typhoon/digital-ocean/fedora-atomic/kubernetes/cloudinit/worker.yaml.tmpl

#cloud-config
write_files:
  - path: /etc/systemd/system/kubelet.service.d/10-typhoon.conf
    content: |
      [Unit]
      Wants=rpc-statd.service
      [Service]
      ExecStartPre=/bin/mkdir -p /opt/cni/bin
      ExecStartPre=/bin/mkdir -p /etc/kubernetes/manifests
      ExecStartPre=/bin/mkdir -p /etc/kubernetes/cni/net.d
      ExecStartPre=/bin/mkdir -p /var/lib/cni
      ExecStartPre=/bin/mkdir -p /var/lib/kubelet/volumeplugins
      ExecStartPre=/usr/bin/bash -c "grep 'certificate-authority-data' /etc/kubernetes/kubeconfig | awk '{print $2}' | base64 -d > /etc/kubernetes/ca.crt"
      Restart=always
      RestartSec=10
  - path: /etc/kubernetes/kubelet.conf
    content: |
      ARGS="--anonymous-auth=false \
        --authentication-token-webhook \
        --authorization-mode=Webhook \
        --client-ca-file=/etc/kubernetes/ca.crt \
        --cluster_dns=${k8s_dns_service_ip} \
        --cluster_domain=${cluster_domain_suffix} \
        --cni-conf-dir=/etc/kubernetes/cni/net.d \
        --exit-on-lock-contention \
        --kubeconfig=/etc/kubernetes/kubeconfig \
        --lock-file=/var/run/lock/kubelet.lock \
        --network-plugin=cni \
        --node-labels=node-role.kubernetes.io/node \
        --pod-manifest-path=/etc/kubernetes/manifests \
        --read-only-port=0 \
        --volume-plugin-dir=/var/lib/kubelet/volumeplugins"
  - path: /etc/systemd/system/kubelet.path
    content: |
      [Unit]
      Description=Watch for kubeconfig
      [Path]
      PathExists=/etc/kubernetes/kubeconfig
      [Install]
      WantedBy=multi-user.target
  - path: /etc/selinux/config
    owner: root:root
    permissions: '0644'
    content: |
      SELINUX=permissive
      SELINUXTYPE=targeted
bootcmd:
  - [setenforce, Permissive]
  - [systemctl, disable, firewalld, --now]
  # https://github.com/kubernetes/kubernetes/issues/60869
  - [modprobe, ip_vs]
runcmd:
  - [systemctl, daemon-reload]
  - "atomic install --system --name=kubelet quay.io/poseidon/kubelet:v1.12.2"
  - [systemctl, enable, kubelet.path]
  - [systemctl, start, --no-block, kubelet.path]
users:
  - default
  - name: fedora
    gecos: Fedora Admin
    sudo: ALL=(ALL) NOPASSWD:ALL
    groups: wheel,adm,systemd-journal,docker
    ssh-authorized-keys:
      - "${ssh_authorized_key}"