jmreicha/gist:7923c295ab6110151127 Secret

## gistfile1.txt
**etcd-1.yml**

#cloud-config

hostname: etcd-1

write_files:

  - path: /opt/bin/waiter.sh
    owner: root
    content: |
      #! /usr/bin/bash
      until curl http://127.0.0.1:4001/v2/machines; do sleep 2; done

coreos:

  fleet:
    etcd_servers: http://127.0.0.1:4001
    metadata: "role=etcd-master,az=east-1e"

  etcd:
    name: etcd-1
    addr: 192.168.1.10:4001
    bind-addr: 0.0.0.0
    peer-addr: 192.168.1.10:7001
    #peers: 192.168.2.10:7001,192.168.3.10:7001
    #election_timeout: 3000
    #heartbeat_timeout: 3000
    cluster-active-size: 3
    snapshot: true

  units:
    - name: etcd.service
      command: start

    - name: fleet.service
      command: start

    # etcd waiter - make sure that etcd is up
    - name: etcd-waiter.service
      command: start
      content: |
        [Unit]
        Description=etcd waiter
        Wants=network-online.target
        Wants=etcd.service
        After=etcd.service
        After=network-online.target
        Before=flannel.service
        Before=setup-network-environment.service

        [Service]
        ExecStartPre=/usr/bin/chmod +x /opt/bin/waiter.sh
        ExecStart=/usr/bin/bash /opt/bin/waiter.sh
        RemainAfterExit=true
        Type=oneshot

    # flannel - network overlay for docker
    - name: flannel.service
      command: start
      content: |
        [Unit]
        Requires=etcd.service
        After=etcd.service
        After=network-online.target
        Wants=network-online.target
        Description=flannel is an etcd backed overlay network for containers

        [Service]
        Type=notify
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
        ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
        ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network":"10.244.0.0/16", "Backend": {"Type": "vxlan"}}'
        ExecStart=/opt/bin/flanneld

  update:
    group: stable
    reboot-strategy: off

# admin access
ssh_authorized_keys:
    - <put your ssh public key here>

**etcd-2.yml**

#cloud-config

hostname: etcd-2

coreos:

  fleet:
    etcd_servers: http://127.0.0.1:4001
    metadata: "role=etcd-master,az=east-1b"

  etcd:
    name: etcd-2
    addr: 192.168.2.10:4001
    bind-addr: 0.0.0.0
    peer-addr: 192.168.2.10:7001
    peers: 192.168.1.10:7001,192.168.3.10:7001
    #election_timeout: 3000
    #heartbeat_timeout: 3000
    cluster-active-size: 3
    snapshot: true

  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start

  update:
    group: stable
    reboot-strategy: off

# admin access
ssh_authorized_keys:
    - <put your ssh public key here>

**etcd-3.yml**

#cloud-config

hostname: etcd-3

coreos:

  fleet:
    etcd_servers: http://127.0.0.1:4001
    metadata: "role=etcd-master,az=east-1c"

  etcd:
    name: etcd-3
    addr: 192.168.3.10:4001
    bind-addr: 0.0.0.0
    peer-addr: 192.168.3.10:7001
    peers: 192.168.1.10:7001,192.168.2.10:7001
    #election_timeout: 3000
    #heartbeat_timeout: 3000
    cluster-active-size: 3
    snapshot: true

  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start

  update:
    group: stable
    reboot-strategy: off

# admin access
ssh_authorized_keys:
    - <put your ssh public key here>

**kube-master.yml**

#cloud-config

hostname: kube-master

# bootstrap
write_files:

  # configure fleetctl to work with etcd cluster
  - path: /etc/profile.d/clusterctl.sh
    permissions: 0644
    owner: core
    content: |
      #! /usr/bin/bash
      export FLEETCTL_ENDPOINT=http://192.168.1.10:4001
      export KUBERNETES_MASTER=http://192.168.1.100:8080

  - path: /opt/bin/kubectl.sh
    owner: root
    content: |
      #! /usr/bin/bash
      wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kubectl
      chmod +x /opt/bin/kubectl

coreos:

  fleet:
    etcd_servers: "http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001"
    metadata: role=kube-master

  units:
    - name: setup-network-environment.service
      command: start
      content: |
        [Unit]
        Description=Setup Network Environment
        Documentation=https://github.com/kelseyhightower/setup-network-environment
        Requires=network-online.target
        After=network-online.target

        [Service]
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/k8s/setup-network-environment
        ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
        ExecStart=/opt/bin/setup-network-environment
        RemainAfterExit=yes
        Type=oneshot

    - name: etcd.service
      command: start

    - name: fleet.service
      command: start

    # kubectl downloader
    - name: kube-download.service
      command: start
      content: |
        [Unit]
        Description=Kubectl downloader
        Wants=network-online.target

        [Service]
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kubectl.sh
        ExecStart=/usr/bin/bash /opt/bin/kubectl.sh
        RemainAfterExit=true
        Type=oneshot

    # flannel - network overlay for docker
    - name: flannel.service
      command: start
      content: |
        [Unit]
        Requires=etcd.service
        After=etcd.service
        After=network-online.target
        Wants=network-online.target
        Description=flannel is an etcd backed overlay network for containers

        [Service]
        Type=notify
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
        ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
        ExecStart=/opt/bin/flanneld -etcd-endpoints http://192.168.1.10:4001 http://192.168.2.10:4001 http://192.168.3.10:4001

    # apiserver - interact with kubernetes
    - name: kube-apiserver.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes API Server
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        Requires=etcd.service
        After=etcd.service

        [Service]
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-apiserver
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver
        ExecStart=/opt/bin/kube-apiserver \
        --address=0.0.0.0 \
        --port=8080 \
        --portal_net=10.244.0.0/16 \
        --etcd_servers=http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001 \
        --public_address_override=$private_ipv4 \
        --logtostderr=true
        Restart=always
        RestartSec=10

    # controller-manager - ensure components can communicate
    - name: kube-controller-manager.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Controller Manager
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        Requires=kube-apiserver.service
        After=kube-apiserver.service

        [Service]
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-controller-manager
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager
        ExecStart=/opt/bin/kube-controller-manager \
        --master=127.0.0.1:8080 \
        --logtostderr=true
        Restart=always
        RestartSec=10

    # scheduler - coordiate kubernetes
    - name: kube-scheduler.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Scheduler
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        Requires=kube-apiserver.service
        After=kube-apiserver.service

        [Service]
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-scheduler
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler
        ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080
        Restart=always
        RestartSec=10

    # register - allow kubes to auto register
    - name: kube-register.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Registration Service
        Documentation=https://github.com/kelseyhightower/kube-register
        Requires=kube-apiserver.service
        After=kube-apiserver.service
        [Service]
        ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/kube-register
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register
        ExecStart=/opt/bin/kube-register \
        --metadata=role=kube-minion \
        --fleet-endpoint=unix:///var/run/fleet.sock \
        --api-endpoint=http://127.0.0.1:8080
        Restart=always
        RestartSec=10

  update:
    group: stable
    reboot-strategy: off

# admin access
ssh_authorized_keys:
    - <put your ssh public key here>

**kube-node.yml**

#cloud-config

# Connect to docker hub
write_files:

  - path: /home/core/.dockercfg
    owner: core:core
    permissions: 0644
    content: |
      {
        "https://index.docker.io/v1/": {
          "auth": "XXX",
          "email": "your@tdockerhub.email"
        }
      }

  - path: /.dockercfg
    owner: core:core
    permissions: 0644
    content: |
      {
        "https://index.docker.io/v1/": {
          "auth": "XXX",
          "email": "your@tdockerhub.email"
        }
      }

coreos:

  fleet:
    etcd_servers: "http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001"
    metadata: role=kube-minion

    # Start etcd/fleet
    - name: etcd.service
      mask: true
    - name: fleet.service
      command: start

    # Flannel
    - name: flannel.service
      command: start
      content: |
        [Unit]
        After=network-online.target
        Wants=network-online.target
        Description=flannel is an etcd backed overlay network for containers

        [Service]
        Type=notify
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
        ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
        ExecStart=/opt/bin/flanneld -etcd-endpoints http://192.168.1.10:4001 http://192.168.2.10:4001 http://192.168.3.10:4001

    # Docker
    - name: docker.service
      command: start
      content: |
        [Unit]
        After=flannel.service
        Wants=flannel.service
        Description=Docker Application Container Engine
        Documentation=http://docs.docker.io

        [Service]
        EnvironmentFile=/run/flannel/subnet.env
        ExecStartPre=/bin/mount --make-rprivate /
        ExecStart=/usr/bin/docker -d --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} -s=overlay -H fd://

        [Install]
        WantedBy=multi-user.target

    # Network setup for kube services
    - name: setup-network-environment.service
      command: start
      content: |
        [Unit]
        Description=Setup Network Environment
        Documentation=https://github.com/kelseyhightower/setup-network-environment
        Requires=network-online.target
        After=network-online.target

        [Service]
        ExecStartPre=-/usr/bin/mkdir -p /opt/bin
        ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/setup-network-environment
        ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
        ExecStart=/opt/bin/setup-network-environment
        RemainAfterExit=yes
        Type=oneshot

    # kubernetes proxy
    - name: kube-proxy.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Proxy
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes

        [Service]
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-proxy
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy
        ExecStart=/opt/bin/kube-proxy \
        --master=http://192.168.1.100:8080 \
        --logtostderr=true
        Restart=always
        LimitNOFILE=65536
        RestartSec=10

    # kubernetes kubelet
    - name: kube-kubelet.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Kubelet
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        Requires=setup-network-environment.service
        After=setup-network-environment.service

        [Service]
        EnvironmentFile=/etc/network-environment
        ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kubelet
        ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet
        ExecStart=/opt/bin/kubelet \
        --address=0.0.0.0 \
        --port=10250 \
        --hostname_override=$private_ipv4 \
        --api_servers=192.168.1.100:8080 \
        --logtostderr=true
        Restart=always
        LimitNOFILE=65536
        RestartSec=10

    # cadvisor monitoring
    - name: cadvisor.service
      command: start
      content: |-
        [Unit]
        Description=cAdvisor Service
        After=docker.service
        Requires=docker.service

        [Service]
        TimeoutStartSec=10m
        Restart=always
        ExecStartPre=-/usr/bin/docker kill cadvisor
        ExecStartPre=-/usr/bin/docker rm -f cadvisor
        ExecStartPre=/usr/bin/docker pull google/cadvisor
        ExecStart=/usr/bin/docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=4194:4194 --name=cadvisor --net=host google/cadvisor:latest
        ExecStop=/usr/bin/docker stop -t 2 cadvisor

  # Update profile
  update:
    group: stable
    reboot-strategy: off

# admin access
ssh_authorized_keys:
    - <put your ssh public key here>
	etcd-1.yml

	#cloud-config

	hostname: etcd-1

	write_files:

	- path: /opt/bin/waiter.sh
	owner: root
	content: \|
	#! /usr/bin/bash
	until curl http://127.0.0.1:4001/v2/machines; do sleep 2; done

	coreos:

	fleet:
	etcd_servers: http://127.0.0.1:4001
	metadata: "role=etcd-master,az=east-1e"

	etcd:
	name: etcd-1
	addr: 192.168.1.10:4001
	bind-addr: 0.0.0.0
	peer-addr: 192.168.1.10:7001
	#peers: 192.168.2.10:7001,192.168.3.10:7001
	#election_timeout: 3000
	#heartbeat_timeout: 3000
	cluster-active-size: 3
	snapshot: true

	units:
	- name: etcd.service
	command: start

	- name: fleet.service
	command: start

	# etcd waiter - make sure that etcd is up
	- name: etcd-waiter.service
	command: start
	content: \|
	[Unit]
	Description=etcd waiter
	Wants=network-online.target
	Wants=etcd.service
	After=etcd.service
	After=network-online.target
	Before=flannel.service
	Before=setup-network-environment.service

	[Service]
	ExecStartPre=/usr/bin/chmod +x /opt/bin/waiter.sh
	ExecStart=/usr/bin/bash /opt/bin/waiter.sh
	RemainAfterExit=true
	Type=oneshot

	# flannel - network overlay for docker
	- name: flannel.service
	command: start
	content: \|
	[Unit]
	Requires=etcd.service
	After=etcd.service
	After=network-online.target
	Wants=network-online.target
	Description=flannel is an etcd backed overlay network for containers

	[Service]
	Type=notify
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
	ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
	ExecStartPre=-/usr/bin/etcdctl mk /coreos.com/network/config '{"Network":"10.244.0.0/16", "Backend": {"Type": "vxlan"}}'
	ExecStart=/opt/bin/flanneld

	update:
	group: stable
	reboot-strategy: off

	# admin access
	ssh_authorized_keys:
	- <put your ssh public key here>

	etcd-2.yml

	#cloud-config

	hostname: etcd-2

	coreos:

	fleet:
	etcd_servers: http://127.0.0.1:4001
	metadata: "role=etcd-master,az=east-1b"

	etcd:
	name: etcd-2
	addr: 192.168.2.10:4001
	bind-addr: 0.0.0.0
	peer-addr: 192.168.2.10:7001
	peers: 192.168.1.10:7001,192.168.3.10:7001
	#election_timeout: 3000
	#heartbeat_timeout: 3000
	cluster-active-size: 3
	snapshot: true

	units:
	- name: etcd.service
	command: start
	- name: fleet.service
	command: start

	update:
	group: stable
	reboot-strategy: off

	# admin access
	ssh_authorized_keys:
	- <put your ssh public key here>

	etcd-3.yml

	#cloud-config

	hostname: etcd-3

	coreos:

	fleet:
	etcd_servers: http://127.0.0.1:4001
	metadata: "role=etcd-master,az=east-1c"

	etcd:
	name: etcd-3
	addr: 192.168.3.10:4001
	bind-addr: 0.0.0.0
	peer-addr: 192.168.3.10:7001
	peers: 192.168.1.10:7001,192.168.2.10:7001
	#election_timeout: 3000
	#heartbeat_timeout: 3000
	cluster-active-size: 3
	snapshot: true

	units:
	- name: etcd.service
	command: start
	- name: fleet.service
	command: start

	update:
	group: stable
	reboot-strategy: off

	# admin access
	ssh_authorized_keys:
	- <put your ssh public key here>

	kube-master.yml

	#cloud-config

	hostname: kube-master

	# bootstrap
	write_files:

	# configure fleetctl to work with etcd cluster
	- path: /etc/profile.d/clusterctl.sh
	permissions: 0644
	owner: core
	content: \|
	#! /usr/bin/bash
	export FLEETCTL_ENDPOINT=http://192.168.1.10:4001
	export KUBERNETES_MASTER=http://192.168.1.100:8080

	- path: /opt/bin/kubectl.sh
	owner: root
	content: \|
	#! /usr/bin/bash
	wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kubectl
	chmod +x /opt/bin/kubectl

	coreos:

	fleet:
	etcd_servers: "http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001"
	metadata: role=kube-master

	units:
	- name: setup-network-environment.service
	command: start
	content: \|
	[Unit]
	Description=Setup Network Environment
	Documentation=https://github.com/kelseyhightower/setup-network-environment
	Requires=network-online.target
	After=network-online.target

	[Service]
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/k8s/setup-network-environment
	ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
	ExecStart=/opt/bin/setup-network-environment
	RemainAfterExit=yes
	Type=oneshot

	- name: etcd.service
	command: start

	- name: fleet.service
	command: start

	# kubectl downloader
	- name: kube-download.service
	command: start
	content: \|
	[Unit]
	Description=Kubectl downloader
	Wants=network-online.target

	[Service]
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kubectl.sh
	ExecStart=/usr/bin/bash /opt/bin/kubectl.sh
	RemainAfterExit=true
	Type=oneshot

	# flannel - network overlay for docker
	- name: flannel.service
	command: start
	content: \|
	[Unit]
	Requires=etcd.service
	After=etcd.service
	After=network-online.target
	Wants=network-online.target
	Description=flannel is an etcd backed overlay network for containers

	[Service]
	Type=notify
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
	ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
	ExecStart=/opt/bin/flanneld -etcd-endpoints http://192.168.1.10:4001 http://192.168.2.10:4001 http://192.168.3.10:4001

	# apiserver - interact with kubernetes
	- name: kube-apiserver.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes API Server
	Documentation=https://github.com/GoogleCloudPlatform/kubernetes
	Requires=etcd.service
	After=etcd.service

	[Service]
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-apiserver
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-apiserver
	ExecStart=/opt/bin/kube-apiserver \
	--address=0.0.0.0 \
	--port=8080 \
	--portal_net=10.244.0.0/16 \
	--etcd_servers=http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001 \
	--public_address_override=$private_ipv4 \
	--logtostderr=true
	Restart=always
	RestartSec=10

	# controller-manager - ensure components can communicate
	- name: kube-controller-manager.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes Controller Manager
	Documentation=https://github.com/GoogleCloudPlatform/kubernetes
	Requires=kube-apiserver.service
	After=kube-apiserver.service

	[Service]
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-controller-manager
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-controller-manager
	ExecStart=/opt/bin/kube-controller-manager \
	--master=127.0.0.1:8080 \
	--logtostderr=true
	Restart=always
	RestartSec=10

	# scheduler - coordiate kubernetes
	- name: kube-scheduler.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes Scheduler
	Documentation=https://github.com/GoogleCloudPlatform/kubernetes
	Requires=kube-apiserver.service
	After=kube-apiserver.service

	[Service]
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-scheduler
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-scheduler
	ExecStart=/opt/bin/kube-scheduler --master=127.0.0.1:8080
	Restart=always
	RestartSec=10

	# register - allow kubes to auto register
	- name: kube-register.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes Registration Service
	Documentation=https://github.com/kelseyhightower/kube-register
	Requires=kube-apiserver.service
	After=kube-apiserver.service
	[Service]
	ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/kube-register
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-register
	ExecStart=/opt/bin/kube-register \
	--metadata=role=kube-minion \
	--fleet-endpoint=unix:///var/run/fleet.sock \
	--api-endpoint=http://127.0.0.1:8080
	Restart=always
	RestartSec=10

	update:
	group: stable
	reboot-strategy: off

	# admin access
	ssh_authorized_keys:
	- <put your ssh public key here>

	kube-node.yml

	#cloud-config

	# Connect to docker hub
	write_files:

	- path: /home/core/.dockercfg
	owner: core:core
	permissions: 0644
	content: \|
	{
	"https://index.docker.io/v1/": {
	"auth": "XXX",
	"email": "your@tdockerhub.email"
	}
	}

	- path: /.dockercfg
	owner: core:core
	permissions: 0644
	content: \|
	{
	"https://index.docker.io/v1/": {
	"auth": "XXX",
	"email": "your@tdockerhub.email"
	}
	}

	coreos:

	fleet:
	etcd_servers: "http://192.168.1.10:4001,http://192.168.2.10:4001,http://192.168.3.10:4001"
	metadata: role=kube-minion

	# Start etcd/fleet
	- name: etcd.service
	mask: true
	- name: fleet.service
	command: start

	# Flannel
	- name: flannel.service
	command: start
	content: \|
	[Unit]
	After=network-online.target
	Wants=network-online.target
	Description=flannel is an etcd backed overlay network for containers

	[Service]
	Type=notify
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/flanneld
	ExecStartPre=/usr/bin/chmod +x /opt/bin/flanneld
	ExecStart=/opt/bin/flanneld -etcd-endpoints http://192.168.1.10:4001 http://192.168.2.10:4001 http://192.168.3.10:4001

	# Docker
	- name: docker.service
	command: start
	content: \|
	[Unit]
	After=flannel.service
	Wants=flannel.service
	Description=Docker Application Container Engine
	Documentation=http://docs.docker.io

	[Service]
	EnvironmentFile=/run/flannel/subnet.env
	ExecStartPre=/bin/mount --make-rprivate /
	ExecStart=/usr/bin/docker -d --bip=${FLANNEL_SUBNET} --mtu=${FLANNEL_MTU} -s=overlay -H fd://

	[Install]
	WantedBy=multi-user.target

	# Network setup for kube services
	- name: setup-network-environment.service
	command: start
	content: \|
	[Unit]
	Description=Setup Network Environment
	Documentation=https://github.com/kelseyhightower/setup-network-environment
	Requires=network-online.target
	After=network-online.target

	[Service]
	ExecStartPre=-/usr/bin/mkdir -p /opt/bin
	ExecStartPre=/usr/bin/wget -N -P /opt/bin http://storage.googleapis.com/k8s/setup-network-environment
	ExecStartPre=/usr/bin/chmod +x /opt/bin/setup-network-environment
	ExecStart=/opt/bin/setup-network-environment
	RemainAfterExit=yes
	Type=oneshot

	# kubernetes proxy
	- name: kube-proxy.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes Proxy
	Documentation=https://github.com/GoogleCloudPlatform/kubernetes

	[Service]
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kube-proxy
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kube-proxy
	ExecStart=/opt/bin/kube-proxy \
	--master=http://192.168.1.100:8080 \
	--logtostderr=true
	Restart=always
	LimitNOFILE=65536
	RestartSec=10

	# kubernetes kubelet
	- name: kube-kubelet.service
	command: start
	content: \|
	[Unit]
	Description=Kubernetes Kubelet
	Documentation=https://github.com/GoogleCloudPlatform/kubernetes
	Requires=setup-network-environment.service
	After=setup-network-environment.service

	[Service]
	EnvironmentFile=/etc/network-environment
	ExecStartPre=/usr/bin/wget -N -P /opt/bin https://storage.googleapis.com/kubernetes-release/release/v0.13.1/bin/linux/amd64/kubelet
	ExecStartPre=/usr/bin/chmod +x /opt/bin/kubelet
	ExecStart=/opt/bin/kubelet \
	--address=0.0.0.0 \
	--port=10250 \
	--hostname_override=$private_ipv4 \
	--api_servers=192.168.1.100:8080 \
	--logtostderr=true
	Restart=always
	LimitNOFILE=65536
	RestartSec=10

	# cadvisor monitoring
	- name: cadvisor.service
	command: start
	content: \|-
	[Unit]
	Description=cAdvisor Service
	After=docker.service
	Requires=docker.service

	[Service]
	TimeoutStartSec=10m
	Restart=always
	ExecStartPre=-/usr/bin/docker kill cadvisor
	ExecStartPre=-/usr/bin/docker rm -f cadvisor
	ExecStartPre=/usr/bin/docker pull google/cadvisor
	ExecStart=/usr/bin/docker run --volume=/:/rootfs:ro --volume=/var/run:/var/run:rw --volume=/sys:/sys:ro --volume=/var/lib/docker/:/var/lib/docker:ro --publish=4194:4194 --name=cadvisor --net=host google/cadvisor:latest
	ExecStop=/usr/bin/docker stop -t 2 cadvisor

	# Update profile
	update:
	group: stable
	reboot-strategy: off

	# admin access
	ssh_authorized_keys:
	- <put your ssh public key here>