uint0/docker-compose.yaml

## docker-compose.yaml
version: '3'

services:
  apisrv_init:
    # Abuse the nginx image coz it has openssl installed ootb, is trusted, and is probably cached somewhere
    # any image with openssl works here
    image: nginx
    entrypoint: /usr/bin/bash
    command:
    - -c
    - |-
        printf '%s,admin,100' "$(od -An -x -N32 /dev/urandom)" | tr -d ' \n' > /opt/k8s-bootstrap/token.csv;
        openssl genrsa -out /opt/k8s-bootstrap/service-account-key.pem 4096;
        echo "################################################################################"
        echo "# Auth Token: $(cat /opt/k8s-bootstrap/token.csv | cut -d, -f 1) #"
        echo "################################################################################"
    volumes:
        - apisrv:/opt/k8s-bootstrap

  etcd0:
    image: gcr.io/etcd-development/etcd:v3.4.29
    command:
    - /usr/local/bin/etcd
    - --name=etcd0
    - --data-dir=/etcd_data
    - --listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001
    - --advertise-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001
    - --listen-peer-urls=http://0.0.0.0:2380
    - --initial-advertise-peer-urls=http://0.0.0.0:2380
    - --initial-cluster=etcd0=http://0.0.0.0:2380
    - --initial-cluster-token=localtkn
    - --initial-cluster-state=new
    volumes:
    - etcd0:/etcd_data
  apisrv:
    image: registry.k8s.io/kube-apiserver:v1.29.0
    command:
    - /usr/local/bin/kube-apiserver
    - --etcd-servers=http://etcd0:2379
    - --service-cluster-ip-range=10.0.0.0/16
    - --service-account-issuer=https://kubernetes.default.svc.cluster.local
    - --service-account-key-file=/opt/k8s-bootstrap/service-account-key.pem
    - --service-account-signing-key-file=/opt/k8s-bootstrap/service-account-key.pem
    - --token-auth-file=/opt/k8s-bootstrap/token.csv
    ports:
    - 6443:6443
    volumes:
    - apisrv:/opt/k8s-bootstrap
    depends_on:
      etcd0:
        condition: service_started
      apisrv_init:
        condition: service_completed_successfully

volumes:
  etcd0:
  apisrv:
	version: '3'

	services:
	apisrv_init:
	# Abuse the nginx image coz it has openssl installed ootb, is trusted, and is probably cached somewhere
	# any image with openssl works here
	image: nginx
	entrypoint: /usr/bin/bash
	command:
	- -c
	- \|-
	printf '%s,admin,100' "$(od -An -x -N32 /dev/urandom)" \| tr -d ' \n' > /opt/k8s-bootstrap/token.csv;
	openssl genrsa -out /opt/k8s-bootstrap/service-account-key.pem 4096;
	echo "################################################################################"
	echo "# Auth Token: $(cat /opt/k8s-bootstrap/token.csv \| cut -d, -f 1) #"
	echo "################################################################################"
	volumes:
	- apisrv:/opt/k8s-bootstrap

	etcd0:
	image: gcr.io/etcd-development/etcd:v3.4.29
	command:
	- /usr/local/bin/etcd
	- --name=etcd0
	- --data-dir=/etcd_data
	- --listen-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001
	- --advertise-client-urls=http://0.0.0.0:2379,http://0.0.0.0:4001
	- --listen-peer-urls=http://0.0.0.0:2380
	- --initial-advertise-peer-urls=http://0.0.0.0:2380
	- --initial-cluster=etcd0=http://0.0.0.0:2380
	- --initial-cluster-token=localtkn
	- --initial-cluster-state=new
	volumes:
	- etcd0:/etcd_data
	apisrv:
	image: registry.k8s.io/kube-apiserver:v1.29.0
	command:
	- /usr/local/bin/kube-apiserver
	- --etcd-servers=http://etcd0:2379
	- --service-cluster-ip-range=10.0.0.0/16
	- --service-account-issuer=https://kubernetes.default.svc.cluster.local
	- --service-account-key-file=/opt/k8s-bootstrap/service-account-key.pem
	- --service-account-signing-key-file=/opt/k8s-bootstrap/service-account-key.pem
	- --token-auth-file=/opt/k8s-bootstrap/token.csv
	ports:
	- 6443:6443
	volumes:
	- apisrv:/opt/k8s-bootstrap
	depends_on:
	etcd0:
	condition: service_started
	apisrv_init:
	condition: service_completed_successfully

	volumes:
	etcd0:
	apisrv: