venezia · December 6, 2021 18:53
diff --git a/k8s-node.yaml b/k8s-node.yaml
 variant: fcos
 version: 1.4.0
 passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - ssh-ed25519 AAAA... somebody@something
 storage:
  files:
    - path: /etc/yum.repos.d/kubernetes.repo
      overwrite: true
      contents:
        inline: |
          [kubernetes]
          name=Kubernetes
          baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
          enabled=1
          gpgcheck=1
          repo_gpgcheck=1
          gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
    - path: /etc/modules-load.d/crio-net.conf
      overwrite: true
      contents:
        inline: |
          overlay
          br_netfilter
    - path: /etc/sysctl.d/99-kubernetes-cri.conf
      overwrite: true
      contents:
        inline: |
          net.bridge.bridge-nf-call-iptables  = 1
          net.ipv4.ip_forward                 = 1
          net.bridge.bridge-nf-call-ip6tables = 1
    - path: /etc/dnf/modules.d/cri-o.module
      overwrite: true
      contents:
        inline: |
          [cri-o]
          name=cri-o
          stream=1.22
          profiles=
          state=enabled
    - path: /etc/hostname
      mode: 0644
      contents:
        inline: k8s-worker-hostname
 systemd:
  units:
    # installing k8s as a layered package with rpm-ostree
    - name: rpm-ostree-install-k8s.service
      enabled: true
      contents: |
        [Unit]
        Description=Layer k8s/crio with rpm-ostree
        Wants=network-online.target
        After=network-online.target
        # We run before `zincati.service` to avoid conflicting rpm-ostree
        # transactions.
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/rpm-ostree ex module install cri-o:1.22/default
        ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive kubelet kubeadm kubectl
        ExecStart=/bin/touch /var/lib/%N.stamp
        ExecStart=/usr/sbin/reboot

        [Install]
        WantedBy=multi-user.target
    - name: enable-k8s.service
      enabled: true
      contents: |
        [Unit]
        Description=Enable cri-o/kubelet
        Wants=network-online.target
        After=rpm-ostree-install-k8s.service
        # We run before `zincati.service` to avoid conflicting rpm-ostree
        # transactions.
        Before=zincati.service
        ConditionPathExists=!/var/lib/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/systemctl enable --now crio kubelet

        [Install]
        WantedBy=multi-user.target
	variant: fcos
	version: 1.4.0
	passwd:
	users:
	- name: core
	ssh_authorized_keys:
	- ssh-ed25519 AAAA... somebody@something
	storage:
	files:
	- path: /etc/yum.repos.d/kubernetes.repo
	overwrite: true
	contents:
	inline: \|
	[kubernetes]
	name=Kubernetes
	baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64
	enabled=1
	gpgcheck=1
	repo_gpgcheck=1
	gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg
	- path: /etc/modules-load.d/crio-net.conf
	overwrite: true
	contents:
	inline: \|
	overlay
	br_netfilter
	- path: /etc/sysctl.d/99-kubernetes-cri.conf
	overwrite: true
	contents:
	inline: \|
	net.bridge.bridge-nf-call-iptables = 1
	net.ipv4.ip_forward = 1
	net.bridge.bridge-nf-call-ip6tables = 1
	- path: /etc/dnf/modules.d/cri-o.module
	overwrite: true
	contents:
	inline: \|
	[cri-o]
	name=cri-o
	stream=1.22
	profiles=
	state=enabled
	- path: /etc/hostname
	mode: 0644
	contents:
	inline: k8s-worker-hostname
	systemd:
	units:
	# installing k8s as a layered package with rpm-ostree
	- name: rpm-ostree-install-k8s.service
	enabled: true
	contents: \|
	[Unit]
	Description=Layer k8s/crio with rpm-ostree
	Wants=network-online.target
	After=network-online.target
	# We run before `zincati.service` to avoid conflicting rpm-ostree
	# transactions.
	Before=zincati.service
	ConditionPathExists=!/var/lib/%N.stamp

	[Service]
	Type=oneshot
	RemainAfterExit=yes
	ExecStart=/usr/bin/rpm-ostree ex module install cri-o:1.22/default
	ExecStart=/usr/bin/rpm-ostree install --apply-live --allow-inactive kubelet kubeadm kubectl
	ExecStart=/bin/touch /var/lib/%N.stamp
	ExecStart=/usr/sbin/reboot

	[Install]
	WantedBy=multi-user.target
	- name: enable-k8s.service
	enabled: true
	contents: \|
	[Unit]
	Description=Enable cri-o/kubelet
	Wants=network-online.target
	After=rpm-ostree-install-k8s.service
	# We run before `zincati.service` to avoid conflicting rpm-ostree
	# transactions.
	Before=zincati.service
	ConditionPathExists=!/var/lib/%N.stamp

	[Service]
	Type=oneshot
	RemainAfterExit=yes
	ExecStart=/usr/bin/systemctl enable --now crio kubelet

	[Install]
	WantedBy=multi-user.target