56 lines
1.8 KiB
Text
56 lines
1.8 KiB
Text
#cloud-config
|
|
package_update: true
|
|
package_upgrade: true
|
|
packages:
|
|
- curl
|
|
- git
|
|
- ca-certificates
|
|
- jq
|
|
- bash
|
|
- apt-transport-https
|
|
write_files:
|
|
- path: /etc/sysctl.d/90-unrip.conf
|
|
permissions: '0644'
|
|
content: |
|
|
vm.max_map_count = 262144
|
|
- path: /usr/local/bin/bootstrap-unrip.sh
|
|
permissions: '0755'
|
|
content: |
|
|
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
install -d -m 0755 /opt/unrip/bootstrap
|
|
cat >/opt/unrip/bootstrap/README.txt <<'EOF'
|
|
This node was provisioned by Terraform + cloud-init.
|
|
This cloud-init step no longer clones a bootstrap repository.
|
|
The current Hetzner flow remains workstation-driven after Terraform:
|
|
- scripts/hetzner/bootstrap.sh fetches kubeconfig from the node
|
|
- scripts/hetzner/bootstrap.sh renders secrets/overlays locally
|
|
- scripts/hetzner/bootstrap.sh applies Kubernetes manifests from the operator workstation
|
|
|
|
Reserved for future node-local bootstrap/GitOps assets:
|
|
/opt/unrip/bootstrap/${bootstrap_repo_path}
|
|
EOF
|
|
- path: /etc/rancher/k3s/config.yaml
|
|
permissions: '0644'
|
|
content: |
|
|
write-kubeconfig-mode: "0644"
|
|
node-name: ${node_name}
|
|
tls-san:
|
|
- ${public_domain}
|
|
%{ if tailscale_control_plane_hostname != "" ~}
|
|
- ${tailscale_control_plane_hostname}
|
|
%{ endif ~}
|
|
node-ip: ${private_ipv4_address}
|
|
advertise-address: ${private_ipv4_address}
|
|
disable:
|
|
- servicelb
|
|
runcmd:
|
|
- sysctl --system
|
|
%{ if tailscale_enabled && tailscale_auth_key != "" ~}
|
|
- curl -fsSL https://tailscale.com/install.sh | sh
|
|
- tailscale up --auth-key=${tailscale_auth_key} --ssh --hostname=${node_name}
|
|
%{ endif ~}
|
|
- curl -sfL https://get.k3s.io | INSTALL_K3S_CHANNEL=${k3s_channel} sh -s - server
|
|
- /usr/local/bin/bootstrap-unrip.sh
|
|
final_message: "k3s bootstrap finished for ${node_name}"
|