hetzner-alpine-k8s/config.yaml
Knut Ahlers 8a83d5e80f
Add config for chrony to make the server stratum 2
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2023-09-02 23:59:03 +02:00

148 lines
3.7 KiB
YAML

---
apk_tools_version: v2.12.11
apk_tools_arch: x86_64
apk_tools_url: https://gitlab.alpinelinux.org/api/v4/projects/5/packages/generic//{{ apk_tools_version }}/{{ apk_tools_arch }}/apk.static
apk_tools_checksum: sha256:a77621da3475ae0ed92daa2d05b9c2bb671639af8c17cce44098192dfbe1b80b
alpine_mirror: https://dl-cdn.alpinelinux.org/alpine
alpine_repositories:
- url: '{{ alpine_mirror }}/edge/main'
- tag: 'community'
url: '{{ alpine_mirror }}/edge/community'
- tag: 'testing'
url: '{{ alpine_mirror }}/edge/testing'
- tag: 'luzifer'
url: 'https://alpinerepo.hub.luzifer.io/repo'
alpine_repository_keys:
- name: 'alpine@ahlers.me-64562ea3.rsa.pub'
public_key: |
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArxxCxVKukbb/zGHBv1ks
Gu+eRHNCf7aPyUZVEwMdBSO3GYaVC5np1wtzCZzG+1BVQEdgyomxzB2dU0hTSBIZ
myu+u7344+4/XzbcIwNOfGyduYhlIDvQ4UMzFZfq0oXU9QTmsVl0iqi1CT8J4LWr
X5i6h/zkmURCvTkK9SoZ3S+LcnCS8becUdiJpQksMQ8nFr6MtwN92W4fzyHTJYI9
p+tuWr9j71xHLujWQU7aio+qGpvIS9y3R4eIkJ+YRRpTiZi7x+Aixn3JaGF0zk2h
tsApoPQbVqomgDPYX6JrMx1T5amkONz1vwhg9QTYISafQg0sbrQYBrjKDZBM0zZw
vUpVKHjr0S1rMJhzNXvoYBFwDv/d15B8B8QDyTKRJkhcfKpjN2UPinB0DNozJ8L5
l8VmxKdiA0zbbvWuhRMo9Svkhn/N55M+cH4Xmkf+3Z8frqmQf5b02mDfh4kMLRKT
SBwkqgx/Kqceiw8ZIDprPY3tr6ThQ9oJOzI8NomNmvmanWHJtm6oBNiyvH3G9cfe
+CeXkOhwwug+xrnNsA8bedFLfm2XB5Y6k/xs88604igHxfjbAWXjIyHhrNAD885s
cbZ7WJTWYHuoltHwFvmq5Z8ZFuFpqbWH7B618rLR92AmHGaaje8m4vVeUcTq2TeN
Ld4erUMnkwbBDYOIlAc/vzMCAwEAAQ==
-----END PUBLIC KEY-----
boot_size: +100m
root_size: '0'
hostname: alpine-k8s
dhcp_interfaces: [eth0, eth1]
packages:
# Alpine base system
openssh: ''
syslinux: ''
linux-virt: ''
sudo: '@community'
vim: ''
cloud-init: '@community'
e2fsprogs-extra: ''
py3-pyserial: '@community'
py3-netifaces: '@community'
wireguard-tools: ''
chrony: ''
chrony-openrc: ''
# K8s requirements
open-iscsi: ''
open-iscsi-openrc: ''
udev: ''
cni-plugin-flannel: '@community'
cni-plugins: '@community'
cri-tools: '@community'
containerd: '@community'
containerd-openrc: '@community'
nfs-utils: ''
uuidgen: ''
kubelet: '@luzifer=1.28.1-r0'
kubeadm: '@luzifer=1.28.1-r0'
kubectl: '@luzifer=1.28.1-r0'
services:
devfs: sysinit
dmesg: sysinit
hwdrivers: sysinit
udev: sysinit
hwclock: boot
modules: boot
sysctl: boot
hostname: boot
bootmisc: boot
syslog: boot
networking: boot
mount-ro: shutdown
killprocs: shutdown
savecache: shutdown
chronyd: default
sshd: default
# K8s requirements
containerd: default
iscsid: default
kubelet: default
ntpd: default
nameservers:
- 185.12.64.1
- 185.12.64.2
- 2a01:4ff:ff00::add:1
- 2a01:4ff:ff00::add:2
sysctl: {}
extlinux_modules:
- ext4
kernel_features:
- base
- ext4
- keymap
- virtio
kernel_modules:
- ipv6
- af_packet
default_kernel_opts:
- quiet
chroot_commands:
# kernel stuff
- 'echo "br_netfilter" >/etc/modules-load.d/k8s.conf'
- 'echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf'
- 'echo "net.bridge.bridge-nf-call-iptables=1" >>/etc/sysctl.conf'
# Disable overwriting network config
- 'echo "network: {config: disabled}" >/etc/cloud/cloud.cfg.d/99-disable-network-config.cfg'
# Fix prometheus errors
- 'echo -e "#!/bin/sh\nmount --make-rshared /" >/etc/local.d/sharemetrics.start'
- 'chmod +x /etc/local.d/sharemetrics.start'
- 'rc-update add local'
# Force --cloud-provider=external
- "sed -i 's/command_args=\"/command_args=\"--cloud-provider=external /' /etc/init.d/kubelet"
# Configure chrony
- 'echo "server ptbtime1.ptb.de iburst\nserver ptbtime2.ptb.de iburst\ninitstepslew 10 ptbtime1.ptb.de\ndriftfile /var/lib/chrony/chrony.drift\nrtcsync\ncmdport 0" >/etc/chrony/chrony.conf'
...