/
ignition.ign
153 lines (153 loc) · 6.7 KB
/
ignition.ign
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
{
"ignition": {
"config": {},
"security": {
"tls": {}
},
"timeouts": {},
"version": "2.3.0"
},
"networkd": {
"units": [
{
"contents": "[NetDev]\nName=james\nKind=bond\n\n[Bond]\nMode=802.3ad\nTransmitHashPolicy=layer3+4\nMIIMonitorSec=1s\nLACPTransmitRate=fast\n",
"name": "25-jamesbond.netdev"
},
{
"contents": "[Match]\nName=eno*\n\n[Network]\nBond=james\n",
"name": "james.network"
},
{
"contents": "[Match]\nName=james\n\n[Network]\nDHCP=yes\n",
"name": "james_dhcp.network"
}
]
},
"passwd": {
"users": [
{
"name": "core",
"sshAuthorizedKeys": [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCgakqOKbhaZe7ku2SOmHCrOCeAx//4PQy/nB6jSqIv94yDcyTcnxlJGhcoWdDFUzesFSYLvO63qgm5oA7ApFw413+R/M4FKuq4afhakSn8srthpW1gwI148hF+a8ugcz6h+COXEzOBdJLE0EUGcvKlI79+oF3h/egoO/2gLH0Pi5q5WQxkNXHBLUhZX4jU6uwS22ot4ThiAFKluB+/Asfvbd8ghZ0RDI6Q7H/yAKMp3E/CgA+xFQoTwybcUMm3e6ACJWD00yRczWapwv9ohaINac0ssym/3bFJZArW7foFgI0pyR56/s/0hWaGnA/nsTTHWs/HQ+324opm/a+908zv"
]
}
]
},
"storage": {
"files": [
{
"filesystem": "root",
"overwrite": true,
"path": "/etc/selinux/config",
"contents": {
"source": "data:,SELINUX%3Dpermissive%0ASELINUXTYPE%3Dtargeted",
"verification": {}
},
"mode": 420
},
{
"filesystem": "root",
"group": {
"name": "root"
},
"path": "/opt/bin/k3s",
"user": {
"name": "root"
},
"contents": {
"source": "https://github.com/rancher/k3s/releases/download/v1.18.8%2Bk3s1/k3s",
"verification": {
"hash": "sha512-1d9d460763784146d0ecfb8ccda26122e8fe5fc1d4e89f5829e6ef8f61a751e44dc62d167baf3abd407561d9a979b50e59805389b01a860f48c2f5641920c5b3"
}
},
"mode": 493
},
{
"filesystem": "root",
"group": {
"name": "root"
},
"path": "/opt/bin/k_params",
"user": {
"name": "root"
},
"contents": {
"source": "https://raw.githubusercontent.com/mcsaucy/k_params/master/k_params",
"verification": {}
},
"mode": 493
},
{
"filesystem": "root",
"group": {
"name": "root"
},
"path": "/opt/bin/namecheap_update",
"user": {
"name": "root"
},
"contents": {
"source": "https://raw.githubusercontent.com/mcsaucy/ddns_scripts/master/namecheap.sh",
"verification": {}
},
"mode": 493
}
],
"links": [
{
"filesystem": "root",
"path": "/opt/bin/kubectl",
"target": "/opt/bin/k3s"
}
]
},
"systemd": {
"units": [
{
"contents": "[Unit]\nDescription=Set hostname based upon kernel commandline\nConditionKernelCommandLine=hostname\n\n[Install]\nWantedBy=k3s.service\n\n[Service]\nExecStart=/bin/bash -c 'hostnamectl set-hostname --static \"$(/opt/bin/k_params hostname)\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=30s\n",
"enabled": true,
"name": "sethostname.service"
},
{
"contents": "[Unit]\nDescription=Lightweight Kubernetes\nDocumentation=https://k3s.io\nAfter=network-online.target\nConditionFileNotEmpty=/secrets/k3s_env\n\n[Install]\nWantedBy=multi-user.target\n\n[Service]\nType=notify\nKillMode=process\nDelegate=yes\nLimitNOFILE=1048576\nLimitNPROC=infinity\nLimitCORE=infinity\nTasksMax=infinity\nTimeoutStartSec=0\nRestart=always\nRestartSec=5s\nEnvironmentFile=/secrets/k3s_env\nExecStartPre=-/sbin/modprobe br_netfilter\nExecStartPre=-/sbin/modprobe overlay\nExecStart=/opt/bin/k3s server\n",
"enabled": true,
"name": "k3s.service"
},
{
"contents": "[Unit]\nDescription=Log Exporter\nAfter=systemd-journald.service\nRequires=systemd-journald.service\nConditionFileNotEmpty=/secrets/logexport_env\n\n[Service]\nEnvironmentFile=/secrets/logexport_env\nExecStart=/bin/sh -c 'journalctl -f | ncat --ssl \"${LOGEXPORT_HOST}\" \"${LOGEXPORT_PORT}\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=5s\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "logexport.service"
},
{
"contents": "[Unit]\nDescription=Monitoring Heartbeat Pulse\nRequires=network-online.target\nConditionFileNotEmpty=/secrets/heartbeat_env\n\n[Service]\nEnvironmentFile=/secrets/heartbeat_env\nExecStart=/bin/sh -c 'wget --spider \"${HEARTBEAT_URL}\" \u003e/dev/null 2\u003e\u00261'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=5s\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "heartbeat.service"
},
{
"contents": "[Unit]\nDescription=Set the primary hostname via DDNS\nRequires=network-online.target k3s.service\nConditionFileNotEmpty=/secrets/namecheap_ddns_env\n\n[Service]\nEnvironmentFile=/secrets/namecheap_ddns_env\nExecStart=/bin/sh -c '/opt/bin/kubectl get nodes/$(hostname) | grep -q Ready \u0026\u0026 /opt/bin/namecheap_update \"${NAMECHEAP_DDNS_INTERFACE:-james}\" \"primary.$(hostname -d)\"'\nTimeoutStartSec=0\nRestart=on-failure\nRestartSec=1m\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "primary_ddns.service"
},
{
"contents": "[Unit]\nDescription=Update our host's dynamic DNS record\nAfter=sethostname.service\nRequires=network-online.target\nConditionFileNotEmpty=/secrets/namecheap_ddns_env\n\n[Service]\nEnvironmentFile=/secrets/namecheap_ddns_env\nExecStart=/bin/sh -c '[ \"$(hostname)\" != localhost ] \u0026\u0026 /opt/bin/namecheap_update \"${NAMECHEAP_DDNS_INTERFACE:-james}\"'\nTimeoutStartSec=0\nRestart=always\nRestartSec=10m\n\n[Install]\nWantedBy=multi-user.target\n",
"enabled": true,
"name": "host_ddns.service"
},
{
"contents": "[Unit]\nDescription=Run Heartbeat every 5 minutes\nRequires=heartbeat.service\n\n[Timer]\nUnit=heartbeat.service\nOnUnitInactiveSec=5m\nAccuracySec=10s\n\n[Install]\nWantedBy=timers.target\n",
"enabled": true,
"name": "heartbeat.timer"
},
{
"contents": "[Unit]\nDescription=Run primary_ddns every 5 minutes\nRequires=primary_ddns.service\n\n[Timer]\nUnit=primary_ddns.service\nOnUnitInactiveSec=5m\nAccuracySec=10s\n\n[Install]\nWantedBy=timers.target\n",
"enabled": true,
"name": "primary_ddns.timer"
},
{
"contents": "[Unit]\nDescription=Secrets\n\n[Mount]\nWhat=/dev/disk/by-label/secrets\nWhere=/secrets\nOptions=ro\nDirectoryMode=0700\n\n[Install]\nWantedBy=k3s.service\n",
"enabled": true,
"name": "secrets.mount"
}
]
}
}