cloud-init.yaml.tmpl

#cloud-config
ssh_authorized_keys:
  - {{ .PubKey }}
  - {{ .HostPubKey }}

ssh_keys:
  rsa_private: |
    {{- .PrivKey | nindent 6 }}

  rsa_public: {{ .PubKey }}

# Set up software sources
apt:
  {{if .HTTPProxy}}http_proxy: {{ .HTTPProxy }}{{end}}
  {{if .HTTPSProxy}}https_proxy: {{ .HTTPSProxy }}{{end}}
  primary:
    - arches: [default]
      uri: http://mirrors.tuna.tsinghua.edu.cn/ubuntu/
package_update: true
packages:
  - apt-transport-https
  - curl
  - net-tools

write_files:
  - content: |
      #!/bin/bash
      cat <<EOF | tee /etc/sysctl.d/k8s.conf
      net.bridge.bridge-nf-call-ip6tables = 1
      net.bridge.bridge-nf-call-iptables = 1
      EOF

      iptables -A INPUT -p tcp --dport 22 -j ACCEPT 
      iptables -A INPUT -p tcp --dport 6433 -j ACCEPT # api server
      iptables -A INPUT -p tcp --match multiport  --dports 2379:2380 -j ACCEPT # etcd
      iptables -A INPUT -p tcp --dport 10250 -j ACCEPT # kubelet api
      iptables -A INPUT -p tcp --dport 10251 -j ACCEPT # kube-scheduler
      iptables -A INPUT -p tcp --dport 10252 -j ACCEPT # kube-controller-manager

      # For worker nodes
      iptables -A INPUT -p tcp --match multiport --dports 30000:32767 # node ports
      sudo sysctl --system
    path: /run/bootstrap/init_network.sh
    permissions: '0777'
  
  - content: |
      #!/bin/bash
      
      # If you need proxy to install kubernetes
      # Set following variables
      
      curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
      cat <<EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
      deb https://apt.kubernetes.io/ kubernetes-xenial main
      EOF
      sudo apt-get update
      sudo apt-get install -y kubelet kubeadm kubectl
      sudo apt-mark hold kubelet kubeadm kubectl
    path: /run/bootstrap/init_kube.sh
    permissions: '0777'

  - content: |
      [Service]
      {{if .HTTPProxy}}Environment="HTTP_PROXY={{ .HTTPProxy }}"{{end}}
      {{if .HTTPSProxy}}Environment="HTTPS_PROXY={{ .HTTPSProxy }}"{{end}}
    path: /etc/systemd/system/docker.service.d/http-proxy.conf
    permissions: '0666'



runcmd:
  {{if .HTTPProxy}}- export http_proxy={{ .HTTPProxy }}{{end}}
  {{if .HTTPSProxy}}- export https_proxy={{ .HTTPSProxy }}{{end}}
  - mkdir -p /var/log/bootstrap
  - sudo mkdir -p /etc/systemd/system/docker.service.d
  - curl -fsSL https://get.docker.com -o get-docker.sh; sh get-docker.sh >> /var/log/bootstrap/init_kubeadm.log
  - sh /run/bootstrap/init_network.sh >> /var/log/bootstrap/init_network.log
  - sh /run/bootstrap/init_kube.sh >> /var/log/bootstrap/init_kubeadm.log
  - sudo systemctl daemon-reload
  - sudo systemctl restart docker
  - sudo echo "Docker proxies" >> /var/log/bootstrap/docker.log
  - sudo systemctl show --property=Environment docker >> /var/log/bootstrap/docker.log