prerequisite/longhorn-nfs-installation.yaml |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment