Skip to content

Instantly share code, notes, and snippets.

@irishgordo

irishgordo/rke2-airgap-opensuse-leap-single-node-user-data.yaml

Last active February 14, 2023 23:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save irishgordo/9dafa73442581713f8b32c513ebe4fb6 to your computer and use it in GitHub Desktop.
Save irishgordo/9dafa73442581713f8b32c513ebe4fb6 to your computer and use it in GitHub Desktop.
Download ZIP
"Currently Not Working" - Attempt at providing a `user-data` cloud-init/cloud-config templating for automating the provisioning of the RKE2 in an airgapped environment so to avoid manual steps in "Test Steps" at step 3 here: https://harvester.github.io/tests/manual/harvester-rancher/68-fully-airgapped-rancher-integrate-harvester-no-proxy/
Raw
rke2-airgap-opensuse-leap-single-node-user-data.yaml
#cloud-config
write_files:
- path: /tmp/run-script.sh
content: |
#!/usr/bin/bash
# set up chunks of data to write out
REGISTRIES=$(cat <<-END
mirrors:
docker.io:
endpoint:
- "https://myregistry.local:5000"
configs:
"myregistry.local:5000":
tls:
insecure_skip_verify: true
END
)
RKE2CONFIGMAPPATCH=$(cat <<-END
data:
Corefile: ".:53 {\n errors \n health {\n lameduck 5s\n }\n ready
\n kubernetes cluster.local cluster.local in-addr.arpa ip6.arpa {\n pods
insecure\n fallthrough in-addr.arpa ip6.arpa\n ttl 30\n }\n prometheus
\ 0.0.0.0:9153\n hosts /etc/coredns/customdomains.db rancher-vagrant-vm.local {\n
\ fallthrough\n }\n forward . /etc/resolv.conf\n cache 30\n loop
\n reload \n loadbalance \n}"
customdomains.db: |
192.168.0.34 rancher-vagrant-vm.local
END
)
RKE2DEPLOYMENTPATCH=$(cat <<-END
spec:
template:
spec:
volumes:
- configMap:
defaultMode: 420
items:
- key: Corefile
path: Corefile
- key: customdomains.db
path: customdomains.db
name: rke2-coredns-rke2-coredns
name: config-volume
END
)
AGENTREGISTRIESFILEPATCH=$(cat <<-END
agentRegistriesFile: /etc/rancher/agent/tmp_registries.yaml
END
)
# main script
main () {
echo "beginning script work..."
echo "setting up /etc/rancher/agent/tmp_registries.yaml..."
echo "$REGISTRIES" > /etc/rancher/agent/tmp_registries.yaml
echo "the result of /etc/rancher/agent/tmp_registries.yaml..."
cat /etc/rancher/agent/tmp_registries.yaml
echo "copying over additional agentRegistriesFile Info to rancher agent config yaml..."
echo "$AGENTREGISTRIESFILEPATCH" >> /etc/rancher/agent/config.yaml
echo "the result of etc/rancher/agent/config.yaml.."
cat /etc/rancher/agent/config.yaml
echo "restart rancher-system-agent.service..."
systemctl restart rancher-system-agent.service
echo "make registries yaml... in etc/rancher/rke2/registries.yaml"
mkdir -p /etc/rancher/rke2
echo "$REGISTRIES" > /etc/rancher/rke2/registries.yaml
echo "result of the registries yaml built for rke2..."
cat /etc/rancher/rke2/registries.yaml
echo "now hunting for binaries to be present..."
# give it 5-ish min... or break sooner
FOUND_KUBECTL=false
for i in {1..365}; do
echo "on $i iteration looking for binaries..."
if [[ $(find /var/lib/rancher | grep -ie "kubectl" | head -n 1 | wc -c) -ne 0 ]]; then
echo "there is kubectl"
FOUND_KUBECTL=true
break
else
echo "no kubectl found"
fi
echo "sleeping...";
sleep 1;
done
if [ "$FOUND_KUBECTL" = true ] ; then
echo "found kubectl...writing patch files for configmap and deployment..."
echo "$RKE2CONFIGMAPPATCH" > /tmp/patch-rke2-coredns-configmap.yaml
echo "built rke2 coredns configmap patch here: "
cat /tmp/patch-rke2-coredns-configmap.yaml
echo "$RKE2DEPLOYMENTPATCH" > /tmp/patch-rke2-coredns-deploy.yaml
echo "built rke2 coredns deployment patch here: "
cat /tmp/patch-rke2-coredns-deploy.yaml
$(find /var/lib/rancher | grep -ie "kubectl" | head -n 1) --kubeconfig /etc/rancher/rke2/rke2.yaml patch configmap/rke2-coredns-rke2-coredns -n kube-system --patch-file /tmp/patch-rke2-coredns-configmap.yaml
$(find /var/lib/rancher | grep -ie "kubectl" | head -n 1) --kubeconfig /etc/rancher/rke2/rke2.yaml patch deployment/rke2-coredns-rke2-coredns -n kube-system --patch-file /tmp/patch-rke2-coredns-deploy.yaml
else
echo "didn't find kubectl after 5 ish minutes of hunting..."
return exit 1;
fi
}
# Run Main
main
owner: opensuse:opensuse
runcmd:
- - systemctl
- enable
- --now
- qemu-guest-agent
- chmod +x /tmp/run-script.sh
- ./tmp/run-script.sh
bootcmd:
- echo 192.168.0.34 rancher-vagrant-vm.local myregistry.local >> /etc/hosts
ssh_authorized_keys:
- YOUR_SSH_KEY
final_message: "RKE2 should hopefully be up after $UPTIME seconds"
@irishgordo
Copy link
Author

irishgordo commented Feb 14, 2023
edited

Investigate:

#cloud-config
      package_update: true
      packages:
        - tree
        - jq
        - curl
        - iptables
      users:
        - name: ${local.user}
          groups: 'sudo,admin'
          ssh-authorized-keys:
            - ${file(pathexpand(local.ssh_access_public_key_path))}
          lock_passwd: false
          passwd: asdf
      ssh_authorized_keys:
        - ${file(pathexpand(local.ssh_access_public_key_path))}
      write_files:
        - content: |
            #!/bin/bash
            curl -fsSL https://tailscale.com/install.sh -o tailscale_install.sh
            chmod +x tailscale_install.sh
            sh ./tailscale_install.sh
            tailscale up --auth-key ${trimspace(tailscale_tailnet_key.deploy.key)}
          path: "/var/lib/cloud/scripts/per-boot/tailscale_install.sh"
          permissions: "0755"
        - content: |
            mirrors:
              docker.io:
                endpoint:
                  - "https://abc.com/"
                rewrite:
                  "^rancher/(.*)": "docker.io/rancher/$1"
          path: "/etc/rancher/rke2/registries.yaml"
          permissions: "0755"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment