commit 74fde30eebcd0a0e9a3cd736ac70654709f32e92 Author: dtookey Date: Tue Sep 3 09:25:22 2024 -0400 Initital commit diff --git a/docker/blog/Dockerfile b/docker/blog/Dockerfile new file mode 100644 index 0000000..8fe64d8 --- /dev/null +++ b/docker/blog/Dockerfile @@ -0,0 +1,6 @@ +FROM nginx:alpine + +COPY nginx/mime.types /etc/nginx/ +COPY nginx/nginx.conf /etc/nginx/ + +COPY ./dist /usr/share/nginx/html \ No newline at end of file diff --git a/docker/blog/nginx/mime.types b/docker/blog/nginx/mime.types new file mode 100644 index 0000000..60143e0 --- /dev/null +++ b/docker/blog/nginx/mime.types @@ -0,0 +1,68 @@ +types { + text/css css; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.wap.wmlc wmlc; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + application/vnd.openxmlformats-officedocument.wordprocessingml.template dotx; + application/vnd.openxmlformats-officedocument.spreadsheetml.template. xltx; + application/vnd.openxmlformats-officedocument.presentationml.template. potx; +} \ No newline at end of file diff --git a/docker/blog/nginx/nginx.conf b/docker/blog/nginx/nginx.conf new file mode 100644 index 0000000..e8061b2 --- /dev/null +++ b/docker/blog/nginx/nginx.conf @@ -0,0 +1,47 @@ +worker_processes 4; +# nginx.conf +events { + worker_connections 4096; +} + +http { + include /etc/nginx/mime.types; + + sendfile on; + tcp_nopush on; + + open_file_cache max=1000 inactive=20s; + open_file_cache_valid 30s; + open_file_cache_min_uses 2; + open_file_cache_errors on; + + + server { + listen 80; + + server_name lab.gg; + + # Root directory for serving files + root /usr/share/nginx/html; + + # Default file to serve + index index.html index.htm; + + # Logging + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_proxied any; + gzip_types text/html text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + server_tokens off; + + # Enable caching for static content for 15 minutes + location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg|webp|woff|woff2|ttf|otf|eot)$ { + expires 15m; + add_header Cache-Control "public, max-age=900"; + try_files $uri.gz $uri =404; + } + } +} \ No newline at end of file diff --git a/groups/all b/groups/all new file mode 100644 index 0000000..7f135fc --- /dev/null +++ b/groups/all @@ -0,0 +1,6 @@ +ares +artemis +cupid1 +cupid2 +cupid3 +cupid4 \ No newline at end of file diff --git a/groups/compute b/groups/compute new file mode 100644 index 0000000..6700fc9 --- /dev/null +++ b/groups/compute @@ -0,0 +1 @@ +artemis \ No newline at end of file diff --git a/groups/debug b/groups/debug new file mode 100644 index 0000000..0e6a461 --- /dev/null +++ b/groups/debug @@ -0,0 +1,2 @@ +ares +artemis \ No newline at end of file diff --git a/groups/leader b/groups/leader new file mode 100644 index 0000000..dc449c2 --- /dev/null +++ b/groups/leader @@ -0,0 +1 @@ +ares \ No newline at end of file diff --git a/groups/workers b/groups/workers new file mode 100644 index 0000000..a1282a0 --- /dev/null +++ b/groups/workers @@ -0,0 +1,4 @@ +cupid1 +cupid2 +cupid3 +cupid4 \ No newline at end of file diff --git a/kubes/cni/install.sh b/kubes/cni/install.sh new file mode 100755 index 0000000..a4db125 --- /dev/null +++ b/kubes/cni/install.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml \ No newline at end of file diff --git a/kubes/dns/coredns-tolerations.json b/kubes/dns/coredns-tolerations.json new file mode 100644 index 0000000..6237d6a --- /dev/null +++ b/kubes/dns/coredns-tolerations.json @@ -0,0 +1,16 @@ +[ + { + "op": "add", + "path": "/spec/template/spec/tolerations", + "value": [ + { + "effect": "NoSchedule", + "key": "leader" + }, + { + "effect": "NoSchedule", + "key": "node-role.kubernetes.io/control-plane" + } + ] + } +] diff --git a/kubes/dns/flannel.yaml b/kubes/dns/flannel.yaml new file mode 100644 index 0000000..0129379 --- /dev/null +++ b/kubes/dns/flannel.yaml @@ -0,0 +1,211 @@ +--- +kind: Namespace +apiVersion: v1 +metadata: + name: kube-flannel + labels: + k8s-app: flannel + pod-security.kubernetes.io/enforce: privileged +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: flannel + name: flannel +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - get +- apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes/status + verbs: + - patch +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: + k8s-app: flannel + name: flannel +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: flannel +subjects: +- kind: ServiceAccount + name: flannel + namespace: kube-flannel +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + k8s-app: flannel + name: flannel + namespace: kube-flannel +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: kube-flannel-cfg + namespace: kube-flannel + labels: + tier: node + k8s-app: flannel + app: flannel +data: + cni-conf.json: | + { + "name": "cbr0", + "cniVersion": "0.3.1", + "plugins": [ + { + "type": "flannel", + "delegate": { + "hairpinMode": true, + "isDefaultGateway": true + } + }, + { + "type": "portmap", + "capabilities": { + "portMappings": true + } + } + ] + } + net-conf.json: | + { + "Network": "10.244.0.0/16", + "EnableNFTables": false, + "Backend": { + "Type": "vxlan" + } + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: kube-flannel-ds + namespace: kube-flannel + labels: + tier: node + app: flannel + k8s-app: flannel +spec: + selector: + matchLabels: + app: flannel + template: + metadata: + labels: + tier: node + app: flannel + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/os + operator: In + values: + - linux + hostNetwork: true + priorityClassName: system-node-critical + tolerations: + - effect: NoSchedule + key: leader + - operator: Exists + effect: NoSchedule + serviceAccountName: flannel + initContainers: + - name: install-cni-plugin + image: docker.io/flannel/flannel-cni-plugin:v1.5.1-flannel2 + command: + - cp + args: + - -f + - /flannel + - /opt/cni/bin/flannel + volumeMounts: + - name: cni-plugin + mountPath: /opt/cni/bin + - name: install-cni + image: docker.io/flannel/flannel:v0.25.6 + command: + - cp + args: + - -f + - /etc/kube-flannel/cni-conf.json + - /etc/cni/net.d/10-flannel.conflist + volumeMounts: + - name: cni + mountPath: /etc/cni/net.d + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + containers: + - name: kube-flannel + image: docker.io/flannel/flannel:v0.25.6 + command: + - /opt/bin/flanneld + args: + - --ip-masq + - --kube-subnet-mgr + resources: + requests: + cpu: "100m" + memory: "50Mi" + securityContext: + privileged: false + capabilities: + add: ["NET_ADMIN", "NET_RAW"] + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: EVENT_QUEUE_DEPTH + value: "5000" + volumeMounts: + - name: run + mountPath: /run/flannel + - name: flannel-cfg + mountPath: /etc/kube-flannel/ + - name: xtables-lock + mountPath: /run/xtables.lock + volumes: + - name: run + hostPath: + path: /run/flannel + - name: cni-plugin + hostPath: + path: /opt/cni/bin + - name: cni + hostPath: + path: /etc/cni/net.d + - name: flannel-cfg + configMap: + name: kube-flannel-cfg + - name: xtables-lock + hostPath: + path: /run/xtables.lock + type: FileOrCreate diff --git a/kubes/dns/kube-dns.yaml b/kubes/dns/kube-dns.yaml new file mode 100644 index 0000000..e8d91e3 --- /dev/null +++ b/kubes/dns/kube-dns.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: kube-dns + namespace: kube-system + annotations: + prometheus.io/port: "9153" + prometheus.io/scrape: "true" + labels: + k8s-app: kube-dns + kubernetes.io/cluster-service: "true" + kubernetes.io/name: "CoreDNS" +spec: + selector: + k8s-app: kube-dns + clusterIP: 10.96.0.10 + ports: + - name: dns + port: 53 + protocol: UDP + - name: dns-tcp + port: 53 + protocol: TCP \ No newline at end of file diff --git a/kubes/ingress/install.sh b/kubes/ingress/install.sh new file mode 100755 index 0000000..877d0d3 --- /dev/null +++ b/kubes/ingress/install.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +PATH_ROOT=$GOPATH/src/mlog/infra/kubes/ingress + +cd $PATH_ROOT || exit + +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + +helm repo update + +helm upgrade -f tolerations.yaml --install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace diff --git a/kubes/ingress/tolerations.yaml b/kubes/ingress/tolerations.yaml new file mode 100644 index 0000000..d4f01ac --- /dev/null +++ b/kubes/ingress/tolerations.yaml @@ -0,0 +1,14 @@ +controller: + tolerations: + - effect: NoSchedule + key: compute + admissionWebhooks: + patch: + tolerations: + - effect: NoSchedule + key: compute + +defaultBackend: + tolerations: + - effect: NoSchedule + key: compute \ No newline at end of file diff --git a/kubes/metallb/install.sh b/kubes/metallb/install.sh new file mode 100755 index 0000000..81c9163 --- /dev/null +++ b/kubes/metallb/install.sh @@ -0,0 +1,7 @@ +#! /usr/bin/env bash + +PROJECT_ROOT=$GOPATH/src/mlog +cd ${PROJECT_ROOT}/infra/kubes/metallb || exit + +kubectl apply -f loadbalancer.yaml +kubectl create secret generic -n metallb-system memberlist --from-literal=secretkey="$(openssl rand -base64 128)" || true \ No newline at end of file diff --git a/kubes/metallb/loadbalancer.yaml b/kubes/metallb/loadbalancer.yaml new file mode 100644 index 0000000..0181126 --- /dev/null +++ b/kubes/metallb/loadbalancer.yaml @@ -0,0 +1,2029 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + pod-security.kubernetes.io/audit: privileged + pod-security.kubernetes.io/enforce: privileged + pod-security.kubernetes.io/warn: privileged + name: metallb-system +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: bfdprofiles.metallb.io +spec: + group: metallb.io + names: + kind: BFDProfile + listKind: BFDProfileList + plural: bfdprofiles + singular: bfdprofile + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.passiveMode + name: Passive Mode + type: boolean + - jsonPath: .spec.transmitInterval + name: Transmit Interval + type: integer + - jsonPath: .spec.receiveInterval + name: Receive Interval + type: integer + - jsonPath: .spec.detectMultiplier + name: Multiplier + type: integer + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + BFDProfile represents the settings of the bfd session that can be + optionally associated with a BGP session. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BFDProfileSpec defines the desired state of BFDProfile. + properties: + detectMultiplier: + description: |- + Configures the detection multiplier to determine + packet loss. The remote transmission interval will be multiplied + by this value to determine the connection loss detection timer. + format: int32 + maximum: 255 + minimum: 2 + type: integer + echoInterval: + description: |- + Configures the minimal echo receive transmission + interval that this system is capable of handling in milliseconds. + Defaults to 50ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + echoMode: + description: |- + Enables or disables the echo transmission mode. + This mode is disabled by default, and not supported on multi + hops setups. + type: boolean + minimumTtl: + description: |- + For multi hop sessions only: configure the minimum + expected TTL for an incoming BFD control packet. + format: int32 + maximum: 254 + minimum: 1 + type: integer + passiveMode: + description: |- + Mark session as passive: a passive session will not + attempt to start the connection and will wait for control packets + from peer before it begins replying. + type: boolean + receiveInterval: + description: |- + The minimum interval that this system is capable of + receiving control packets in milliseconds. + Defaults to 300ms. + format: int32 + maximum: 60000 + minimum: 10 + type: integer + transmitInterval: + description: |- + The minimum transmission interval (less jitter) + that this system wants to use to send BFD control packets in + milliseconds. Defaults to 300ms + format: int32 + maximum: 60000 + minimum: 10 + type: integer + type: object + status: + description: BFDProfileStatus defines the observed state of BFDProfile. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: bgpadvertisements.metallb.io +spec: + group: metallb.io + names: + kind: BGPAdvertisement + listKind: BGPAdvertisementList + plural: bgpadvertisements + singular: bgpadvertisement + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.ipAddressPools + name: IPAddressPools + type: string + - jsonPath: .spec.ipAddressPoolSelectors + name: IPAddressPool Selectors + type: string + - jsonPath: .spec.peers + name: Peers + type: string + - jsonPath: .spec.nodeSelectors + name: Node Selectors + priority: 10 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + BGPAdvertisement allows to advertise the IPs coming + from the selected IPAddressPools via BGP, setting the parameters of the + BGP Advertisement. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BGPAdvertisementSpec defines the desired state of BGPAdvertisement. + properties: + aggregationLength: + default: 32 + description: The aggregation-length advertisement option lets you + β€œroll up” the /32s into a larger prefix. Defaults to 32. Works for + IPv4 addresses. + format: int32 + minimum: 1 + type: integer + aggregationLengthV6: + default: 128 + description: The aggregation-length advertisement option lets you + β€œroll up” the /128s into a larger prefix. Defaults to 128. Works + for IPv6 addresses. + format: int32 + type: integer + communities: + description: |- + The BGP communities to be associated with the announcement. Each item can be a standard community of the + form 1234:1234, a large community of the form large:1234:1234:1234 or the name of an alias defined in the + Community CRD. + items: + type: string + type: array + ipAddressPoolSelectors: + description: |- + A selector for the IPAddressPools which would get advertised via this advertisement. + If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + localPref: + description: |- + The BGP LOCAL_PREF attribute which is used by BGP best path algorithm, + Path with higher localpref is preferred over one with lower localpref. + format: int32 + type: integer + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + peers: + description: |- + Peers limits the bgppeer to advertise the ips of the selected pools to. + When empty, the loadbalancer IP is announced to all the BGPPeers configured. + items: + type: string + type: array + type: object + status: + description: BGPAdvertisementStatus defines the observed state of BGPAdvertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: bgppeers.metallb.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tDQpNSUlGWlRDQ0EwMmdBd0lCQWdJVU5GRW1XcTM3MVpKdGkrMmlSQzk1WmpBV1MxZ3dEUVlKS29aSWh2Y05BUUVMDQpCUUF3UWpFTE1Ba0dBMVVFQmhNQ1dGZ3hGVEFUQmdOVkJBY01ERVJsWm1GMWJIUWdRMmwwZVRFY01Cb0dBMVVFDQpDZ3dUUkdWbVlYVnNkQ0JEYjIxd1lXNTVJRXgwWkRBZUZ3MHlNakEzTVRrd09UTXlNek5hRncweU1qQTRNVGd3DQpPVE15TXpOYU1FSXhDekFKQmdOVkJBWVRBbGhZTVJVd0V3WURWUVFIREF4RVpXWmhkV3gwSUVOcGRIa3hIREFhDQpCZ05WQkFvTUUwUmxabUYxYkhRZ1EyOXRjR0Z1ZVNCTWRHUXdnZ0lpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElDDQpEd0F3Z2dJS0FvSUNBUUNxVFpxMWZRcC9vYkdlenhES0o3OVB3Ny94azJwellualNzMlkzb1ZYSm5sRmM4YjVlDQpma2ZZQnY2bndscW1keW5PL2phWFBaQmRQSS82aFdOUDBkdVhadEtWU0NCUUpyZzEyOGNXb3F0MGNTN3pLb1VpDQpvcU1tQ0QvRXVBeFFNZjhRZDF2c1gvVllkZ0poVTZBRXJLZEpIaXpFOUJtUkNkTDBGMW1OVW55Rk82UnRtWFZUDQpidkxsTDVYeTc2R0FaQVBLOFB4aVlDa0NtbDdxN0VnTWNiOXlLWldCYmlxQ3VkTXE5TGJLNmdKNzF6YkZnSXV4DQo1L1pXK2JraTB2RlplWk9ZODUxb1psckFUNzJvMDI4NHNTWW9uN0pHZVZkY3NoUnh5R1VpSFpSTzdkaXZVTDVTDQpmM2JmSDFYbWY1ZDQzT0NWTWRuUUV2NWVaOG8zeWVLa3ZrbkZQUGVJMU9BbjdGbDlFRVNNR2dhOGFaSG1URSttDQpsLzlMSmdDYjBnQmtPT0M0WnV4bWh2aERKV1EzWnJCS3pMQlNUZXN0NWlLNVlwcXRWVVk2THRyRW9FelVTK1lsDQpwWndXY2VQWHlHeHM5ZURsR3lNVmQraW15Y3NTU1UvVno2Mmx6MnZCS21NTXBkYldDQWhud0RsRTVqU2dyMjRRDQp0eGNXLys2N3d5KzhuQlI3UXdqVTFITndVRjBzeERWdEwrZ1NHVERnSEVZSlhZelYvT05zMy94TkpoVFNPSkxNDQpoeXNVdyttaGdackdhbUdXcHVIVU1DUitvTWJzMTc1UkcrQjJnUFFHVytPTjJnUTRyOXN2b0ZBNHBBQm8xd1dLDQpRYjRhY3pmeVVscElBOVFoSmFsZEY3S3dPSHVlV3gwRUNrNXg0T2tvVDBvWVp0dzFiR0JjRGtaSmF3SURBUUFCDQpvMU13VVRBZEJnTlZIUTRFRmdRVW90UlNIUm9IWTEyRFZ4R0NCdEhpb1g2ZmVFQXdId1lEVlIwakJCZ3dGb0FVDQpvdFJTSFJvSFkxMkRWeEdDQnRIaW9YNmZlRUF3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCDQpBUXNGQUFPQ0FnRUFSbkpsWWRjMTFHd0VxWnh6RDF2R3BDR2pDN2VWTlQ3aVY1d3IybXlybHdPYi9aUWFEa0xYDQpvVStaOVVXT1VlSXJTdzUydDdmQUpvVVAwSm5iYkMveVIrU1lqUGhvUXNiVHduOTc2ZldBWTduM3FMOXhCd1Y0DQphek41OXNjeUp0dlhMeUtOL2N5ak1ReDRLajBIMFg0bWJ6bzVZNUtzWWtYVU0vOEFPdWZMcEd0S1NGVGgrSEFDDQpab1Q5YnZHS25adnNHd0tYZFF0Wnh0akhaUjVqK3U3ZGtQOTJBT051RFNabS8rWVV4b2tBK09JbzdSR3BwSHNXDQo1ZTdNY0FTVXRtb1FORXd6dVFoVkJaRWQ1OGtKYjUrV0VWbGNzanlXNnRTbzErZ25tTWNqR1BsMWgxR2hVbjV4DQpFY0lWRnBIWXM5YWo1NmpBSjk1MVQvZjhMaWxmTlVnanBLQ0c1bnl0SUt3emxhOHNtdGlPdm1UNEpYbXBwSkI2DQo4bmdHRVluVjUrUTYwWFJ2OEhSSGp1VG9CRHVhaERrVDA2R1JGODU1d09FR2V4bkZpMXZYWUxLVllWb1V2MXRKDQo4dVdUR1pwNllDSVJldlBqbzg5ZytWTlJSaVFYUThJd0dybXE5c0RoVTlqTjA0SjdVL1RvRDFpNHE3VnlsRUc5DQorV1VGNkNLaEdBeTJIaEhwVncyTGFoOS9lUzdZMUZ1YURrWmhPZG1laG1BOCtqdHNZamJadnR5Mm1SWlF0UUZzDQpUU1VUUjREbUR2bVVPRVRmeStpRHdzK2RkWXVNTnJGeVVYV2dkMnpBQU4ydVl1UHFGY2pRcFNPODFzVTJTU3R3DQoxVzAyeUtYOGJEYmZFdjBzbUh3UzliQnFlSGo5NEM1Mjg0YXpsdTBmaUdpTm1OUEM4ckJLRmhBPQ0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + service: + name: metallb-webhook-service + namespace: metallb-system + path: /convert + conversionReviewVersions: + - v1beta1 + - v1beta2 + group: metallb.io + names: + kind: BGPPeer + listKind: BGPPeerList + plural: bgppeers + singular: bgppeer + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.peerAddress + name: Address + type: string + - jsonPath: .spec.peerASN + name: ASN + type: string + - jsonPath: .spec.bfdProfile + name: BFD Profile + type: string + - jsonPath: .spec.ebgpMultiHop + name: Multi Hops + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + type: string + ebgpMultiHop: + description: EBGP peer is multi-hops away + type: boolean + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: |- + Only connect to this peer on nodes that match one of these + selectors. + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + minItems: 1 + type: array + required: + - key + - operator + - values + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.peerAddress + name: Address + type: string + - jsonPath: .spec.peerASN + name: ASN + type: string + - jsonPath: .spec.bfdProfile + name: BFD Profile + type: string + - jsonPath: .spec.ebgpMultiHop + name: Multi Hops + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: BGPPeer is the Schema for the peers API. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: BGPPeerSpec defines the desired state of Peer. + properties: + bfdProfile: + description: The name of the BFD Profile to be used for the BFD session + associated to the BGP session. If not set, the BFD session won't + be set up. + type: string + connectTime: + description: Requested BGP connect time, controls how long BGP waits + between connection attempts to a neighbor. + type: string + x-kubernetes-validations: + - message: connect time should be between 1 seconds to 65535 + rule: duration(self).getSeconds() >= 1 && duration(self).getSeconds() + <= 65535 + - message: connect time should contain a whole number of seconds + rule: duration(self).getMilliseconds() % 1000 == 0 + disableMP: + default: false + description: To set if we want to disable MP BGP that will separate + IPv4 and IPv6 route exchanges into distinct BGP sessions. + type: boolean + ebgpMultiHop: + description: To set if the BGPPeer is multi-hops away. Needed for + FRR mode only. + type: boolean + enableGracefulRestart: + description: |- + EnableGracefulRestart allows BGP peer to continue to forward data packets along + known routes while the routing protocol information is being restored. + This field is immutable because it requires restart of the BGP session + Supported for FRR mode only. + type: boolean + x-kubernetes-validations: + - message: EnableGracefulRestart cannot be changed after creation + rule: self == oldSelf + holdTime: + description: Requested BGP hold time, per RFC4271. + type: string + keepaliveTime: + description: Requested BGP keepalive time, per RFC4271. + type: string + myASN: + description: AS number to use for the local end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + nodeSelectors: + description: |- + Only connect to this peer on nodes that match one of these + selectors. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + password: + description: Authentication password for routers enforcing TCP MD5 + authenticated sessions + type: string + passwordSecret: + description: |- + passwordSecret is name of the authentication secret for BGP Peer. + the secret must be of type "kubernetes.io/basic-auth", and created in the + same namespace as the MetalLB deployment. The password is stored in the + secret as the key "password". + properties: + name: + description: name is unique within a namespace to reference a + secret resource. + type: string + namespace: + description: namespace defines the space within which the secret + name must be unique. + type: string + type: object + x-kubernetes-map-type: atomic + peerASN: + description: AS number to expect from the remote end of the session. + format: int32 + maximum: 4294967295 + minimum: 0 + type: integer + peerAddress: + description: Address to dial when establishing the session. + type: string + peerPort: + default: 179 + description: Port to dial when establishing the session. + maximum: 16384 + minimum: 0 + type: integer + routerID: + description: BGP router ID to advertise to the peer + type: string + sourceAddress: + description: Source address to use when establishing the session. + type: string + vrf: + description: |- + To set if we want to peer with the BGPPeer using an interface belonging to + a host vrf + type: string + required: + - myASN + - peerASN + - peerAddress + type: object + status: + description: BGPPeerStatus defines the observed state of Peer. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: communities.metallb.io +spec: + group: metallb.io + names: + kind: Community + listKind: CommunityList + plural: communities + singular: community + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: |- + Community is a collection of aliases for communities. + Users can define named aliases to be used in the BGPPeer CRD. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: CommunitySpec defines the desired state of Community. + properties: + communities: + items: + properties: + name: + description: The name of the alias for the community. + type: string + value: + description: |- + The BGP community value corresponding to the given name. Can be a standard community of the form 1234:1234 + or a large community of the form large:1234:1234:1234. + type: string + type: object + type: array + type: object + status: + description: CommunityStatus defines the observed state of Community. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: ipaddresspools.metallb.io +spec: + group: metallb.io + names: + kind: IPAddressPool + listKind: IPAddressPoolList + plural: ipaddresspools + singular: ipaddresspool + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.autoAssign + name: Auto Assign + type: boolean + - jsonPath: .spec.avoidBuggyIPs + name: Avoid Buggy IPs + type: boolean + - jsonPath: .spec.addresses + name: Addresses + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + IPAddressPool represents a pool of IP addresses that can be allocated + to LoadBalancer services. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: IPAddressPoolSpec defines the desired state of IPAddressPool. + properties: + addresses: + description: |- + A list of IP address ranges over which MetalLB has authority. + You can list multiple ranges in a single pool, they will all share the + same settings. Each range can be either a CIDR prefix, or an explicit + start-end range of IPs. + items: + type: string + type: array + autoAssign: + default: true + description: |- + AutoAssign flag used to prevent MetallB from automatic allocation + for a pool. + type: boolean + avoidBuggyIPs: + default: false + description: |- + AvoidBuggyIPs prevents addresses ending with .0 and .255 + to be used by a pool. + type: boolean + serviceAllocation: + description: |- + AllocateTo makes ip pool allocation to specific namespace and/or service. + The controller will use the pool with lowest value of priority in case of + multiple matches. A pool with no priority set will be used only if the + pools with priority can't be used. If multiple matching IPAddressPools are + available it will check for the availability of IPs sorting the matching + IPAddressPools by priority, starting from the highest to the lowest. If + multiple IPAddressPools have the same priority, choice will be random. + properties: + namespaceSelectors: + description: |- + NamespaceSelectors list of label selectors to select namespace(s) for ip pool, + an alternative to using namespace list. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + namespaces: + description: Namespaces list of namespace(s) on which ip pool + can be attached. + items: + type: string + type: array + priority: + description: Priority priority given for ip pool while ip allocation + on a service. + type: integer + serviceSelectors: + description: |- + ServiceSelectors list of label selector to select service(s) for which ip pool + can be used for ip allocation. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + type: object + required: + - addresses + type: object + status: + description: IPAddressPoolStatus defines the observed state of IPAddressPool. + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: l2advertisements.metallb.io +spec: + group: metallb.io + names: + kind: L2Advertisement + listKind: L2AdvertisementList + plural: l2advertisements + singular: l2advertisement + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.ipAddressPools + name: IPAddressPools + type: string + - jsonPath: .spec.ipAddressPoolSelectors + name: IPAddressPool Selectors + type: string + - jsonPath: .spec.interfaces + name: Interfaces + type: string + - jsonPath: .spec.nodeSelectors + name: Node Selectors + priority: 10 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: |- + L2Advertisement allows to advertise the LoadBalancer IPs provided + by the selected pools via L2. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: L2AdvertisementSpec defines the desired state of L2Advertisement. + properties: + interfaces: + description: |- + A list of interfaces to announce from. The LB IP will be announced only from these interfaces. + If the field is not set, we advertise from all the interfaces on the host. + items: + type: string + type: array + ipAddressPoolSelectors: + description: |- + A selector for the IPAddressPools which would get advertised via this advertisement. + If no IPAddressPool is selected by this or by the list, the advertisement is applied to all the IPAddressPools. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + ipAddressPools: + description: The list of IPAddressPools to advertise via this advertisement, + selected by name. + items: + type: string + type: array + nodeSelectors: + description: NodeSelectors allows to limit the nodes to announce as + next hops for the LoadBalancer IP. When empty, all the nodes having are + announced as next hops. + items: + description: |- + A label selector is a label query over a set of resources. The result of matchLabels and + matchExpressions are ANDed. An empty label selector matches all objects. A null + label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: array + type: object + status: + description: L2AdvertisementStatus defines the observed state of L2Advertisement. + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.14.0 + name: servicel2statuses.metallb.io +spec: + group: metallb.io + names: + kind: ServiceL2Status + listKind: ServiceL2StatusList + plural: servicel2statuses + singular: servicel2status + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.node + name: Allocated Node + type: string + - jsonPath: .status.serviceName + name: Service Name + type: string + - jsonPath: .status.serviceNamespace + name: Service Namespace + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ServiceL2Status reveals the actual traffic status of loadbalancer + services in layer2 mode. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ServiceL2StatusSpec defines the desired state of ServiceL2Status. + type: object + status: + description: MetalLBServiceL2Status defines the observed state of ServiceL2Status. + properties: + interfaces: + description: Interfaces indicates the interfaces that receive the + directed traffic + items: + description: InterfaceInfo defines interface info of layer2 announcement. + properties: + name: + description: Name the name of network interface card + type: string + type: object + type: array + node: + description: Node indicates the node that receives the directed traffic + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + serviceName: + description: ServiceName indicates the service this status represents + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + serviceNamespace: + description: ServiceNamespace indicates the namespace of the service + type: string + x-kubernetes-validations: + - message: Value is immutable + rule: self == oldSelf + type: object + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metallb + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resourceNames: + - memberlist + resources: + - secrets + verbs: + - list +- apiGroups: + - apps + resourceNames: + - controller + resources: + - deployments + verbs: + - get +- apiGroups: + - metallb.io + resources: + - bgppeers + verbs: + - get + - list +- apiGroups: + - metallb.io + resources: + - bfdprofiles + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - ipaddresspools + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - bgpadvertisements + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - l2advertisements + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - communities + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +rules: +- apiGroups: + - "" + resources: + - pods + verbs: + - list + - get +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - bfdprofiles + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - bgppeers + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - l2advertisements + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - bgpadvertisements + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - ipaddresspools + verbs: + - get + - list + - watch +- apiGroups: + - metallb.io + resources: + - communities + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:controller +rules: +- apiGroups: + - "" + resources: + - services + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - nodes + verbs: + - list +- apiGroups: + - "" + resources: + - services/status + verbs: + - update +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - controller + resources: + - podsecuritypolicies + verbs: + - use +- apiGroups: + - admissionregistration.k8s.io + resourceNames: + - metallb-webhook-configuration + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resourceNames: + - bfdprofiles.metallb.io + - bgpadvertisements.metallb.io + - bgppeers.metallb.io + - ipaddresspools.metallb.io + - l2advertisements.metallb.io + - communities.metallb.io + resources: + - customresourcedefinitions + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app: metallb + name: metallb-system:speaker +rules: +- apiGroups: + - metallb.io + resources: + - servicel2statuses + - servicel2statuses/status + verbs: + - '*' +- apiGroups: + - "" + resources: + - services + - endpoints + - nodes + - namespaces + verbs: + - get + - list + - watch +- apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch +- apiGroups: + - policy + resourceNames: + - speaker + resources: + - podsecuritypolicies + verbs: + - use +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: controller + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + labels: + app: metallb + name: pod-lister + namespace: metallb-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-lister +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:controller +subjects: +- kind: ServiceAccount + name: controller + namespace: metallb-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + labels: + app: metallb + name: metallb-system:speaker +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: metallb-system:speaker +subjects: +- kind: ServiceAccount + name: speaker + namespace: metallb-system +--- +apiVersion: v1 +data: + excludel2.yaml: | + announcedInterfacesToExclude: ["^docker.*", "^cbr.*", "^dummy.*", "^virbr.*", "^lxcbr.*", "^veth.*", "^lo$", "^cali.*", "^tunl.*", "^flannel.*", "^kube-ipvs.*", "^cni.*", "^nodelocaldns.*"] +kind: ConfigMap +metadata: + name: metallb-excludel2 + namespace: metallb-system +--- +apiVersion: v1 +kind: Secret +metadata: + name: metallb-webhook-cert + namespace: metallb-system +--- +apiVersion: v1 +kind: Service +metadata: + name: metallb-webhook-service + namespace: metallb-system +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + component: controller +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: metallb + component: controller + name: controller + namespace: metallb-system +spec: + revisionHistoryLimit: 3 + selector: + matchLabels: + app: metallb + component: controller + template: + metadata: + annotations: + prometheus.io/port: "7472" + prometheus.io/scrape: "true" + labels: + app: metallb + component: controller + spec: + tolerations: + - effect: NoSchedule + key: leader + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + containers: + - args: + - --port=7472 + - --log-level=info + - --tls-min-version=VersionTLS12 + env: + - name: METALLB_ML_SECRET_NAME + value: memberlist + - name: METALLB_DEPLOYMENT + value: controller + image: quay.io/metallb/controller:v0.14.8 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: monitoring + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: controller + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 9443 + name: webhook-server + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: monitoring + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - all + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + nodeSelector: + kubernetes.io/os: linux + securityContext: + fsGroup: 65534 + runAsNonRoot: true + runAsUser: 65534 + serviceAccountName: controller + terminationGracePeriodSeconds: 0 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: metallb-webhook-cert +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + app: metallb + component: speaker + name: speaker + namespace: metallb-system +spec: + selector: + matchLabels: + app: metallb + component: speaker + template: + metadata: + annotations: + prometheus.io/port: "7472" + prometheus.io/scrape: "true" + labels: + app: metallb + component: speaker + spec: + containers: + - args: + - --port=7472 + - --log-level=info + env: + - name: METALLB_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: METALLB_POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: METALLB_HOST + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: METALLB_ML_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: METALLB_ML_LABELS + value: app=metallb,component=speaker + - name: METALLB_ML_SECRET_KEY_PATH + value: /etc/ml_secret_key + image: quay.io/metallb/speaker:v0.14.8 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: monitoring + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + name: speaker + ports: + - containerPort: 7472 + name: monitoring + - containerPort: 7946 + name: memberlist-tcp + - containerPort: 7946 + name: memberlist-udp + protocol: UDP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /metrics + port: monitoring + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_RAW + drop: + - ALL + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /etc/ml_secret_key + name: memberlist + readOnly: true + - mountPath: /etc/metallb + name: metallb-excludel2 + readOnly: true + hostNetwork: true + nodeSelector: + kubernetes.io/os: linux + serviceAccountName: speaker + terminationGracePeriodSeconds: 2 + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: compute + volumes: + - name: memberlist + secret: + defaultMode: 420 + secretName: memberlist + - configMap: + defaultMode: 256 + name: metallb-excludel2 + name: metallb-excludel2 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: metallb-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta2-bgppeer + failurePolicy: Fail + name: bgppeersvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta2 + operations: + - CREATE + - UPDATE + resources: + - bgppeers + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta1-bfdprofile + failurePolicy: Fail + name: bfdprofilevalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - DELETE + resources: + - bfdprofiles + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta1-bgpadvertisement + failurePolicy: Fail + name: bgpadvertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - bgpadvertisements + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta1-community + failurePolicy: Fail + name: communityvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - communities + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta1-ipaddresspool + failurePolicy: Fail + name: ipaddresspoolvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - ipaddresspools + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: metallb-webhook-service + namespace: metallb-system + path: /validate-metallb-io-v1beta1-l2advertisement + failurePolicy: Fail + name: l2advertisementvalidationwebhook.metallb.io + rules: + - apiGroups: + - metallb.io + apiVersions: + - v1beta1 + operations: + - CREATE + - UPDATE + resources: + - l2advertisements + sideEffects: None +--- +apiVersion: v1 +kind: ConfigMap +metadata: + namespace: metallb-system + name: config +data: + config: | + address-pools: + - name: homelab + protocol: layer2 + addresses: + - 10.1.2.1-10.1.2.250 +--- +apiVersion: metallb.io/v1beta1 +kind: IPAddressPool +metadata: + name: default + namespace: metallb-system +spec: + addresses: + - 10.1.2.1/32 + - 10.1.2.2/32 + - 10.1.2.3/32 + - 10.1.2.4/32 + - 10.1.2.5/32 + - 10.1.2.6/32 + autoAssign: true +--- +apiVersion: metallb.io/v1beta1 +kind: L2Advertisement +metadata: + name: default + namespace: metallb-system +spec: + ipAddressPools: + - default diff --git a/kubes/proofofconcept/create-registry-secret.sh b/kubes/proofofconcept/create-registry-secret.sh new file mode 100755 index 0000000..42803d5 --- /dev/null +++ b/kubes/proofofconcept/create-registry-secret.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash +read -p "Enter the hostname: " hostname +read -p "Enter the username: " username +read -sp "Enter the secret: " secret + +kubectl create secret -n proof-of-concept docker-registry regsecret --docker-server=${hostname} --docker-username=${username} --docker-password=${secret} \ No newline at end of file diff --git a/kubes/proofofconcept/poc-deployment.yaml b/kubes/proofofconcept/poc-deployment.yaml new file mode 100644 index 0000000..4649869 --- /dev/null +++ b/kubes/proofofconcept/poc-deployment.yaml @@ -0,0 +1,68 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: proof-of-concept +--- +apiVersion: v1 +kind: Service +metadata: + name: proof-of-concept + namespace: proof-of-concept +spec: + type: NodePort + selector: + app: proof-of-concept + ports: + - protocol: TCP + port: 60000 + targetPort: 80 +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: ingress + namespace: proof-of-concept +spec: + ingressClassName: nginx + rules: + - host: lab.gg + http: + paths: + - pathType: Prefix + path: / + backend: + service: + name: proof-of-concept + port: + number: 60000 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + namespace: proof-of-concept + name: blog-static + labels: + app: proof-of-concept +spec: + replicas: 4 + selector: + matchLabels: + app: proof-of-concept + template: + metadata: + labels: + app: proof-of-concept + spec: + tolerations: + - key: "worker" + operator: "Exists" + effect: "NoSchedule" + imagePullSecrets: + - name: regsecret + containers: + - name: static-blog + image: registry.geniuscartel.xyz/virgil/mlog:latest + imagePullPolicy: Always + ports: + - containerPort: 80 +--- diff --git a/rpi/cupid/network-config.yaml b/rpi/cupid/network-config.yaml new file mode 100755 index 0000000..8667814 --- /dev/null +++ b/rpi/cupid/network-config.yaml @@ -0,0 +1,15 @@ +network: + version: 2 + + ethernets: + eth0: + dhcp4: false + addresses: + - 10.1.1.x/16 + routes: + - to: default + via: 10.1.70.1 + metric: 100 + on-link: true + nameservers: + addresses: [10.1.70.1] \ No newline at end of file diff --git a/rpi/cupid/user-data.yaml b/rpi/cupid/user-data.yaml new file mode 100755 index 0000000..1d22b95 --- /dev/null +++ b/rpi/cupid/user-data.yaml @@ -0,0 +1,51 @@ +#cloud-config +hostname: cupidX + +# here's the reference: https://docs.cloud-init.io/en/latest/reference/examples.html#including-users-and-groups + +manage_etc_hosts: true +timezone: America/New_York + +ssh_pwauth: false +users: + - name: virgil + groups: users,adm,dialout,netdev,plugdev,cdrom,input,gpio,spi,i2c,render,sudo,docker + shell: /bin/bash + lock_passwd: false + passwd: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA + sudo: ALL=(ALL) NOPASSWD:ALL + ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx + +package_update: true +package_upgrade: true +apt: + conf: | + Acquire { + Check-Date "false"; + }; + +packages: + - rsync + - ca-certificates + - neovim + - fail2ban + - net-tools + - linux-modules-extra-raspi + - htop + - docker-ce + - docker-ce-cli + - containerd.io + - ebtables + - ethtool + - apt-transport-https + +runcmd: +- echo " cgroup_enable=cpuset cgroup_enable=memory cgroup_memory=1" | tee -a /boot/firmware/cmdline.txt > /dev/null + +power_state: + delay: now + timeout: 5 + mode: reboot + message: Rebooting machine \ No newline at end of file diff --git a/scripts/deploy/finish_preseeded_ubuntu.sh b/scripts/deploy/finish_preseeded_ubuntu.sh new file mode 100755 index 0000000..222f7c9 --- /dev/null +++ b/scripts/deploy/finish_preseeded_ubuntu.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env bash + +PROJECT_ROOT=$GOPATH/src/mlog + + +# Function to display usage +usage() { + echo "Usage: $0 -n " + exit 1 +} + +# Parse command-line arguments +while getopts "n:" opt; do + case $opt in + n) HOST_NAME="$OPTARG" ;; + *) usage ;; + esac +done + +rsync -avP ./infra/ubuntu/bootstrap-ubuntu.sh ${HOST_NAME}:~/ + +ssh ${HOST_NAME} "sudo /bin/bash ./bootstrap-ubuntu.sh" + +ssh ${HOST_NAME} "rm ~/bootstrap-ubuntu.sh" diff --git a/scripts/deploy/kube_leader.sh b/scripts/deploy/kube_leader.sh new file mode 100755 index 0000000..839e3b3 --- /dev/null +++ b/scripts/deploy/kube_leader.sh @@ -0,0 +1,29 @@ +#! /usr/bin/env bash + +PROJECT_ROOT=$GOPATH/src/mlog + + +# Function to display usage +usage() { + echo "Usage: $0 -n " + exit 1 +} + +# Parse command-line arguments +while getopts "n:" opt; do + case $opt in + n) HOST_NAME="$OPTARG" ;; + *) usage ;; + esac +done + + +ssh -t ${HOST_NAME} "sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --cri-socket=unix:///run/containerd/containerd.sock" +ssh -t ${HOST_NAME} "mkdir -p ~/.kube && sudo cp /etc/kubernetes/admin.conf /home/virgil/.kube/config && sudo chown virgil:virgil /home/virgil/.kube/config" + +rm ~/.kube/config + +rsync -avP ${HOST_NAME}:~/.kube/config ~/.kube/config + + +kubectl taint nodes ${HOST_NAME} leader=:NoSchedule \ No newline at end of file diff --git a/scripts/deploy/kube_worker.sh b/scripts/deploy/kube_worker.sh new file mode 100755 index 0000000..19ac27b --- /dev/null +++ b/scripts/deploy/kube_worker.sh @@ -0,0 +1,33 @@ +#! /usr/bin/env bash + +PROJECT_ROOT=$GOPATH/src/mlog + + +# Function to display usage +usage() { + echo "Usage: $0 -n " + exit 1 +} + +# Parse command-line arguments +while getopts "n:r:" opt; do + case $opt in + n) HOST_NAME="$OPTARG" ;; + r) ROLE="$OPTARG" ;; + *) usage ;; + esac +done + +if [ -z $HOST_NAME ]; then + echo "Please provide a hostname with -n" + usage + exit +fi + +SERVER_TOKEN=$(ssh ares "sudo kubeadm token create") + +ssh ${HOST_NAME} "sudo kubeadm join 10.1.1.2:6443 --token ${SERVER_TOKEN} --discovery-token-ca-cert-hash sha256:63acb4dee8a6d0870f2a3312fd9091fabf443712cd2a9de74c3cf13ed33124b6" + +if [ ! -z $ROLE ]; then + kubectl taint node ${HOST_NAME} ${ROLE}=:NoSchedule +fi \ No newline at end of file diff --git a/scripts/deploy/reformat_x86.sh b/scripts/deploy/reformat_x86.sh new file mode 100755 index 0000000..53880cd --- /dev/null +++ b/scripts/deploy/reformat_x86.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +cd $GOPATH/src/mlog || exit + +ssh ares "sudo efibootmgr --bootnext 000B > /dev/null" +ssh ares "sudo shutdown -r now" + +#ssh artemis "sudo efibootmgr --bootnext 000B > /dev/null" +#ssh artemis "sudo shutdown -r now" diff --git a/scripts/preseed/generate_install_image_rpi.sh b/scripts/preseed/generate_install_image_rpi.sh new file mode 100755 index 0000000..71d3717 --- /dev/null +++ b/scripts/preseed/generate_install_image_rpi.sh @@ -0,0 +1,34 @@ +#! /usr/bin/env zsh + +FILE_PATH="/Volumes/system-boot" + +# Function to display usage +usage() { + echo "Usage: $0 -c " + exit 1 +} + +# Parse command-line arguments +while getopts "c:" opt; do + case $opt in + c) CUPID_ID="$OPTARG" ;; + *) usage ;; + esac +done + +# Check if HOST_NAME and HOST are set +if [ -z "$CUPID_ID" ] ; then + echo "Error: CUPID_ID must be provided." + usage +fi + + + +rm /Volumes/system-boot/user-data /Volumes/system-boot/network-config +rsync -avP $GOPATH/src/mlog/infra/rpi/cupid/network-config.yaml "${FILE_PATH}/network-config" +rsync -avP $GOPATH/src/mlog/infra/rpi/cupid/user-data.yaml "${FILE_PATH}/user-data" + +sed -i -e 's,10.1.1.x,10.1.1.'$(expr 4 + $CUPID_ID)',g' "${FILE_PATH}/network-config" +sed -i -e 's,cupidX,cupid'${CUPID_ID}',g' "${FILE_PATH}/user-data" + +rm ${FILE_PATH}/*-e \ No newline at end of file diff --git a/scripts/preseed/generate_install_iso_ubuntu.sh b/scripts/preseed/generate_install_iso_ubuntu.sh new file mode 100755 index 0000000..688aa8c --- /dev/null +++ b/scripts/preseed/generate_install_iso_ubuntu.sh @@ -0,0 +1,24 @@ +#! /usr/bin/env bash + +PROJECT_ROOT=$GOPATH/src/mlog +USER=virgil + + +# Function to display usage +usage() { + echo "Usage: $0 -n " + exit 1 +} + +# Parse command-line arguments +while getopts "n:" opt; do + case $opt in + n) HOST_NAME="$OPTARG" ;; + *) usage ;; + esac +done + +rsync -avP infra/ubuntu/autoinstaller-generate.sh atlas:/olympus/samba/linux/ag.sh +rsync -avP "infra/ubuntu/user-data.${HOST_NAME}.yaml" atlas:/olympus/samba/linux/user-data || exit + +ssh -t atlas "cd /olympus/samba/linux && sudo chmod a+x ./ag.sh && ./ag.sh -a -u ./user-data -d ${HOST_NAME}.iso && rm ag.sh user-data" \ No newline at end of file diff --git a/scripts/preseed/local_iso.sh b/scripts/preseed/local_iso.sh new file mode 100755 index 0000000..ae3989b --- /dev/null +++ b/scripts/preseed/local_iso.sh @@ -0,0 +1,29 @@ +#! /usr/bin/env bash +BUILD_ROOT=~/build +PROJECT_ROOT=$GOPATH/src/mlog +USER=virgil + + +# Function to display usage +usage() { + echo "Usage: $0 -n " + exit 1 +} + +# Parse command-line arguments +while getopts "n:" opt; do + case $opt in + n) HOST_NAME="$OPTARG" ;; + *) usage ;; + esac +done + +mkdir -p ${BUILD_ROOT} +cd $BUILD_ROOT || exit + +rm ${HOST_NAME}.iso || true +sudo chown dtookey:dtookey ./* + +rsync -avP "$PROJECT_ROOT/infra/ubuntu/autoinstaller-generate.sh" ./ag.sh +chmod a+x ./ag.sh +./ag.sh -a -u ${PROJECT_ROOT}/infra/ubuntu/user-data.${HOST_NAME}.yaml -d ${HOST_NAME}.iso diff --git a/scripts/preseed/xorriso_cmd.sh b/scripts/preseed/xorriso_cmd.sh new file mode 100755 index 0000000..b6176b9 --- /dev/null +++ b/scripts/preseed/xorriso_cmd.sh @@ -0,0 +1,3 @@ +#! /usr/bin/env bash + +xorriso -indev $1 -report_el_torito as_mkisofs \ No newline at end of file diff --git a/scripts/setup/0-install_kubes.sh b/scripts/setup/0-install_kubes.sh new file mode 100755 index 0000000..26d1a3f --- /dev/null +++ b/scripts/setup/0-install_kubes.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env bash +set -xe + +cd $GOPATH/src/mlog || exit +USER_NAME=virgil +#clear out old known_host entries +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.2" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.3" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.4" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.5" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.6" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.7" || true +ssh-keygen -f "/home/dtookey/.ssh/known_hosts" -R "10.1.1.8" || true + +ssh -t ares "echo \"virgil ALL=(ALL) NOPASSWD:ALL\" | sudo tee /etc/sudoers.d/passwordless > /dev/null" +ssh ares "echo \"ares checked in\"" + +ssh -t artemis "echo \"virgil ALL=(ALL) NOPASSWD:ALL\" | sudo tee /etc/sudoers.d/passwordless > /dev/null" +ssh artemis "sudo sed -i -e 's/#HandleLidSwitch=suspend/HandleLidSwitch=ignore/g' /etc/systemd/logind.conf" +ssh artemis "sudo systemctl restart systemd-logind.service" +ssh artemis "echo \"artemis checked in\"" + +ssh cupid1 "echo \"cupid1 checked in\"" +ssh cupid2 "echo \"cupid2 checked in\"" +ssh cupid3 "echo \"cupid3 checked in\"" +ssh cupid4 "echo \"cupid4 checked in\"" + + +parallel -a infra/groups/all ./scripts/deploy/finish_preseeded_ubuntu.sh -n {} + +./scripts/deploy/kube_leader.sh -n ares + +echo "fix infra/scripts/deploy/kube_worker.sh and then run the following command:" +echo "scripts/setup/1-finish-config.sh" \ No newline at end of file diff --git a/scripts/setup/1-finish-config.sh b/scripts/setup/1-finish-config.sh new file mode 100755 index 0000000..e7bc17c --- /dev/null +++ b/scripts/setup/1-finish-config.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash +set -xe +cd $GOPATH/src/mlog || exit +#parallel -a ./infra/groups/workers ./scripts/deploy/kube_worker.sh -n {} -r worker +#parallel -a ./infra/groups/compute ./scripts/deploy/kube_worker.sh -n {} -r compute + +kubectl apply -f infra/kubes/dns/flannel.yaml +kubectl apply -f infra/kubes/dns/kube-dns.yaml + +./infra/kubes/cni/install.sh + +kubectl patch deployment coredns -n kube-system --type json --patch "$(cat infra/kubes/dns/coredns-tolerations.json)" +kubectl patch deployment calico-kube-controllers -n kube-system --type json --patch "$(cat infra/kubes/dns/coredns-tolerations.json)" + +./infra/kubes/metallb/install.sh + +./infra/kubes/ingress/install.sh + +kubectl apply -f infra/kubes/proofofconcept/poc-deployment.yaml +./infra/kubes/proofofconcept/create-registry-secret.sh diff --git a/scripts/taint/default-taints.sh b/scripts/taint/default-taints.sh new file mode 100644 index 0000000..694c602 --- /dev/null +++ b/scripts/taint/default-taints.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env bash + +kubectl taint nodes cupid1 cupid2 cupid3 cupid4 worker=:NoSchedule +kubectl taint nodes artemis talos compute=:NoSchedule +kubectl taint nodes ares leader=:NoSchedule \ No newline at end of file diff --git a/ubuntu/autoinstaller-generate.sh b/ubuntu/autoinstaller-generate.sh new file mode 100755 index 0000000..a72a296 --- /dev/null +++ b/ubuntu/autoinstaller-generate.sh @@ -0,0 +1,302 @@ +#!/bin/bash + +# Taken from https://github.com/covertsh/ubuntu-autoinstall-generator +# modified Aug 23, 2024 +# +# MIT License +# +# Copyright (c) 2020 covertsh +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to deal +# in the Software without restriction, including without limitation the rights +# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +# copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in all +# copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +# SOFTWARE. + + + + +set -Eeuo pipefail + +function cleanup() { + trap - SIGINT SIGTERM ERR EXIT + if [ -n "${tmpdir+x}" ]; then + rm -rf "$tmpdir" + log "🚽 Deleted temporary working directory $tmpdir" + fi +} + +trap cleanup SIGINT SIGTERM ERR EXIT +script_dir=$(cd "$(dirname "${BASH_SOURCE[0]}")" &>/dev/null && pwd -P) +[[ ! -x "$(command -v date)" ]] && echo "πŸ’₯ date command not found." && exit 1 +today=$(date +"%Y-%m-%d") + +function log() { + echo >&2 -e "[$(date +"%Y-%m-%d %H:%M:%S")] ${1-}" +} + +function die() { + local msg=$1 + local code=${2-1} # Bash parameter expansion - default exit status 1. See https://wiki.bash-hackers.org/syntax/pe#use_a_default_value + log "$msg" + exit "$code" +} + +usage() { + cat </dev/null + if [ $? -ne 0 ]; then + rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~" + die "πŸ‘Ώ Verification of SHA256SUMS signature failed." + fi + + rm -f "${script_dir}/${ubuntu_gpg_key_id}.keyring~" + digest=$(sha256sum "${source_iso}" | cut -f1 -d ' ') + set +e + grep -Fq "$digest" "${script_dir}/SHA256SUMS-${sha_suffix}" + if [ $? -eq 0 ]; then + log "πŸ‘ Verification succeeded." + set -e + else + die "πŸ‘Ώ Verification of ISO digest failed." + fi +else + log "🀞 Skipping verification of source ISO." +fi +log "πŸ”§ Extracting ISO image..." +xorriso -osirrox on -indev "${source_iso}" -extract / "$tmpdir" &>/dev/null +chmod -R u+w "$tmpdir" +rm -rf "$tmpdir/"'[BOOT]' +log "πŸ‘ Extracted to $tmpdir" + +if [ ${use_hwe_kernel} -eq 1 ]; then + if grep -q "hwe-vmlinuz" "$tmpdir/boot/grub/grub.cfg"; then + log "β˜‘οΈ Destination ISO will use HWE kernel." + sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/grub.cfg" + sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/grub.cfg" + sed -i -e 's|/casper/vmlinuz|/casper/hwe-vmlinuz|g' "$tmpdir/boot/grub/loopback.cfg" + sed -i -e 's|/casper/initrd|/casper/hwe-initrd|g' "$tmpdir/boot/grub/loopback.cfg" + else + log "⚠️ This source ISO does not support the HWE kernel. Proceeding with the regular kernel." + fi +fi + +log "🧩 Adding autoinstall parameter to kernel command line..." +sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/grub.cfg" +sed -i -e 's/---/ autoinstall ---/g' "$tmpdir/boot/grub/loopback.cfg" +log "πŸ‘ Added parameter to UEFI and BIOS kernel command lines." + +if [ ${all_in_one} -eq 1 ]; then + log "🧩 Adding user-data and meta-data files..." + mkdir "$tmpdir/nocloud" + cp "$user_data_file" "$tmpdir/nocloud/user-data" + if [ -n "${meta_data_file}" ]; then + cp "$meta_data_file" "$tmpdir/nocloud/meta-data" + else + touch "$tmpdir/nocloud/meta-data" + fi + sed -i -e 's,timeout=30,timeout=1,g' "$tmpdir/boot/grub/grub.cfg" + sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/grub.cfg" + sed -i -e 's,---, ds=nocloud\\\;s=/cdrom/nocloud/ ---,g' "$tmpdir/boot/grub/loopback.cfg" + log "πŸ‘ Added data and configured kernel command line." +fi + +if [ ${md5_checksum} -eq 1 ]; then + log "πŸ‘· Updating $tmpdir/md5sum.txt with hashes of modified files..." + md5=$(md5sum "$tmpdir/boot/grub/grub.cfg" | cut -f1 -d ' ') + sed -i -e 's,^.*[[:space:]] ./boot/grub/grub.cfg,'"$md5"' ./boot/grub/grub.cfg,' "$tmpdir/md5sum.txt" + md5=$(md5sum "$tmpdir/boot/grub/loopback.cfg" | cut -f1 -d ' ') + sed -i -e 's,^.*[[:space:]] ./boot/grub/loopback.cfg,'"$md5"' ./boot/grub/loopback.cfg,' "$tmpdir/md5sum.txt" + log "πŸ‘ Updated hashes." +else + log "πŸ—‘οΈ Clearing MD5 hashes..." + echo > "$tmpdir/md5sum.txt" + log "πŸ‘ Cleared hashes." +fi + +log "πŸ“¦ Repackaging extracted files into an ISO image..." +cd "$tmpdir" +xorriso -as mkisofs -r -V 'Ubuntu-Server 24.04.1 LTS amd64' --modification-date='2024083109475700' --grub2-mbr --interval:local_fs:0s-15s:zero_mbrpt,zero_gpt:'/home/dtookey/build/ubuntu-original-2024-09-02.iso' --protective-msdos-label -partition_cyl_align off -partition_offset 16 --mbr-force-bootable -append_partition 2 28732ac11ff8d211ba4b00a0c93ec93b --interval:local_fs:5577512d-5587655d::'/home/dtookey/build/ubuntu-original-2024-09-02.iso' -appended_part_as_gpt -iso_mbr_part_type a2a0d0ebe5b9334487c068b6b72699c7 -c '/boot.catalog' -b '/boot/grub/i386-pc/eltorito.img' -no-emul-boot -boot-load-size 4 -boot-info-table --grub2-boot-info -eltorito-alt-boot -e '--interval:appended_partition_2_start_1394378s_size_10144d:all::' -no-emul-boot -boot-load-size 10144 -o "${destination_iso}" . #&>/dev/null + + + + + + +cd "$OLDPWD" +log "πŸ‘ Repackaged into ${destination_iso}" + +die "βœ… Completed." 0 + diff --git a/ubuntu/bootstrap-ubuntu.sh b/ubuntu/bootstrap-ubuntu.sh new file mode 100644 index 0000000..8ece907 --- /dev/null +++ b/ubuntu/bootstrap-ubuntu.sh @@ -0,0 +1,90 @@ +#! /usr/bin/env bash + +# make sure we're root +if [ "$EUID" -ne 0 ]; then + echo "Please run as root." + exit 1 +fi + +USER_NAME=virgil +CRICTL_VERSION="v1.30.0" # check latest version in /releases page + + +#sudo/ssh configuration +printf "${USER_NAME} ALL=(ALL) NOPASSWD:ALL" | tee /etc/sudoers.d/passwordless > /dev/null +printf "PasswordAuthentication no\nChallengeResponseAuthentication no\nUsePAM no\nPermitRootLogin no" | tee /etc/ssh/sshd_config.d/passwordless.conf > /dev/null + +if [ -z "$(which docker)" ]; then + + if [ ! -e "/etc/apt/keyrings/docker.asc" ]; then + curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc + chmod a+r /etc/apt/keyrings/docker.asc + fi + + # Add the repository to Apt sources: + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu noble stable" | \ + tee /etc/apt/sources.list.d/docker.list > /dev/null + apt-get update + apt-get install -y docker-ce docker-ce-cli containerd.io apt-transport-https + usermod -aG docker ${USER_NAME} + + mkdir -p /etc/containerd + containerd config default > /etc/containerd/config.toml + sed -i -e 's,SystemdCgroup = false,SystemdCgroup = true,g' /etc/containerd/config.toml +fi + +if [ "arm64" == "$(dpkg --print-architecture)" ]; then + echo "{\"exec-opts\": [\"native.cgroupdriver=systemd\"],\"log-driver\": \"json-file\",\"log-opts\": {\"max-size\": \"100m\"},\"storage-driver\": \"overlay2\"}" | tee /etc/docker/daemon.json > /dev/null +fi + +if [ ! -e "/etc/modules-load.d/containerd.conf" ]; then + + #todo we need to handle kvm for intel/amd/arm64 here +cat </etc/apt/sources.list.d/kubernetes.list +deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.31/deb/ / +EOF + + +apt-get update && apt-get install -y kubelet kubeadm kubectl +apt-mark hold kubelet kubeadm kubectl +systemctl enable kubelet && systemctl start kubelet + + +kubeadm config images pull +fi +if [ -z "$(which helm)" ]; then + curl https://baltocdn.com/helm/signing.asc | gpg --dearmor | sudo tee /etc/apt/keyrings/helm.gpg > /dev/null + sudo chmod 644 /etc/apt/keyrings/helm.gpg + echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/helm.gpg] https://baltocdn.com/helm/stable/debian/ all main" | sudo tee /etc/apt/sources.list.d/helm-stable-debian.list + sudo apt-get update + sudo apt-get install -y helm +fi \ No newline at end of file diff --git a/ubuntu/user-data.ares.yaml b/ubuntu/user-data.ares.yaml new file mode 100644 index 0000000..891ebbf --- /dev/null +++ b/ubuntu/user-data.ares.yaml @@ -0,0 +1,80 @@ +#cloud-config +autoinstall: + version: 1 +# Reference: https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html + locale: en_US.UTF-8 +# + source: + id: ubuntu-server-minimal +# + refresh-installer: + update: true +# + identity: + hostname: ares + password: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA + username: virgil +# + storage: + layout: + name: lvm + match: + size: smallest + sizing-policy: scaled + config: + - type: partition + id: boot-partition + device: root-disk + size: 1G + - type: partition + id: root-partition + size: 14G + storage: + layout: + name: lvm + match: + size: largest + config: + - type: partition + id: data-partition + size: 256G +# + late-commands: + - curtin in-target -- apt-get update + - curtin in-target -- apt-get upgrade -y +# + ssh: + allow-pw: no + install-server: yes + authorized-keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx +# + packages: + - rsync + - ca-certificates + - curl + - neovim + - fail2ban + - net-tools + - apt-transport-https + - htop +# + network: + version: 2 + renderer: networkd + ethernets: + eno1: + addresses: + - 10.1.1.2/16 + routes: + - to: default + via: 10.1.70.1 + metric: 100 + on-link: true + nameservers: + addresses: [10.1.70.1] +# + error-commands: + - tar -czf /installer-logs.tar.gz /var/log/installer/ + - journalctl -b > /installer-journal.log \ No newline at end of file diff --git a/ubuntu/user-data.artemis.yaml b/ubuntu/user-data.artemis.yaml new file mode 100644 index 0000000..92844bd --- /dev/null +++ b/ubuntu/user-data.artemis.yaml @@ -0,0 +1,42 @@ +#cloud-config +autoinstall: + version: 1 + # reference link to use https://canonical-subiquity.readthedocs-hosted.com/en/latest/reference/autoinstall-reference.html + locale: en_US.UTF-8 + source: + id: ubuntu-server-minimal + refresh-installer: + update: true + identity: + hostname: artemis + password: $5$8xH/luS/5i$EjrWRLUA4WbnGs.Vd/LQU6K7Pf7dIMOTpQ3ovPtCnSA + username: virgil + packages: + - rsync + - ca-certificates + - curl + - neovim + - fail2ban + - net-tools + - apt-transport-https + - htop + network: + version: 2 + renderer: networkd + ethernets: + enx00e04c937c49: + addresses: + - 10.1.1.4/16 + routes: + - to: default + via: 10.1.70.1 + metric: 100 + on-link: true + nameservers: + addresses: [10.1.70.1] + ssh: + allow-pw: no + install-server: yes + authorized-keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDgBk3q6TDTaFWoipBo8pDppCHlAHBdqXSDNWmy+zS5dm2VwmoTnT+46Sjurzb+nJOSCZ5wWkLUT+zPRq/Y83PGYseocJdXGZGHaDIudU+pnTShDcfY1e2xSapdPmYBgnoU6aOGb4JvlmLzLblBwSiwcSRrBFKvN/0Zz4JpkzNMRArqNZpIQtjAo5VG5RjudISJE57pqhy2f3YHcaqQlgRoP8i4syqSy0YZFIdnavyvszkQXXuoD9nxhkpamo87NgZiOWMSVEr7ilECFHbh2cYABaXaJvbpI9vkA1C8x1TDkSMAft6KvD36ezC2+YJPTpIYr8xlTZpfaGuyR2hOTkB9AkN3hm2aQFiz4Yh4xSYJjZJXfUOPDtGnwIvUFWXtXUAzDrFna/jJFNeXqbEGujcjyyAbZ695nwwXoIoH/sqqDZnXrl8qPvc82zG1hDWpnwpzUJQGFuYbRRWLO7aViwN5jZ6FDc4aw+XTzd2EfFL5YLK4/IZFDFMNdxD8+c1H5p/pajR/OV5jsMt24Yo6Y/j22OqrYzCZpeCAOEzBAFMwSTMEDUdhOilHxUNCrH3axCL39GMLDlY36LTjEht/TA/Bw2pHl5rkFUIhWnyerW5PFdrnromknal/jTqJLbzTuAVxwTefHIsrYd8Q+fc9SSlqUElSajpyvbMzNjdLrSv7Q== dtookey@Davids-MacBook-Air.local + - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIwFFhCGt8gnqSCCAZc39DFcopQ2MhFSc7UDyvIpnCYgwVQP4phAV2qhQL3cNYQi5ihGtZuvJ08VH+WVat/9xL58+T7/cHt8Zy2xuPKzObeDVWX++K9P+/rzPVc3IcHIEaEfxN6f0Yk6HncQM9I/ku/At8NHk/zHyPKTXHOR1g0sMXGkLgSRD8phbSajyhD4pdtcQQJU3gePwEcwd7u+5L++Q5wGjVm9pa3ZvkhI4JpGYPAnXDae4NRe9HgqIW0icKWrxn/Ir5yECIe5iZJvmFCpE9MmaxFQJbkFUZLY41V0kwnRIu99agE8ktoCwN3Ow6P7KYgvJkzZuk34zXaNncL4QglMJd5FbIEt2w1ojdbFRHJD3JwNTMOW+5kBl77uj06VU4tjIbVEt6eHp47jQpvOzcNM5UFmeDCayM4eJV1dsT35EQu1yYNEMEMRuME4TkL0vLy/q6+0xCvC83vqp7eHuzvulFCXyPmah6qOQw572cO6x7w5cvtws+xtWrA3k= dtookey@nyx \ No newline at end of file