cloudinit.yaml

#cloud-config
package_update: 'true'
package_upgrade: 'true'
packages:
  - make
  - apt-transport-https
  - ca-certificates
  - curl
  - jq
  - wget
  - gnupg
  - lsb-release
  - net-tools

write_files:

  # containerd
  - path: /etc/modules-load.d/containerd.conf
    content: |
      overlay
      br_netfilter
  - path: /etc/sysctl.d/99-kubernetes-cri.conf
    content: |
      net.bridge.bridge-nf-call-iptables  = 1
      net.ipv4.ip_forward                 = 1
      net.bridge.bridge-nf-call-ip6tables = 1

  # crictl
  - path: /etc/crictl.yaml
    content: |
      runtime-endpoint: unix:///var/run/containerd/containerd.sock
      image-endpoint: unix:///var/run/containerd/containerd.sock
      timeout: 10
      debug: false

  # kubernetes
  - path: /etc/modules-load.d/k8s.conf
    content: |
      br_netfilter

runcmd:

  - echo "================================================= CloudInit Phase Install Containerd"
  - DEBIAN_FRONTEND=noninteractive apt-get install -y containerd
  - modprobe overlay
  - modprobe br_netfilter
  - sysctl --system
  - mkdir -p /etc/containerd
  - containerd config default | tee /etc/containerd/config.toml
  - sed -i 's/SystemdCgroup = false/SystemdCgroup = true/g' /etc/containerd/config.toml
  - systemctl restart containerd
  - apt-mark hold containerd

  - echo "================================================= CloudInit Phase Install Kubernetes"
  - sysctl --system
  - swapoff -a
  - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
  - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
  - apt-get update
  - DEBIAN_FRONTEND=noninteractive apt-get install -y kubelet kubeadm kubectl
  - apt-mark hold kubelet kubeadm kubectl
  - systemctl enable --now kubelet
  - kubeadm init --pod-network-cidr=192.168.0.0/16

  - echo "================================================= CloudInit Phase Manage Kube Config"
  - mkdir -p $HOME/.kube
  - cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  - chown $(id -u):$(id -g) $HOME/.kube/config

  - echo "================================================= CloudInit Phase Taint Node"
  - kubectl taint nodes --all node-role.kubernetes.io/control-plane-

  - echo "================================================= CloudInit Phase Install CNI Plugin"
  - kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/tigera-operator.yaml
  - kubectl wait pods -n tigera-operator -l name=tigera-operator --for condition=Ready --timeout=90s
  - kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.25.0/manifests/custom-resources.yaml

  - echo "================================================= CloudInit Phase Install Metrics Server"
  - kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.5.2/components.yaml
  - kubectl patch deployment metrics-server -n kube-system --type 'json' -p '[{"op":"add", "path":"/spec/template/spec/containers/0/args/-", "value":"--kubelet-insecure-tls"}]'

  - echo "================================================= CloudInit Phase Root User Preps"
  - mkdir -p /root/.kube
  - cp -i /etc/kubernetes/admin.conf /root/.kube/config
 
  - echo "================================================= CloudInit Phase Clone Git Repo"
  - git clone https://github.com/stroebitzer/kubermatic-heise-kubernetes-security /root/tmp/training
  - cp -r /root/tmp/training/* /root

  - echo "================================================= CloudInit Phase Run Training Script"
  - /root/setup_training.sh

  - echo "================================================= CloudInit Phase Create ~/.trainingrc File"
  - /root/setup_trainingrc_file.sh

  - echo "================================================= CloudInit Finished Successfully"
  # TODO - reboot