2026-02-23 10:35:05 +01:00
1 changed files with 16 additions and 1 deletions
--- a/modules/k8s-node/cloud-init.yaml.tftpl
+++ b/modules/k8s-node/cloud-init.yaml.tftpl
@ -6,6 +6,10 @@ hostname: ${hostname}
 manage_etc_hosts: true
 disable_root: false

+# Runs BEFORE runcmd, on every boot — survives manage_etc_hosts rewrite
+bootcmd:
+  - grep -q '10.10.10.1 gitea' /etc/hosts || echo '10.10.10.1 gitea' >> /etc/hosts
+
 users:
  - name: root
    ssh_authorized_keys:
@ -34,15 +38,26 @@ write_files:
      net.bridge.bridge-nf-call-ip6tables = 1
      net.ipv4.ip_forward = 1

-  # containerd config — systemd cgroup driver (required for kubeadm)
+  # containerd config — systemd cgroup driver + registry mirror path
  - path: /etc/containerd/config.toml
    content: |
      version = 2
+      [plugins."io.containerd.grpc.v1.cri".registry]
+        config_path = "/etc/containerd/certs.d"
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
        runtime_type = "io.containerd.runc.v2"
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
        SystemdCgroup = true

+  # containerd registry mirror for Gitea (10.10.10.1:3000 via loki-tunnel)
+  - path: /etc/containerd/certs.d/10.10.10.1:3000/hosts.toml
+    content: |
+      server = "http://10.10.10.1:3000"
+
+      [host."http://10.10.10.1:3000"]
+        capabilities = ["pull", "resolve", "push"]
+        skip_verify = true
+
  # node_exporter systemd unit
  - path: /etc/systemd/system/node_exporter.service
    content: |