Add modules/k8s-node/cloud-init.yaml.tftpl

2026-02-14 01:12:29 +01:00 · 2026-02-14 01:12:29 +01:00 · c26947696e
commit c26947696e
parent db711a28b9
1 changed files with 100 additions and 0 deletions
--- a/modules/k8s-node/cloud-init.yaml.tftpl
+++ b/modules/k8s-node/cloud-init.yaml.tftpl
@ -0,0 +1,100 @@
+#cloud-config
+# K8s node cloud-init — installs containerd + kubeadm + node_exporter
+# kubeadm init/join is NOT run here — done manually after boot
+
+hostname: ${hostname}
+manage_etc_hosts: true
+disable_root: false
+
+users:
+  - name: root
+    ssh_authorized_keys:
+      - ${ssh_key}
+    shell: /bin/bash
+
+package_update: true
+packages:
+  - apt-transport-https
+  - ca-certificates
+  - curl
+  - gnupg
+
+write_files:
+  # Kernel modules for K8s networking
+  - path: /etc/modules-load.d/k8s.conf
+    content: |
+      overlay
+      br_netfilter
+
+  # Sysctl for K8s networking
+  - path: /etc/sysctl.d/99-kubernetes.conf
+    content: |
+      net.bridge.bridge-nf-call-iptables = 1
+      net.bridge.bridge-nf-call-ip6tables = 1
+      net.ipv4.ip_forward = 1
+
+  # containerd config — systemd cgroup driver (required for kubeadm)
+  - path: /etc/containerd/config.toml
+    content: |
+      version = 2
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
+        runtime_type = "io.containerd.runc.v2"
+      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
+        SystemdCgroup = true
+
+  # node_exporter systemd unit
+  - path: /etc/systemd/system/node_exporter.service
+    content: |
+      [Unit]
+      Description=Prometheus Node Exporter
+      After=network.target
+
+      [Service]
+      User=node_exporter
+      ExecStart=/usr/local/bin/node_exporter
+      Restart=on-failure
+      RestartSec=5
+
+      [Install]
+      WantedBy=multi-user.target
+
+runcmd:
+  # ── Kernel modules ──
+  - modprobe overlay
+  - modprobe br_netfilter
+  - sysctl --system
+
+  # ── Disable swap (required for K8s) ──
+  - swapoff -a
+  - sed -i '/swap/d' /etc/fstab
+
+  # ── Install containerd from Docker repo ──
+  - install -m 0755 -d /etc/apt/keyrings
+  - curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
+  - chmod a+r /etc/apt/keyrings/docker.asc
+  - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo $VERSION_CODENAME) stable" > /etc/apt/sources.list.d/docker.list
+  - apt-get update
+  - apt-get install -y containerd.io
+  - mkdir -p /etc/containerd
+  - systemctl restart containerd
+  - systemctl enable containerd
+
+  # ── Install kubeadm, kubelet, kubectl (v1.31) ──
+  - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.31/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
+  - echo "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
+  - apt-get update
+  - apt-get install -y kubelet kubeadm kubectl
+  - apt-mark hold kubelet kubeadm kubectl
+
+  # ── Install node_exporter for monitoring ──
+  - useradd --no-create-home --shell /bin/false node_exporter
+  - curl -fsSL https://github.com/prometheus/node_exporter/releases/download/v1.10.2/node_exporter-1.10.2.linux-amd64.tar.gz -o /tmp/node_exporter.tar.gz
+  - tar xzf /tmp/node_exporter.tar.gz -C /tmp
+  - cp /tmp/node_exporter-1.10.2.linux-amd64/node_exporter /usr/local/bin/
+  - chown node_exporter:node_exporter /usr/local/bin/node_exporter
+  - rm -rf /tmp/node_exporter*
+  - systemctl daemon-reload
+  - systemctl enable --now node_exporter
+
+  # ── Signal cloud-init completion ──
+  - touch /var/lib/cloud/instance/k8s-ready