purwandi · October 7, 2022 17:14
diff --git a/gistfile1.txt b/gistfile1.txt
 cat > grub <<'EOF'
 # If you change this file, run 'update-grub' afterwards to update
 # /boot/grub/grub.cfg.
 # For full documentation of the options in this file, see:
 #   info -f grub -n 'Simple configuration'
 EOF

 sudo mv grub /etc/default/grub
diff --git a/k0sctl-config.yaml b/k0sctl-config.yaml
 apiVersion: k0sctl.k0sproject.io/v1beta1
 kind: Cluster
 metadata:
  name: k0s-cluster
 spec:
  hosts:
  - ssh:
      address: 165.22.56.253
      user: root
      keyPath: /Users/purwandi/.ssh/id_rsa
    role: controller
    privateAddress: 10.130.0.2
    installFlags:
      - --taints
  - ssh:
      address: 165.22.56.253
      user: root
      keyPath: /Users/purwandi/.ssh/id_rsa
    role: controller
    privateAddress: 10.130.0.2
    # uploadBinary: true
    # k0sBinaryPath: /usr/local/bin/1.23.8/k0s-v1.23.8+k0s.0-amd64
    # files:
    #   - name: image-bundle
    #     src: ./1.23.8/k0s-airgap-bundle-v1.23.8+k0s.0-amd64
    #     dstDir: /var/lib/k0s/images/
    #     perm: 0711
    #   - name: k0s-ctl
    #     src: ./1.23.8/k0s-v1.23.8+k0s.0-amd64
    #     dstDir: /usr/local/bin/
    #     perm: 0711
  - ssh:
      address: 157.245.53.246
      user: root
    role: worker
    privateAddress: 10.130.0.3
    installFlags:
    - --labels="node.k0sproject.io/role=infra"
  - ssh:
      address: 157.245.61.88
      user: root
    role: worker
    privateAddress: 10.130.0.4
    installFlags:
    - --labels="node.k0sproject.io/role=infra"
  - ssh:
      address: 157.245.52.23
      user: root
    role: worker
    privateAddress: 10.130.0.5
    installFlags:
    - --labels="node.k0sproject.io/role=worker"
  - ssh:
      address: 157.245.52.140
      user: root
    role: worker
    privateAddress: 10.130.0.6
    installFlags:
    - --labels="node.k0sproject.io/role=worker"
  - ssh:
      address: 157.245.52.174
      user: root
    role: worker
    privateAddress: 10.130.0.7
    installFlags:
    - --labels="node.k0sproject.io/role=worker"
  k0s:
    version: v1.24.2+k0s.0
    # version: v1.23.8+k0s.0
    config:
      apiVersion: k0s.k0sproject.io/v1beta1
      kind: Cluster
      metadata:
        name: my-k0s-cluster
      spec:
        api:
          address: 165.22.56.253
          sans:
            - 165.22.56.253
            - 10.130.0.2
          extraArgs:
            service-node-port-range: 30000-32767
        # podSecurityPolicy:
        #   defaultPolicy: 00-k0s-privileged
          # defaultPolicy: 99-k0s-restricted
        telemetry:
          enabled: false
        network:
          # podCIDR: 10.244.0.0/16
          serviceCIDR: 10.96.0.0/16
          provider: custom
          kubeProxy:
            disabled: true
        extensions:
          helm:
            repositories:
              - name: cilium
                url: https://helm.cilium.io
            charts:
              - name: cilium
                chartname: cilium/cilium
                version: "1.12.0"
                namespace: kube-system
                values: |
                  kubeProxyReplacement: "strict"
                  k8sServiceHost: 165.22.56.253
                  k8sServicePort: 6443
                  containerRuntime:
                    integration: containerd
                  global:
                    encryption:
                      enabled: true
                      nodeEncryption: true
                  operator:
                    replicas: 1
                  hubble:
                    relay:
                      enabled: true
                    ui:
                      enabled: true
                  ipam:
                    # -- Configure IP Address Management mode.
                    # ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
                    mode: "cluster-pool"
                    operator:
                      # -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
                      # IPv4 CIDR range to delegate to individual nodes for IPAM.
                      clusterPoolIPv4PodCIDRList: 
                        - "10.244.0.0/16"
diff --git a/nginx.conf b/nginx.conf
 ## tcp LB  and SSL passthrough for backend ##
 stream {
  upstream master_servers {
    server 192.168.122.11:6443 max_fails=3 fail_timeout=10s;
    server 192.168.122.12:6443 max_fails=3 fail_timeout=10s;
  }

  log_format basic '$remote_addr [$time_local] '
                '$protocol $status $bytes_sent $bytes_received '
                '$session_time "$upstream_addr" '
                '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

  access_log /var/log/nginx/access.log basic;
  error_log  /var/log/nginx/error.log;

  server {
    listen 6443;
    proxy_pass master_servers;
    proxy_next_upstream on;
  }
 }
	cat > grub <<'EOF'
	# If you change this file, run 'update-grub' afterwards to update
	# /boot/grub/grub.cfg.
	# For full documentation of the options in this file, see:
	# info -f grub -n 'Simple configuration'
	EOF

	sudo mv grub /etc/default/grub
	apiVersion: k0sctl.k0sproject.io/v1beta1
	kind: Cluster
	metadata:
	name: k0s-cluster
	spec:
	hosts:
	- ssh:
	address: 165.22.56.253
	user: root
	keyPath: /Users/purwandi/.ssh/id_rsa
	role: controller
	privateAddress: 10.130.0.2
	installFlags:
	- --taints
	- ssh:
	address: 165.22.56.253
	user: root
	keyPath: /Users/purwandi/.ssh/id_rsa
	role: controller
	privateAddress: 10.130.0.2
	# uploadBinary: true
	# k0sBinaryPath: /usr/local/bin/1.23.8/k0s-v1.23.8+k0s.0-amd64
	# files:
	# - name: image-bundle
	# src: ./1.23.8/k0s-airgap-bundle-v1.23.8+k0s.0-amd64
	# dstDir: /var/lib/k0s/images/
	# perm: 0711
	# - name: k0s-ctl
	# src: ./1.23.8/k0s-v1.23.8+k0s.0-amd64
	# dstDir: /usr/local/bin/
	# perm: 0711
	- ssh:
	address: 157.245.53.246
	user: root
	role: worker
	privateAddress: 10.130.0.3
	installFlags:
	- --labels="node.k0sproject.io/role=infra"
	- ssh:
	address: 157.245.61.88
	user: root
	role: worker
	privateAddress: 10.130.0.4
	installFlags:
	- --labels="node.k0sproject.io/role=infra"
	- ssh:
	address: 157.245.52.23
	user: root
	role: worker
	privateAddress: 10.130.0.5
	installFlags:
	- --labels="node.k0sproject.io/role=worker"
	- ssh:
	address: 157.245.52.140
	user: root
	role: worker
	privateAddress: 10.130.0.6
	installFlags:
	- --labels="node.k0sproject.io/role=worker"
	- ssh:
	address: 157.245.52.174
	user: root
	role: worker
	privateAddress: 10.130.0.7
	installFlags:
	- --labels="node.k0sproject.io/role=worker"
	k0s:
	version: v1.24.2+k0s.0
	# version: v1.23.8+k0s.0
	config:
	apiVersion: k0s.k0sproject.io/v1beta1
	kind: Cluster
	metadata:
	name: my-k0s-cluster
	spec:
	api:
	address: 165.22.56.253
	sans:
	- 165.22.56.253
	- 10.130.0.2
	extraArgs:
	service-node-port-range: 30000-32767
	# podSecurityPolicy:
	# defaultPolicy: 00-k0s-privileged
	# defaultPolicy: 99-k0s-restricted
	telemetry:
	enabled: false
	network:
	# podCIDR: 10.244.0.0/16
	serviceCIDR: 10.96.0.0/16
	provider: custom
	kubeProxy:
	disabled: true
	extensions:
	helm:
	repositories:
	- name: cilium
	url: https://helm.cilium.io
	charts:
	- name: cilium
	chartname: cilium/cilium
	version: "1.12.0"
	namespace: kube-system
	values: \|
	kubeProxyReplacement: "strict"
	k8sServiceHost: 165.22.56.253
	k8sServicePort: 6443
	containerRuntime:
	integration: containerd
	global:
	encryption:
	enabled: true
	nodeEncryption: true
	operator:
	replicas: 1
	hubble:
	relay:
	enabled: true
	ui:
	enabled: true
	ipam:
	# -- Configure IP Address Management mode.
	# ref: https://docs.cilium.io/en/stable/concepts/networking/ipam/
	mode: "cluster-pool"
	operator:
	# -- Deprecated in favor of ipam.operator.clusterPoolIPv4PodCIDRList.
	# IPv4 CIDR range to delegate to individual nodes for IPAM.
	clusterPoolIPv4PodCIDRList:
	- "10.244.0.0/16"
	## tcp LB and SSL passthrough for backend ##
	stream {
	upstream master_servers {
	server 192.168.122.11:6443 max_fails=3 fail_timeout=10s;
	server 192.168.122.12:6443 max_fails=3 fail_timeout=10s;
	}

	log_format basic '$remote_addr [$time_local] '
	'$protocol $status $bytes_sent $bytes_received '
	'$session_time "$upstream_addr" '
	'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';

	access_log /var/log/nginx/access.log basic;
	error_log /var/log/nginx/error.log;

	server {
	listen 6443;
	proxy_pass master_servers;
	proxy_next_upstream on;
	}
	}