Skip to content
Snippets Groups Projects
Verified Commit 4d2df8d0 authored by Janne Mareike Koschinski's avatar Janne Mareike Koschinski
Browse files

feat: initial working version

parent 80d8f07d
No related branches found
No related tags found
No related merge requests found
/config/*.ign
/.idea/
/manifest.json
\ No newline at end of file
.PHONY: all
all:
make -C config
hetzner-robot-automation manifest.json
\ No newline at end of file
configs := $(wildcard *.bu)
.PHONY: ignition.ign
ignition.ign: $(configs)
yq eval-all '. as $$item ireduce ({}; . *+ $$item )' $^ | butane -d . -sp -o $@
variant: fcos
version: 1.4.0
storage:
files:
- path: /etc/yum.repos.d/kubernetes.repo
mode: 0644
contents:
local: kubernetes/repo.conf
- path: /etc/modules-load.d/k8s.conf
mode: 0644
contents:
local: kubernetes/modules.conf
- path: /etc/sysctl.d/k8s.conf
mode: 0644
contents:
local: kubernetes/sysctl.conf
- path: /etc/dnf/modules.d/cri-o.module
mode: 0644
overwrite: true
contents:
inline: |
[cri-o]
name=cri-o
stream=1.17
profiles=
state=enabled
- path: /etc/kubernetes/kubeadm-config.yaml
mode: 0600
contents:
local: kubernetes/kubeadm.yaml
- path: /root/.bashrc.d/kubeconfig.sh
mode: 0755
contents:
inline: |-
export KUBECONFIG=/etc/kubernetes/admin.conf
- path: /usr/local/bin/cilium
mode: 0755
contents:
source: https://github.com/cilium/cilium-cli/releases/latest/download/cilium-linux-amd64.tar.gz
compression: gzip
systemd:
units:
- name: kubernetes-install.service
enabled: true
contents: |
[Unit]
Description=Install Overlay Packages
Requires=NetworkManager-wait-online.service
Requires=zincati.service
After=NetworkManager-wait-online.service
After=zincati.service
Before=multi-user.target
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=rpm-ostree install kubelet kubeadm kubectl helm cri-o --idempotent --reboot
[Install]
RequiredBy=multi-user.target
WantedBy=multi-user.target
- name: kubernetes-init.service
enabled: true
contents: |
[Unit]
Description=Initialize Kubernetes Cluster
Requires=NetworkManager-wait-online.service
Requires=kubernetes-install.service
After=NetworkManager-wait-online.service
After=kubernetes-install.service
Before=multi-user.target
[Service]
Type=oneshot
RemainAfterExit=yes
User=root
Group=root
ExecStartPre=systemctl enable --now kubelet crio
ExecStart=kubeadm init \
--config /etc/kubernetes/kubeadm-config.yaml \
--skip-phases mark-control-plane
ExecStartPost=helm install cilium cilium \
--kubeconfig /etc/kubernetes/admin.conf \
--repo https://helm.cilium.io/ \
--version 1.12.0 \
--namespace kube-system \
--set cni.binPath=/opt/cni/bin/ \
--set cni.confPath=/etc/cni/net.d \
--set operator.replicas=1 \
--set hubble.relay.enabled=true \
--set hubble.ui.enabled=true \
--set kubeProxyReplacement=disabled
[Install]
WantedBy=multi-user.target
\ No newline at end of file
apiVersion: kubeadm.k8s.io/v1beta3
kind: InitConfiguration
nodeRegistration:
kubeletExtraArgs:
volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
criSocket: "unix:///var/run/crio/crio.sock"
---
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
controllerManager:
extraArgs:
flex-volume-plugin-dir: "/opt/libexec/kubernetes/kubelet-plugins/volume/exec/"
networking:
podSubnet: "10.244.0.0/16"
br_netfilter
[kubernetes]
name=Kubernetes
baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
enabled=1
gpgcheck=1
repo_gpgcheck=1
gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward = 1
variant: fcos
version: 1.4.0
storage:
files:
- path: /etc/hostname
mode: 0644
contents:
inline: nitrogen.kuschku.de
- path: /etc/NetworkManager/system-connections/enp0s31f6.nmconnection
mode: 0600
contents:
local: network/connection.ini
[connection]
id=enp0s31f6
type=ethernet
interface-name=enp0s31f6
[ethernet]
mac-address-blacklist=
mtu=auto
[ipv4]
address1=148.251.132.182/32,148.251.132.161
dns=8.8.8.8
dns-priority=100
dns-search=
may-fail=false
method=manual
[ipv6]
address1=2a01:4f8:210:3186::1/64,fe80::1
dns-priority=100
dns-search=
method=manual
variant: fcos
version: 1.4.0
kernel_arguments:
should_exist:
- selinux=0
variant: fcos
version: 1.4.0
kernel_arguments:
should_exist:
- mitigations=auto
should_not_exist:
- mitigations=auto,nosmt
variant: fcos
version: 1.4.0
passwd:
users:
- name: core
ssh_authorized_keys:
#- "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAjcAKCjQOCcZDTNnpwuruMPwMUi/sguTOt8bhUvWYE3zplaxb+DeAAw6/GuDNFHje6fr73uyy0lUfsx1vCUpnAAAAAEc3NoOg== blue:janne@discovery"
#- "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBBwjBa2Djk00G9MR+hIcW3oZ3G0LNGHT6gTZwCTdqibC4pxwXgtHFTFhYFDY0ySTI96QQtf+iQkHgxrAdIjcxaIAAAAEc3NoOg== black:janne@discovery"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6lUSmgANEiwHOXX8C15UPbmEeqHGtLviULB/HcRn9zrhJ5YyQPaMmu4wmCXLw3lA2marl2dyMcvqIFgZXLb0UcSJu+UiF+cCWAS9KEzcROcocm5DbTsAOi2kz7PVhBu5SVo8W42L5IdJhk6FyxvZAadUAg+viNAqR9y9I/3J+7hzZYyTtPP/xvIEe/HrXd9gONP7v6H73ou69PUM+OjV2u1PpYk5PByWaa+Smnftr9ziUjIhjzFmV2fRwAxoh/S2ttR3zv4plAFuuZxObKq3oO3evwgF7PG7vH4Fb1AgMu+euQtc5EjcVGyC01XQjVkeC2L1n0wDTUgD03qesfhWb janne@discovery"
#- "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBIbESjs0T8rxl1LCWm2Dowi6pNPxGC4JUs+1cge/1MdU3Xpdmyu/etl7oXM//e2AYj9wX7tPre7TTJsElvkAc1QAAAAEc3NoOg== black:janne@curiosity"
#- "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBNDcOUzfmt0X2f7+0hY5UnzMQH5/VLzjss77xqWw7poMzF+rBTvaoU+qeVfXDYvyqpeUoOV27uc7AHDxPbnhhpQAAAAEc3NoOg== blue:janne@curiosity"
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC39uDh9/3/sbAh72zdPfHZE3iGSsbppgiEKZPvZHgndbdGPz5JvnMn+K+VqjLLDMH5Ez+LJUIxPJcolH4iuGCEXcA/7SM6c8V5OII/S/533fgHbBhK4DUDyMMOsTPSM5HInArcn+h6/RVJ+vJgBZVh2DeR2XAEL+9q2oZQLvyq8yjGD30m4K0pYFjSRFsiyGITvghYoKdoGkF8bOKir9nymwWF1bVywCBHCMlyXFXn3zy+Xrkab0Y5SD0bRAXBL8U2PoCNBPNtqggW364AxYL4LGjN+tOsi0A7es6L05LQdDcUIRogDpMSlburoir+Z+CYX8O2oj96NQkBHV0dQlikcT87bCHRnFxxas0ZqS27Wf/OwtNlAC5eNRv4a1KMln80s9RjJUWvJcmw9hx/KHWJLQui07kClSk+kjxALP7/xnrclqa1tk7xzNysuHlXuvRO/4JURjQ8gLzo6V1IsEieH6rnu55HhPrq+flmzl02z5J3a835jk1t87NHV3p2A48= janne@curiosity"
variant: fcos
version: 1.4.0
storage:
disks:
- device: /dev/nvme0n1
partitions:
- label: root-1
size_mib: 65536
- label: var-1
size_mib: 65536
- label: storage-ssd-1
- device: /dev/nvme1n1
partitions:
- label: root-2
size_mib: 65536
- label: var-2
size_mib: 65536
- label: storage-ssd-2
- device: /dev/sda
partitions:
- label: storage-hdd-1
- device: /dev/sdb
partitions:
- label: storage-hdd-2
raid:
- name: md-var
level: raid1
devices:
- /dev/disk/by-partlabel/var-1
- /dev/disk/by-partlabel/var-2
- name: md-storage-ssd
level: raid1
devices:
- /dev/disk/by-partlabel/storage-ssd-1
- /dev/disk/by-partlabel/storage-ssd-2
- name: md-storage-hdd
level: raid1
devices:
- /dev/disk/by-partlabel/storage-hdd-1
- /dev/disk/by-partlabel/storage-hdd-2
filesystems:
- device: /dev/md/md-var
path: /var
format: xfs
wipe_filesystem: true
with_mount_unit: true
- device: /dev/md/md-storage-ssd
path: /var/lib/data-ssd
format: xfs
wipe_filesystem: true
with_mount_unit: true
- device: /dev/md/md-storage-hdd
path: /var/lib/data-hdd
format: xfs
wipe_filesystem: true
with_mount_unit: true
boot_device:
mirror:
devices:
- /dev/nvme0n1
- /dev/nvme1n1
#!/bin/bash
set -euo pipefail
update-alternatives --set iptables /usr/sbin/iptables-legacy
apt-get update
apt-get install --no-install-recommends -y podman
wipefs -a /dev/md/* || true
(ls /dev/md/* | xargs -n1 mdadm --stop) || true
wipefs -a /dev/nvme0n1p* || true
wipefs -a /dev/nvme1n1p* || true
wipefs -a /dev/nvme0n1
wipefs -a /dev/nvme1n1
wipefs -a /dev/sda
wipefs -a /dev/sdb
podman run \
--pull=always \
--privileged \
--rm \
-v /dev:/dev \
-v /run/udev:/run/udev \
-v .:/data \
-w /data \
quay.io/coreos/coreos-installer:release \
install \
--ignition-file /data/ignition.ign \
--platform metal \
--delete-karg mitigations=auto,nosmt \
--append-karg mitigations=auto \
--append-karg selinux=0 \
-- \
/dev/nvme0n1
mkdir -p /mnt/boot
mount /dev/nvme0n1p2 /mnt/boot
rm /mnt/boot/EFI/fedora/BOOTX64.CSV
umount /mnt/boot || true
lsblk
systemctl reboot
{
"api-key": "AzureDiamond",
"api-secret": "hunter2",
"server": 123456,
"files": [
{
"source": "config/ignition.ign",
"target": "/root/ignition.ign",
"mode": 644,
"execute": false
},
{
"source": "install.sh",
"target": "/root/install_rescue.sh",
"mode": 755,
"execute": true
}
]
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment