Last active
July 10, 2024 12:45
-
-
Save dgiebert/f8763bdeb813d8f898ea08fd48a89166 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#cloud-config | |
# Tested with SL Micro 6.0 and OpenSUSE Leap Micro 6.0 | |
### System | |
locale: en_US.UTF-8 | |
timezone: Europe/Berlin | |
### Users | |
user: suse | |
ssh_authorized_keys: | |
- ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOY5nEt0qssNTouZzN4LPg8M3OyDAwGDDvreTUMA6hQ5 | |
users: | |
- default | |
- name: "etcd" | |
gecos: "etcd user" | |
system: true | |
no_create_home: true | |
shell: /sbin/nologin | |
### Install | |
package_update: true | |
package_upgrade: true | |
# bootcmd: | |
# - '[ -f /usr/bin/SUSEConnect ] && SUSEConnect -r <ActivationCode> -e <MAIL>' | |
packages: | |
- open-iscsi | |
- nfs-client | |
### Files | |
write_files: | |
- path: /root/.bashrc | |
content: | | |
PATH=/var/lib/rancher/rke2/bin:$PATH | |
[ -f /etc/rancher/rke2/rke2.yaml ] && export KUBECONFIG=/etc/rancher/rke2/rke2.yaml && export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml | |
[ -f /etc/rancher/k3s/k3s.yaml ] && export KUBECONFIG=/etc/rancher/k3s/k3s.yaml | |
alias k=kubectl | |
complete -o default -F __start_kubectl k | |
source <(kubectl completion bash) | |
- path: /etc/sysctl.d/90-kubelet.conf | |
content: | | |
vm.panic_on_oom=0 | |
vm.overcommit_memory=1 | |
kernel.panic=10 | |
kernel.panic_on_oops=1 | |
kernel.keys.root_maxbytes=25000000 | |
- path: /etc/sysctl.d/90-networking.conf | |
content: | | |
net.ipv4.conf.all.forwarding = 1 | |
net.ipv6.conf.all.disable_ipv6 = 1 | |
net.ipv6.conf.default.disable_ipv6 = 1 | |
net.ipv6.conf.lo.disable_ipv6 = 1 | |
- path: /etc/rancher/k3s/kubelet.config | |
content: | | |
apiVersion: kubelet.config.k8s.io/v1beta1 | |
kind: KubeletConfiguration | |
evictionSoft: | |
memory.available: "2000Mi" | |
nodefs.available: "20%" | |
imagefs.available: "25%" | |
evictionSoftGracePeriod: | |
memory.available: "5m" | |
nodefs.available: "5m" | |
imagefs.available: "5m" | |
evictionMinimumReclaim: | |
memory.available: "200Mi" | |
nodefs.available: "1Gi" | |
imagefs.available: "1Gi" | |
evictionMaxPodGracePeriod: 60 | |
streamingConnectionIdleTimeout: 5m | |
makeIPTablesUtilChains: true | |
- path: /var/lib/rancher/k3s/server/audit.yaml | |
content: | | |
apiVersion: audit.k8s.io/v1 | |
kind: Policy | |
rules: | |
- level: Metadata | |
- path: /etc/rancher/k3s/config.yaml | |
content: | | |
protect-kernel-defaults: true | |
secrets-encryption: true | |
kube-apiserver-arg: | |
- 'audit-log-path=/var/lib/rancher/k3s/server/logs/audit.log' | |
- 'audit-policy-file=/var/lib/rancher/k3s/server/audit.yaml' | |
- 'audit-log-maxage=30' | |
- 'audit-log-maxbackup=10' | |
- 'audit-log-maxsize=100' | |
- 'request-timeout=300s' | |
- 'service-account-lookup=true' | |
kube-controller-manager-arg: | |
- 'terminated-pod-gc-threshold=10' | |
- 'use-service-account-credentials=true' | |
kubelet-arg: "config=/etc/rancher/k3s/kubelet.config" | |
- path: /etc/systemd/system/shutdown-k3s.service | |
content: | | |
[Unit] | |
Description=Kill containerd-shims on shutdown | |
DefaultDependencies=false | |
Before=shutdown.target umount.target | |
[Service] | |
ExecStart=/usr/local/bin/k3s-killall.sh | |
Type=oneshot | |
[Install] | |
WantedBy=shutdown.target | |
# - path: /etc/sysconfig/proxy | |
# content: | | |
# PROXY_ENABLED="yes" | |
# HTTP_PROXY="" | |
# HTTPS_PROXY="" | |
# FTP_PROXY="" | |
# NO_PROXY="127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" | |
# ca-certs: | |
# trusted: | |
# - | | |
# -----BEGIN CERTIFICATE----- | |
# YOUR-ORGS-TRUSTED-CA-CERT-HERE | |
# -----END CERTIFICATE----- | |
runcmd: | |
- sysctl -p /etc/sysctl.d/*.conf | |
- systemctl enable qemu-guest-agent.service | |
- systemctl enable shutdown-k3s.service | |
- mkdir -p -m 700 /var/lib/rancher/k3s/server/logs | |
power_state: | |
mode: reboot | |
timeout: 30 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment