-
Notifications
You must be signed in to change notification settings - Fork 0
/
primary.yaml
78 lines (72 loc) · 1.92 KB
/
primary.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
passwd:
users:
- name: core
ssh_authorized_keys:
- "YOUR_KEY_HERE"
storage:
files:
# TODO(mcsaucy): this is sad. Stop doing this.
- path: "/etc/selinux/config"
contents:
inline: "SELINUX=permissive\nSELINUXTYPE=targeted"
mode: 0644
overwrite: true
- path: "/etc/zincati/config.d/51-rollout-wariness.toml"
contents:
inline: |
[identity]
rollout_wariness = 0.1
mode: 0644
- path: "/etc/hostname"
contents:
local: hostname
mode: 0644
- path: "/opt/bin/k3s"
contents:
remote:
url: "https://github.com/rancher/k3s/releases/download/v1.18.6%2Bk3s1/k3s"
verification:
hash:
function: sha512
sum: 0951e378d9d1525386e3bc5e067d8f256fe4aed16a5827850736ac223cb211213c48278dacf440694715c045673b583647ef0eb9fcf576dd4cc04685e56ee1f5
mode: 0755
user:
name: root
group:
name: root
- path: "/secrets/k3s_token"
contents:
local: k3s_token
mode: 0400
user:
name: root
group:
name: root
systemd:
units:
- name: k3s.service
enabled: true
contents: |
[Unit]
Description=Lightweight Kubernetes
Documentation=https://k3s.io
After=network-online.target
[Install]
WantedBy=multi-user.target
[Service]
Type=notify
KillMode=process
Delegate=yes
LimitNOFILE=1048576
LimitNPROC=infinity
LimitCORE=infinity
TasksMax=infinity
TimeoutStartSec=0
Restart=always
RestartSec=5s
ExecStartPre=-/sbin/modprobe br_netfilter
ExecStartPre=-/sbin/modprobe overlay
ExecStart=/opt/bin/k3s --debug server \
--cluster-init \
--cluster-domain example.com \
--token-file /secrets/k3s_token