├── control-init.yaml ├── host1-init.yaml ├── nginx.yaml ├── node1-init.yaml ├── node2-init.yaml └── yaobank.yaml /control-init.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Tigera, Inc. All rights reserved. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | package_update: true 16 | packages: 17 | - vsftpd 18 | - iptables-persistent 19 | write_files: 20 | - encoding: b64 21 | content: IyEvYmluL3NoCgpbIC1mICIvZXRjL25ldHBsYW4vNTEtc3RhdGljLnlhbWwiIF0gJiYgZXhpdCAwCgp3aGlsZSBbICEgLWYgL2V0Yy9uZXRwbGFuLzUwLWNsb3VkLWluaXQueWFtbCBdOwpkbwogICAgICAgIHNsZWVwIDEKZG9uZQoKSUZBQ0U9JChpcCBsaW5rIHNob3cgIHwgZWdyZXAgIlswLTldOiBlbiIgfCBhd2sgJ3sgcHJpbnQgJDIgfScgfCBjdXQgLWQ6IC1mMSkKCnByaW50ZiAnbmV0d29yazpcbiAgZXRoZXJuZXRzOlxuICAgICVzOlxuICAgICAgYWRkcmVzc2VzOiBbIDE5OC4xOS4wLjEvMjAgXVxuICB2ZXJzaW9uOiAyJyBkZWZhdWx0IHwgdGVlIC9ldGMvbmV0cGxhbi81MS1zdGF0aWMueWFtbAo= 22 | owner: root:root 23 | path: /etc/dynamicaddress.sh 24 | permissions: '0755' 25 | - encoding: b64 26 | content: W1VuaXRdCkRlc2NyaXB0aW9uPUluc3RhbGwgazNzIGNvbnRyb2wgbm9kZQpBZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0cz0hL3Zhci9saWIvcmFuY2hlci9rM3MKCltTZXJ2aWNlXQpFeGVjU3RhcnQ9L2Jpbi9zaCAtYyAnL2V0Yy9rM3MtY29udHJvbC5zaCcKCltJbnN0YWxsXQpXYW50ZWRCeSA9IG11bHRpLXVzZXIudGFyZ2V0 27 | owner: root:root 28 | path: /etc/systemd/system/k3s.service 29 | permissions: '0644' 30 | - encoding: b64 31 | content: IyEvYmluL2Jhc2gKCndoaWxlIFsgISAtZCAvdmFyL2xpYi9yYW5jaGVyIF0KZG8KCWN1cmwgLXNmTCBodHRwczovL2dldC5rM3MuaW8gfCBJTlNUQUxMX0szU19WRVJTSU9OPSJ2MS4xOC4xMCtrM3MxIiBJTlNUQUxMX0szU19FWEVDPSItLWZsYW5uZWwtYmFja2VuZD1ub25lIC0tY2x1c3Rlci1jaWRyPTE5OC4xOS4xNi4wLzIwIC0tc2VydmljZS1jaWRyPTE5OC4xOS4zMi4wLzIwIC0td3JpdGUta3ViZWNvbmZpZy1tb2RlIDY2NCAtLWRpc2FibGUtbmV0d29yay1wb2xpY3kiIHNoIC0KCXNsZWVwIDEKZG9uZQoKZWNobyBJbnN0YWxsYXRpb24gQ29tcGxldGVkLgoK 32 | owner: root:root 33 | path: /etc/k3s-control.sh 34 | permissions: '0775' 35 | - encoding: b64 36 | content: ZXhwb3J0IEtVQkVDT05GSUc9L2V0Yy9yYW5jaGVyL2szcy9rM3MueWFtbApleHBvcnQgREFUQVNUT1JFX1RZUEU9a3ViZXJuZXRlcwoK 37 | owner: root:root 38 | path: /etc/skel/.bash_aliases 39 | - encoding: b64 40 | content: CjE5OC4xOS4wLjEgY29udHJvbAoxOTguMTkuMC4yIG5vZGUxCjE5OC4xOS4wLjMgbm9kZTIKMTk4LjE5LjE1LjI1NCBob3N0MQoK 41 | owner: root:root 42 | path: /etc/cloud/templates/hosts.debian.tmpl 43 | append: true 44 | - encoding: b64 45 | content: IyEvYmluL2Jhc2gKQVJDSD1gdW5hbWUgLW1gCmlmIFtbICRBUkNIID09ICJ4ODZfNjQiIF1dCnRoZW4KL3Vzci9iaW4vY3VybCAtbyAvdXNyL2Jpbi9rdWJlY3RsIC1MIGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xOS4yL2Jpbi9saW51eC9hbWQ2NC9rdWJlY3RsCi91c3IvYmluL2NobW9kICt4IC91c3IvYmluL2t1YmVjdGwKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgLUwgaHR0cHM6Ly9naXRodWIuY29tL3Byb2plY3RjYWxpY28vY2FsaWNvY3RsL3JlbGVhc2VzL2Rvd25sb2FkL3YzLjIxLjQvY2FsaWNvY3RsLWxpbnV4LWFtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL2NhbGljb2N0bCAKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkgLUwgaHR0cHM6Ly9naXRodWIuY29tL3RpZ2VyYS9jY29sMS9yZWxlYXNlcy9kb3dubG9hZC8xLjAvdmVyaWZ5X2FtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL3ZlcmlmeQplbHNlCi91c3IvYmluL2N1cmwgLW8gL3Vzci9iaW4va3ViZWN0bCAtTCBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMTkuMi9iaW4vbGludXgvYXJtNjQva3ViZWN0bAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2Jpbi9rdWJlY3RsCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vY2FsaWNvY3RsIC1MIGh0dHBzOi8vZ2l0aHViLmNvbS9wcm9qZWN0Y2FsaWNvL2NhbGljb2N0bC9yZWxlYXNlcy9kb3dubG9hZC92My4yMS40L2NhbGljb2N0bC1saW51eC1hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vdmVyaWZ5IC1MIGh0dHBzOi8vZ2l0aHViLmNvbS90aWdlcmEvY2NvbDEvcmVsZWFzZXMvZG93bmxvYWQvMS4wL3ZlcmlmeV9hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkKZmkKL3Vzci9iaW4vZWNobyBhbGlhcyBjYWxpY29jdGw9IidjYWxpY29jdGwgLS1hbGxvdy12ZXJzaW9uLW1pc21hdGNoJyIgPj4gL2V0Yy9wcm9maWxl 46 | owner: root:root 47 | path: /root/bin_downloader.sh 48 | permissions: '0644' 49 | ssh_authorized_keys: 50 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 51 | ssh_keys: 52 | rsa_private: | 53 | -----BEGIN RSA PRIVATE KEY----- 54 | MIIEowIBAAKCAQEAr1tnUS7tDy0HkOauV++kWj74fP5YYU87nHTos4MyX21Apb3u 55 | ClQor7Qdf0tK1+rrmS+k2YbUQ6wdW1RgJMJ7es00/4q0NZctQLHiwBiHQPtN4pEO 56 | IA9YS/jD1EZKODvalsg6Qcz7Y4p0ZF2Ez3Q3t4OY49QmTCPLsPqDsHcX//Xn3hH4 57 | kGfqWbqoLRCbbcVsdzay6osmYYnIklaEccl5DpbTHaL8zXnnkQdCpBSoY0loY01t 58 | EESdfWbA7R95cQoUHe2BX07WC9KHt2ZESDcx8H69b801WqJVkxe9B+C1hWk2aZhV 59 | mflpplza4lB8KL9kwbAmETACZDO9jwIvFprVkQIDAQABAoIBAGGevNGREh+UrdWY 60 | 1g3WNuSWkbbj0Ue62DCtVK46p1xAcfDS3yWY3F2UI6etvqic+zN4NolyadCSjHU/ 61 | b5aHPj6K5qosCU6cLnEJlnXiMcmXHTC4F+j5IeqJPlt6Fe9gQrwWE3h2KKytc0Y8 62 | Waczx6C9/es3O2q/srF/hLhEVHQFAUzVQ0VAYdHZUcWgrTRtCi+etXaYssXLbuH/ 63 | R0UVb4qctEHRbE9LwLOG8u7o+xC9xYnmMUKAKgyEwwYIR5F1kR3Ebl/cx10owfqV 64 | YhF7V3hbpAbNUdsdhG/Wv3Q3pRFzz3hRGQpfFPG1PINpf3j5oGTbMzdxuT6ddbq+ 65 | 1wNsWcECgYEA3HXqkoRx5bSvIMhrOQJmrXjxo5ecWfa8sLohJJYkka9G3TprA4fy 66 | 9p1IbPgkzDO0RQmCxKQt3Z7OC5mk1owevpF+sJEEFYKhRdOoS8u3VONp6vWUikVc 67 | hdpeWAOWOc7tiYMyew6+NprBNF2YbgnRnNXdErfGYGt4p2+Yn19+jIUCgYEAy6Ah 68 | OR8pTaGu2p6WYHJtYPa90zHwVSSBcpNREVoNrIPo/YEOZDPCnKTEX+rHoEdSS1lC 69 | n2E3hytP7vv/sPGRz2R7h2+2Off47smdt4wJ6zoioOTPjWnCUfix4Kjay5WGswSJ 70 | tsMVe2WTaUV/bG/d23du4CLmVHnZOmJK0Ml4iJ0CgYBCBgJhLM8bdvg3vi32XdS4 71 | QQ9E6gPGIZGy75s7ZMfA5Zg4auVfolhOKR5mnA4RJa7oOgfysiSWSZf1e2cVZdNT 72 | SSmC4XsyofOAgPnW8USPZKf02OVKX6ls4M/+VdyopWMYGrWEiw7GNaSE9T7QPZqL 73 | +LSDhYwgli8FHfO8TxIMLQKBgQCv5frtIjsGwcWPOvGCDTbpTRw7pWcL1cYw2Itu 74 | JtGrFiQdYO+ypXfW4wp0JRcfIJ05U7kWft99129sbam6C2O+uPlwzJKozsnuVKH2 75 | nXUwCv9A54dXjGV9dA0MmjCvLtK2MBRamXkkKGHHzW4+mQAYhrpzyhIYJU3+fkxM 76 | wc1qjQKBgF7erwUBI5zt+vPcurh/pANDWuEOz1zqBr3svqXytI8UvySuHP9qfHY0 77 | JLdAyiMNRolMOEVe7umTbB95DifK7DqK2bTw9jrtUdOJ18G5cTf3+pv8NZKCg0B8 78 | 56E90uQJS9aJ/qVZiubWiZpFuIX2tqjulqpp9aN3NbA/Uv8YJa78 79 | -----END RSA PRIVATE KEY----- 80 | 81 | rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 82 | bootcmd: 83 | - [ /usr/sbin/iptables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 84 | - [ /usr/sbin/ip6tables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 85 | runcmd: 86 | - [ /usr/bin/cloud-init, single, --name, cc_write_files, --frequency, always ] 87 | - [ /usr/bin/sh, -c, /etc/dynamicaddress.sh ] 88 | - [ /usr/bin/systemctl, enable, NetworkManager-wait-online.service ] 89 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key, /home/ubuntu/.ssh/id_rsa ] 90 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key.pub, /home/ubuntu/.ssh/id_rsa.pub ] 91 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu/.ssh ] 92 | - [ /usr/bin/chmod, +x, /root/bin_downloader.sh ] 93 | - [ /root/bin_downloader.sh ] 94 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu ] 95 | - [ /usr/bin/systemctl, enable, k3s.service ] 96 | 97 | power_state: 98 | mode: reboot 99 | -------------------------------------------------------------------------------- /host1-init.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Tigera, Inc. All rights reserved. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | package_update: true 16 | packages: 17 | - bird 18 | - iptables-persistent 19 | write_files: 20 | - encoding: b64 21 | content: IyEvYmluL3NoCgpbIC1mICIvZXRjL25ldHBsYW4vNTEtc3RhdGljLnlhbWwiIF0gJiYgZXhpdCAwCgp3aGlsZSBbICEgLWYgL2V0Yy9uZXRwbGFuLzUwLWNsb3VkLWluaXQueWFtbCBdOwpkbwogICAgICAgIHNsZWVwIDEKZG9uZQoKSUZBQ0U9JChpcCBsaW5rIHNob3cgIHwgZWdyZXAgIlswLTldOiBlbiIgfCBhd2sgJ3sgcHJpbnQgJDIgfScgfCBjdXQgLWQ6IC1mMSkKCnByaW50ZiAnbmV0d29yazpcbiAgZXRoZXJuZXRzOlxuICAgICVzOlxuICAgICAgYWRkcmVzc2VzOiBbIDE5OC4xOS4xNS4yNTQvMjAgXVxuICB2ZXJzaW9uOiAyJyBkZWZhdWx0IHwgdGVlIC9ldGMvbmV0cGxhbi81MS1zdGF0aWMueWFtbAo= 22 | owner: root:root 23 | path: /etc/dynamicaddress.sh 24 | permissions: '0755' 25 | - encoding: b64 26 | content: IyEvYmluL2Jhc2gKCndoaWxlIFsgISAtZiAvaG9tZS91YnVudHUvLmt1YmUvY29uZmlnIF0KZG8KCXNsZWVwIDEKCWVjaG8gIldhaXRpbmcgdG8gc2NwIGZpbGUgZnJvbSBjb250cm9sLiIKCS91c3IvYmluL3NjcCAtaSAvaG9tZS91YnVudHUvLnNzaC9pZF9yc2EgLW8gU3RyaWN0SG9zdEtleUNoZWNraW5nPW5vIC1vIFVzZXJLbm93bkhvc3RzRmlsZT0vZGV2L251bGwgdWJ1bnR1QDE5OC4xOS4wLjE6L2V0Yy9yYW5jaGVyL2szcy9rM3MueWFtbCAvaG9tZS91YnVudHUvLmt1YmUvY29uZmlnCmRvbmUKCi91c3IvYmluL3NlZCAtaSAncy8xMjcuMC4wLjEvMTk4LjE5LjAuMS9nJyAvaG9tZS91YnVudHUvLmt1YmUvY29uZmlnCgplY2hvIEt1YmVjb25maWcgY29tcGxldGUuCgoK 27 | owner: root:root 28 | path: /etc/k3s-config.sh 29 | permissions: '0755' 30 | - encoding: b64 31 | content: W1VuaXRdCkRlc2NyaXB0aW9uPUluc3RhbGwgazNzIGNvbmZpZwpBZnRlcj1uZXR3b3JrLW9ubGluZS50YXJnZXQKQ29uZGl0aW9uUGF0aEV4aXN0cz0hL2hvbWUvdWJ1bnR1Ly5rdWJlL2NvbmZpZwoKW1NlcnZpY2VdCkV4ZWNTdGFydD0vYmluL3NoIC1jIC9ldGMvazNzLWNvbmZpZy5zaAoKW0luc3RhbGxdCldhbnRlZEJ5ID0gbXVsdGktdXNlci50YXJnZXQK 32 | owner: root:root 33 | path: /etc/systemd/system/k3s-config.service 34 | permissions: '0644' 35 | - encoding: b64 36 | content: bG9nIHN0ZGVyciBhbGw7Cgpyb3V0ZXIgaWQgMTk4LjE5LjE1LjI1NDsKCnByb3RvY29sIGRldmljZSB7CiAgc2NhbiB0aW1lIDI7ICAgICMgU2NhbiBpbnRlcmZhY2VzIGV2ZXJ5IDIgc2Vjb25kcwp9Cgpwcm90b2NvbCBrZXJuZWwgewogIGxlYXJuOyAgICAgICAgICAjIExlYXJuIGFsbCBhbGllbiByb3V0ZXMgZnJvbSB0aGUga2VybmVsCiAgcGVyc2lzdDsgICAgICAgICMgRG9uJ3QgcmVtb3ZlIHJvdXRlcyBvbiBiaXJkIHNodXRkb3duCiAgc2NhbiB0aW1lIDI7ICAgICMgU2NhbiBrZXJuZWwgcm91dGluZyB0YWJsZSBldmVyeSAyIHNlY29uZHMKICBpbXBvcnQgYWxsOwogIGdyYWNlZnVsIHJlc3RhcnQ7CiAgZXhwb3J0IGFsbDsgICAgICMgRGVmYXVsdCBpcyBleHBvcnQgbm9uZQogIG1lcmdlIHBhdGhzOyAgICAjIGVuYWJsZSBlY21wCn0KCnByb3RvY29sIGRpcmVjdCB7CiAgIGRlYnVnIGFsbDsKfQoKZmlsdGVyIGJncF9hbGxvdyB7CiAgaWYgKCBuZXQgPSAxOTguMTkuNDguMC8yMCApIHRoZW4gYWNjZXB0OwogIGlmICggbmV0IH4gWyAxOTguMTkuMzIuMC8yMCtdICkgdGhlbiBhY2NlcHQ7CiAgaWYgKCBuZXQgfiBbIDE5OC4xOS4yNC4wLzIxK10gKSB0aGVuIGFjY2VwdDsKICBlbHNlIHJlamVjdDsKfQoKcHJvdG9jb2wgYmdwICdjb250cm9sJyB7CiAgZGVzY3JpcHRpb24gIkNvbm5lY3Rpb24gdG8gY29udHJvbCI7CiAgbG9jYWwgYXMgNjQ1MTI7CiAgbmVpZ2hib3IgMTk4LjE5LjAuMSBhcyA2NDUxMjsKICBtdWx0aWhvcDsKICBleHBvcnQgbm9uZTsKICBncmFjZWZ1bCByZXN0YXJ0OwogIGltcG9ydCBmaWx0ZXIgYmdwX2FsbG93OwogIGFkZCBwYXRocyBvbjsKfQpwcm90b2NvbCBiZ3AgJ05vZGUxJyB7CiAgZGVzY3JpcHRpb24gIkNvbm5lY3Rpb24gdG8gTm9kZTEiOwogIGxvY2FsIGFzIDY0NTEyOwogIG5laWdoYm9yIDE5OC4xOS4wLjIgYXMgNjQ1MTI7CiAgbXVsdGlob3A7CiAgZXhwb3J0IG5vbmU7CiAgZ3JhY2VmdWwgcmVzdGFydDsKICBpbXBvcnQgZmlsdGVyIGJncF9hbGxvdzsKICBhZGQgcGF0aHMgb247Cn0KcHJvdG9jb2wgYmdwICdOb2RlMicgewogIGRlc2NyaXB0aW9uICJDb25uZWN0aW9uIHRvIE5vZGUyIjsKICBsb2NhbCBhcyA2NDUxMjsKICBuZWlnaGJvciAxOTguMTkuMC4zIGFzIDY0NTEyOwogIG11bHRpaG9wOwogIGV4cG9ydCBub25lOwogIGdyYWNlZnVsIHJlc3RhcnQ7CiAgaW1wb3J0IGZpbHRlciBiZ3BfYWxsb3c7CiAgYWRkIHBhdGhzIG9uOwp9CgoK 37 | owner: root:root 38 | path: /etc/bird/bird.conf 39 | permissions: '0644' 40 | - encoding: b64 41 | content: ZXhwb3J0IEtVQkVDT05GSUc9L2hvbWUvdWJ1bnR1Ly5rdWJlL2NvbmZpZwpleHBvcnQgREFUQVNUT1JFX1RZUEU9a3ViZXJuZXRlcwoK 42 | owner: root:root 43 | path: /etc/skel/.bash_aliases 44 | permissions: '0644' 45 | - encoding: b64 46 | content: CjE5OC4xOS4wLjEgY29udHJvbAoxOTguMTkuMC4yIG5vZGUxCjE5OC4xOS4wLjMgbm9kZTIKMTk4LjE5LjE1LjI1NCBob3N0MQoK 47 | owner: root:root 48 | path: /etc/cloud/templates/hosts.debian.tmpl 49 | append: true 50 | - encoding: b64 51 | content: IyEvYmluL2Jhc2gKQVJDSD1gdW5hbWUgLW1gCmlmIFtbICRBUkNIID09ICJ4ODZfNjQiIF1dCnRoZW4KL3Vzci9iaW4vY3VybCAtbyAvdXNyL2Jpbi9rdWJlY3RsIC1MIGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xOS4yL2Jpbi9saW51eC9hbWQ2NC9rdWJlY3RsCi91c3IvYmluL2NobW9kICt4IC91c3IvYmluL2t1YmVjdGwKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgLUwgaHR0cHM6Ly9naXRodWIuY29tL3Byb2plY3RjYWxpY28vY2FsaWNvY3RsL3JlbGVhc2VzL2Rvd25sb2FkL3YzLjIxLjQvY2FsaWNvY3RsLWxpbnV4LWFtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL2NhbGljb2N0bCAKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkgLUwgaHR0cHM6Ly9naXRodWIuY29tL3RpZ2VyYS9jY29sMS9yZWxlYXNlcy9kb3dubG9hZC8xLjAvdmVyaWZ5X2FtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL3ZlcmlmeQplbHNlCi91c3IvYmluL2N1cmwgLW8gL3Vzci9iaW4va3ViZWN0bCAtTCBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMTkuMi9iaW4vbGludXgvYXJtNjQva3ViZWN0bAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2Jpbi9rdWJlY3RsCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vY2FsaWNvY3RsIC1MIGh0dHBzOi8vZ2l0aHViLmNvbS9wcm9qZWN0Y2FsaWNvL2NhbGljb2N0bC9yZWxlYXNlcy9kb3dubG9hZC92My4yMS40L2NhbGljb2N0bC1saW51eC1hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vdmVyaWZ5IC1MIGh0dHBzOi8vZ2l0aHViLmNvbS90aWdlcmEvY2NvbDEvcmVsZWFzZXMvZG93bmxvYWQvMS4wL3ZlcmlmeV9hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkKZmkKL3Vzci9iaW4vZWNobyBhbGlhcyBjYWxpY29jdGw9IidjYWxpY29jdGwgLS1hbGxvdy12ZXJzaW9uLW1pc21hdGNoJyIgPj4gL2V0Yy9wcm9maWxl 52 | owner: root:root 53 | path: /root/bin_downloader.sh 54 | permissions: '0644' 55 | ssh_authorized_keys: 56 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 57 | ssh_keys: 58 | rsa_private: | 59 | -----BEGIN RSA PRIVATE KEY----- 60 | MIIEowIBAAKCAQEAr1tnUS7tDy0HkOauV++kWj74fP5YYU87nHTos4MyX21Apb3u 61 | ClQor7Qdf0tK1+rrmS+k2YbUQ6wdW1RgJMJ7es00/4q0NZctQLHiwBiHQPtN4pEO 62 | IA9YS/jD1EZKODvalsg6Qcz7Y4p0ZF2Ez3Q3t4OY49QmTCPLsPqDsHcX//Xn3hH4 63 | kGfqWbqoLRCbbcVsdzay6osmYYnIklaEccl5DpbTHaL8zXnnkQdCpBSoY0loY01t 64 | EESdfWbA7R95cQoUHe2BX07WC9KHt2ZESDcx8H69b801WqJVkxe9B+C1hWk2aZhV 65 | mflpplza4lB8KL9kwbAmETACZDO9jwIvFprVkQIDAQABAoIBAGGevNGREh+UrdWY 66 | 1g3WNuSWkbbj0Ue62DCtVK46p1xAcfDS3yWY3F2UI6etvqic+zN4NolyadCSjHU/ 67 | b5aHPj6K5qosCU6cLnEJlnXiMcmXHTC4F+j5IeqJPlt6Fe9gQrwWE3h2KKytc0Y8 68 | Waczx6C9/es3O2q/srF/hLhEVHQFAUzVQ0VAYdHZUcWgrTRtCi+etXaYssXLbuH/ 69 | R0UVb4qctEHRbE9LwLOG8u7o+xC9xYnmMUKAKgyEwwYIR5F1kR3Ebl/cx10owfqV 70 | YhF7V3hbpAbNUdsdhG/Wv3Q3pRFzz3hRGQpfFPG1PINpf3j5oGTbMzdxuT6ddbq+ 71 | 1wNsWcECgYEA3HXqkoRx5bSvIMhrOQJmrXjxo5ecWfa8sLohJJYkka9G3TprA4fy 72 | 9p1IbPgkzDO0RQmCxKQt3Z7OC5mk1owevpF+sJEEFYKhRdOoS8u3VONp6vWUikVc 73 | hdpeWAOWOc7tiYMyew6+NprBNF2YbgnRnNXdErfGYGt4p2+Yn19+jIUCgYEAy6Ah 74 | OR8pTaGu2p6WYHJtYPa90zHwVSSBcpNREVoNrIPo/YEOZDPCnKTEX+rHoEdSS1lC 75 | n2E3hytP7vv/sPGRz2R7h2+2Off47smdt4wJ6zoioOTPjWnCUfix4Kjay5WGswSJ 76 | tsMVe2WTaUV/bG/d23du4CLmVHnZOmJK0Ml4iJ0CgYBCBgJhLM8bdvg3vi32XdS4 77 | QQ9E6gPGIZGy75s7ZMfA5Zg4auVfolhOKR5mnA4RJa7oOgfysiSWSZf1e2cVZdNT 78 | SSmC4XsyofOAgPnW8USPZKf02OVKX6ls4M/+VdyopWMYGrWEiw7GNaSE9T7QPZqL 79 | +LSDhYwgli8FHfO8TxIMLQKBgQCv5frtIjsGwcWPOvGCDTbpTRw7pWcL1cYw2Itu 80 | JtGrFiQdYO+ypXfW4wp0JRcfIJ05U7kWft99129sbam6C2O+uPlwzJKozsnuVKH2 81 | nXUwCv9A54dXjGV9dA0MmjCvLtK2MBRamXkkKGHHzW4+mQAYhrpzyhIYJU3+fkxM 82 | wc1qjQKBgF7erwUBI5zt+vPcurh/pANDWuEOz1zqBr3svqXytI8UvySuHP9qfHY0 83 | JLdAyiMNRolMOEVe7umTbB95DifK7DqK2bTw9jrtUdOJ18G5cTf3+pv8NZKCg0B8 84 | 56E90uQJS9aJ/qVZiubWiZpFuIX2tqjulqpp9aN3NbA/Uv8YJa78 85 | -----END RSA PRIVATE KEY----- 86 | 87 | rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 88 | bootcmd: 89 | - [ /usr/sbin/iptables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 90 | - [ /usr/sbin/ip6tables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 91 | runcmd: 92 | - [ /usr/bin/cloud-init, single, --name, cc_write_files, --frequency, always ] 93 | - [ /usr/bin/sh, -c, /etc/dynamicaddress.sh ] 94 | - [ /usr/bin/systemctl, enable, NetworkManager-wait-online.service ] 95 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key, /home/ubuntu/.ssh/id_rsa ] 96 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key.pub, /home/ubuntu/.ssh/id_rsa.pub ] 97 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu/.ssh ] 98 | - [ /usr/bin/mkdir, /home/ubuntu/.kube ] 99 | - [ /usr/bin/chmod, +x, /root/bin_downloader.sh ] 100 | - [ /root/bin_downloader.sh ] 101 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu ] 102 | - [ /usr/bin/systemctl, enable, k3s-config.service ] 103 | 104 | power_state: 105 | mode: reboot 106 | -------------------------------------------------------------------------------- /nginx.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: nginx 6 | namespace: external-ns 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: nginx 12 | template: 13 | metadata: 14 | labels: 15 | app: nginx 16 | version: v1 17 | spec: 18 | containers: 19 | - name: nginx 20 | image: nginx 21 | imagePullPolicy: IfNotPresent 22 | nodeSelector: 23 | kubernetes.io/hostname: node1 24 | 25 | --- 26 | kind: NetworkPolicy 27 | apiVersion: networking.k8s.io/v1 28 | metadata: 29 | name: nginx 30 | namespace: external-ns 31 | spec: 32 | podSelector: 33 | matchLabels: 34 | app: nginx 35 | policyTypes: 36 | - Ingress 37 | - Egress 38 | ingress: 39 | - ports: 40 | - protocol: TCP 41 | port: 80 42 | --- -------------------------------------------------------------------------------- /node1-init.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Tigera, Inc. All rights reserved. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | package_update: true 16 | packages: 17 | - vsftpd 18 | - iptables-persistent 19 | write_files: 20 | - encoding: b64 21 | content: IyEvYmluL3NoCgpbIC1mICIvZXRjL25ldHBsYW4vNTEtc3RhdGljLnlhbWwiIF0gJiYgZXhpdCAwCgp3aGlsZSBbICEgLWYgL2V0Yy9uZXRwbGFuLzUwLWNsb3VkLWluaXQueWFtbCBdOwpkbwogICAgICAgIHNsZWVwIDEKZG9uZQoKSUZBQ0U9JChpcCBsaW5rIHNob3cgIHwgZWdyZXAgIlswLTldOiBlbiIgfCBhd2sgJ3sgcHJpbnQgJDIgfScgfCBjdXQgLWQ6IC1mMSkKCnByaW50ZiAnbmV0d29yazpcbiAgZXRoZXJuZXRzOlxuICAgICVzOlxuICAgICAgYWRkcmVzc2VzOiBbIDE5OC4xOS4wLjIvMjAgXVxuICB2ZXJzaW9uOiAyJyBkZWZhdWx0IHwgdGVlIC9ldGMvbmV0cGxhbi81MS1zdGF0aWMueWFtbAo= 22 | owner: root:root 23 | path: /etc/dynamicaddress.sh 24 | permissions: '0755' 25 | - encoding: b64 26 | content: W1VuaXRdCkRlc2NyaXB0aW9uPUluc3RhbGwgazNzIG5vZGUKQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CkNvbmRpdGlvblBhdGhFeGlzdHM9IS92YXIvbGliL3JhbmNoZXIvazNzCgpbU2VydmljZV0KRXhlY1N0YXJ0PS9iaW4vc2ggLWMgL2V0Yy9rM3MtYWdlbnQuc2gKCltJbnN0YWxsXQpXYW50ZWRCeSA9IG11bHRpLXVzZXIudGFyZ2V0 27 | owner: root:root 28 | path: /etc/systemd/system/k3s-agent.service 29 | permissions: '0644' 30 | - encoding: b64 31 | content: IyEvYmluL2Jhc2gKClRPS0VOPSIiCndoaWxlIFsgLXogIiRUT0tFTiIgXQpkbwoJc2xlZXAgMQoJVE9LRU49JChlY2hvIHN1ZG8gY2F0IC92YXIvbGliL3JhbmNoZXIvazNzL3NlcnZlci9ub2RlLXRva2VuIHwgc3NoIC1pIC9ob21lL3VidW50dS8uc3NoL2lkX3JzYSAtbyBTdHJpY3RIb3N0S2V5Q2hlY2tpbmc9bm8gLW8gVXNlcktub3duSG9zdHNGaWxlPS9kZXYvbnVsbCB1YnVudHVAMTk4LjE5LjAuMSB8IGdyZXAgJzo6c2VydmVyOicpCmRvbmUKCmVjaG8gIlRva2VuIGFjcXVpcmVkOiAkVE9LRU4iCgp3aGlsZSBbICEgLWQgL3Zhci9saWIvcmFuY2hlciBdCmRvCgljdXJsIC1zZkwgaHR0cHM6Ly9nZXQuazNzLmlvIHwgSU5TVEFMTF9LM1NfVkVSU0lPTj0idjEuMTguMTArazNzMSIgSzNTX1VSTD1odHRwczovLzE5OC4xOS4wLjE6NjQ0MyBLM1NfVE9LRU49JFRPS0VOIHNoIC0KCXNsZWVwIDEKZG9uZQoKZWNobyBJbnN0YWxsYXRpb24gQ29tcGxldGVkLgoK 32 | owner: root:root 33 | path: /etc/k3s-agent.sh 34 | permissions: '0755' 35 | - encoding: b64 36 | content: ZXhwb3J0IEtVQkVDT05GSUc9L2hvbWUvdWJ1bnR1Ly5rdWJlL2NvbmZpZwpleHBvcnQgREFUQVNUT1JFX1RZUEU9a3ViZXJuZXRlcwoK 37 | owner: root:root 38 | path: /etc/skel/.bash_aliases 39 | - encoding: b64 40 | content: CjE5OC4xOS4wLjEgY29udHJvbAoxOTguMTkuMC4yIG5vZGUxCjE5OC4xOS4wLjMgbm9kZTIKMTk4LjE5LjE1LjI1NCBob3N0MQoK 41 | owner: root:root 42 | path: /etc/cloud/templates/hosts.debian.tmpl 43 | append: true 44 | - encoding: b64 45 | content: IyEvYmluL2Jhc2gKQVJDSD1gdW5hbWUgLW1gCmlmIFtbICRBUkNIID09ICJ4ODZfNjQiIF1dCnRoZW4KL3Vzci9iaW4vY3VybCAtbyAvdXNyL2Jpbi9rdWJlY3RsIC1MIGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xOS4yL2Jpbi9saW51eC9hbWQ2NC9rdWJlY3RsCi91c3IvYmluL2NobW9kICt4IC91c3IvYmluL2t1YmVjdGwKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgLUwgaHR0cHM6Ly9naXRodWIuY29tL3Byb2plY3RjYWxpY28vY2FsaWNvY3RsL3JlbGVhc2VzL2Rvd25sb2FkL3YzLjIxLjQvY2FsaWNvY3RsLWxpbnV4LWFtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL2NhbGljb2N0bCAKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkgLUwgaHR0cHM6Ly9naXRodWIuY29tL3RpZ2VyYS9jY29sMS9yZWxlYXNlcy9kb3dubG9hZC8xLjAvdmVyaWZ5X2FtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL3ZlcmlmeQplbHNlCi91c3IvYmluL2N1cmwgLW8gL3Vzci9iaW4va3ViZWN0bCAtTCBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMTkuMi9iaW4vbGludXgvYXJtNjQva3ViZWN0bAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2Jpbi9rdWJlY3RsCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vY2FsaWNvY3RsIC1MIGh0dHBzOi8vZ2l0aHViLmNvbS9wcm9qZWN0Y2FsaWNvL2NhbGljb2N0bC9yZWxlYXNlcy9kb3dubG9hZC92My4yMS40L2NhbGljb2N0bC1saW51eC1hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vdmVyaWZ5IC1MIGh0dHBzOi8vZ2l0aHViLmNvbS90aWdlcmEvY2NvbDEvcmVsZWFzZXMvZG93bmxvYWQvMS4wL3ZlcmlmeV9hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkKZmkKL3Vzci9iaW4vZWNobyBhbGlhcyBjYWxpY29jdGw9IidjYWxpY29jdGwgLS1hbGxvdy12ZXJzaW9uLW1pc21hdGNoJyIgPj4gL2V0Yy9wcm9maWxl 46 | owner: root:root 47 | path: /root/bin_downloader.sh 48 | permissions: '0644' 49 | ssh_authorized_keys: 50 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 51 | ssh_keys: 52 | rsa_private: | 53 | -----BEGIN RSA PRIVATE KEY----- 54 | MIIEowIBAAKCAQEAr1tnUS7tDy0HkOauV++kWj74fP5YYU87nHTos4MyX21Apb3u 55 | ClQor7Qdf0tK1+rrmS+k2YbUQ6wdW1RgJMJ7es00/4q0NZctQLHiwBiHQPtN4pEO 56 | IA9YS/jD1EZKODvalsg6Qcz7Y4p0ZF2Ez3Q3t4OY49QmTCPLsPqDsHcX//Xn3hH4 57 | kGfqWbqoLRCbbcVsdzay6osmYYnIklaEccl5DpbTHaL8zXnnkQdCpBSoY0loY01t 58 | EESdfWbA7R95cQoUHe2BX07WC9KHt2ZESDcx8H69b801WqJVkxe9B+C1hWk2aZhV 59 | mflpplza4lB8KL9kwbAmETACZDO9jwIvFprVkQIDAQABAoIBAGGevNGREh+UrdWY 60 | 1g3WNuSWkbbj0Ue62DCtVK46p1xAcfDS3yWY3F2UI6etvqic+zN4NolyadCSjHU/ 61 | b5aHPj6K5qosCU6cLnEJlnXiMcmXHTC4F+j5IeqJPlt6Fe9gQrwWE3h2KKytc0Y8 62 | Waczx6C9/es3O2q/srF/hLhEVHQFAUzVQ0VAYdHZUcWgrTRtCi+etXaYssXLbuH/ 63 | R0UVb4qctEHRbE9LwLOG8u7o+xC9xYnmMUKAKgyEwwYIR5F1kR3Ebl/cx10owfqV 64 | YhF7V3hbpAbNUdsdhG/Wv3Q3pRFzz3hRGQpfFPG1PINpf3j5oGTbMzdxuT6ddbq+ 65 | 1wNsWcECgYEA3HXqkoRx5bSvIMhrOQJmrXjxo5ecWfa8sLohJJYkka9G3TprA4fy 66 | 9p1IbPgkzDO0RQmCxKQt3Z7OC5mk1owevpF+sJEEFYKhRdOoS8u3VONp6vWUikVc 67 | hdpeWAOWOc7tiYMyew6+NprBNF2YbgnRnNXdErfGYGt4p2+Yn19+jIUCgYEAy6Ah 68 | OR8pTaGu2p6WYHJtYPa90zHwVSSBcpNREVoNrIPo/YEOZDPCnKTEX+rHoEdSS1lC 69 | n2E3hytP7vv/sPGRz2R7h2+2Off47smdt4wJ6zoioOTPjWnCUfix4Kjay5WGswSJ 70 | tsMVe2WTaUV/bG/d23du4CLmVHnZOmJK0Ml4iJ0CgYBCBgJhLM8bdvg3vi32XdS4 71 | QQ9E6gPGIZGy75s7ZMfA5Zg4auVfolhOKR5mnA4RJa7oOgfysiSWSZf1e2cVZdNT 72 | SSmC4XsyofOAgPnW8USPZKf02OVKX6ls4M/+VdyopWMYGrWEiw7GNaSE9T7QPZqL 73 | +LSDhYwgli8FHfO8TxIMLQKBgQCv5frtIjsGwcWPOvGCDTbpTRw7pWcL1cYw2Itu 74 | JtGrFiQdYO+ypXfW4wp0JRcfIJ05U7kWft99129sbam6C2O+uPlwzJKozsnuVKH2 75 | nXUwCv9A54dXjGV9dA0MmjCvLtK2MBRamXkkKGHHzW4+mQAYhrpzyhIYJU3+fkxM 76 | wc1qjQKBgF7erwUBI5zt+vPcurh/pANDWuEOz1zqBr3svqXytI8UvySuHP9qfHY0 77 | JLdAyiMNRolMOEVe7umTbB95DifK7DqK2bTw9jrtUdOJ18G5cTf3+pv8NZKCg0B8 78 | 56E90uQJS9aJ/qVZiubWiZpFuIX2tqjulqpp9aN3NbA/Uv8YJa78 79 | -----END RSA PRIVATE KEY----- 80 | 81 | rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 82 | bootcmd: 83 | - [ /usr/sbin/iptables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 84 | - [ /usr/sbin/ip6tables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 85 | runcmd: 86 | - [ /usr/bin/cloud-init, single, --name, cc_write_files, --frequency, always ] 87 | - [ /usr/bin/sh, -c, /etc/dynamicaddress.sh ] 88 | - [ /usr/bin/systemctl, enable, NetworkManager-wait-online.service ] 89 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key, /home/ubuntu/.ssh/id_rsa ] 90 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key.pub, /home/ubuntu/.ssh/id_rsa.pub ] 91 | - [ /usr/bin/chmod, +x, /root/bin_downloader.sh ] 92 | - [ /root/bin_downloader.sh ] 93 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu ] 94 | - [ /usr/bin/systemctl, enable, k3s-agent.service ] 95 | 96 | power_state: 97 | mode: reboot 98 | -------------------------------------------------------------------------------- /node2-init.yaml: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2020 Tigera, Inc. All rights reserved. 2 | 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | package_update: true 16 | packages: 17 | - vsftpd 18 | - iptables-persistent 19 | write_files: 20 | - encoding: b64 21 | content: IyEvYmluL3NoCgpbIC1mICIvZXRjL25ldHBsYW4vNTEtc3RhdGljLnlhbWwiIF0gJiYgZXhpdCAwCgp3aGlsZSBbICEgLWYgL2V0Yy9uZXRwbGFuLzUwLWNsb3VkLWluaXQueWFtbCBdOwpkbwogICAgICAgIHNsZWVwIDEKZG9uZQoKSUZBQ0U9JChpcCBsaW5rIHNob3cgIHwgZWdyZXAgIlswLTldOiBlbiIgfCBhd2sgJ3sgcHJpbnQgJDIgfScgfCBjdXQgLWQ6IC1mMSkKCnByaW50ZiAnbmV0d29yazpcbiAgZXRoZXJuZXRzOlxuICAgICVzOlxuICAgICAgYWRkcmVzc2VzOiBbIDE5OC4xOS4wLjMvMjAgXVxuICB2ZXJzaW9uOiAyJyBkZWZhdWx0IHwgdGVlIC9ldGMvbmV0cGxhbi81MS1zdGF0aWMueWFtbAo= 22 | owner: root:root 23 | path: /etc/dynamicaddress.sh 24 | permissions: '0755' 25 | - encoding: b64 26 | content: W1VuaXRdCkRlc2NyaXB0aW9uPUluc3RhbGwgazNzIG5vZGUKQWZ0ZXI9bmV0d29yay1vbmxpbmUudGFyZ2V0CkNvbmRpdGlvblBhdGhFeGlzdHM9IS92YXIvbGliL3JhbmNoZXIvazNzCgpbU2VydmljZV0KRXhlY1N0YXJ0PS9iaW4vc2ggLWMgL2V0Yy9rM3MtYWdlbnQuc2gKCltJbnN0YWxsXQpXYW50ZWRCeSA9IG11bHRpLXVzZXIudGFyZ2V0 27 | owner: root:root 28 | path: /etc/systemd/system/k3s-agent.service 29 | permissions: '0644' 30 | - encoding: b64 31 | content: IyEvYmluL2Jhc2gKClRPS0VOPSIiCndoaWxlIFsgLXogIiRUT0tFTiIgXQpkbwoJc2xlZXAgMQoJVE9LRU49JChlY2hvIHN1ZG8gY2F0IC92YXIvbGliL3JhbmNoZXIvazNzL3NlcnZlci9ub2RlLXRva2VuIHwgc3NoIC1pIC9ob21lL3VidW50dS8uc3NoL2lkX3JzYSAtbyBTdHJpY3RIb3N0S2V5Q2hlY2tpbmc9bm8gLW8gVXNlcktub3duSG9zdHNGaWxlPS9kZXYvbnVsbCB1YnVudHVAMTk4LjE5LjAuMSB8IGdyZXAgJzo6c2VydmVyOicpCmRvbmUKCmVjaG8gIlRva2VuIGFjcXVpcmVkOiAkVE9LRU4iCgp3aGlsZSBbICEgLWQgL3Zhci9saWIvcmFuY2hlciBdCmRvCgljdXJsIC1zZkwgaHR0cHM6Ly9nZXQuazNzLmlvIHwgSU5TVEFMTF9LM1NfVkVSU0lPTj0idjEuMTguMTArazNzMSIgSzNTX1VSTD1odHRwczovLzE5OC4xOS4wLjE6NjQ0MyBLM1NfVE9LRU49JFRPS0VOIHNoIC0KCXNsZWVwIDEKZG9uZQoKZWNobyBJbnN0YWxsYXRpb24gQ29tcGxldGVkLgoK 32 | owner: root:root 33 | path: /etc/k3s-agent.sh 34 | permissions: '0755' 35 | - encoding: b64 36 | content: ZXhwb3J0IEtVQkVDT05GSUc9L2hvbWUvdWJ1bnR1Ly5rdWJlL2NvbmZpZwpleHBvcnQgREFUQVNUT1JFX1RZUEU9a3ViZXJuZXRlcwoK 37 | owner: root:root 38 | path: /etc/skel/.bash_aliases 39 | - encoding: b64 40 | content: CjE5OC4xOS4wLjEgY29udHJvbAoxOTguMTkuMC4yIG5vZGUxCjE5OC4xOS4wLjMgbm9kZTIKMTk4LjE5LjE1LjI1NCBob3N0MQoK 41 | owner: root:root 42 | path: /etc/cloud/templates/hosts.debian.tmpl 43 | append: true 44 | - encoding: b64 45 | content: IyEvYmluL2Jhc2gKQVJDSD1gdW5hbWUgLW1gCmlmIFtbICRBUkNIID09ICJ4ODZfNjQiIF1dCnRoZW4KL3Vzci9iaW4vY3VybCAtbyAvdXNyL2Jpbi9rdWJlY3RsIC1MIGh0dHBzOi8vc3RvcmFnZS5nb29nbGVhcGlzLmNvbS9rdWJlcm5ldGVzLXJlbGVhc2UvcmVsZWFzZS92MS4xOS4yL2Jpbi9saW51eC9hbWQ2NC9rdWJlY3RsCi91c3IvYmluL2NobW9kICt4IC91c3IvYmluL2t1YmVjdGwKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgLUwgaHR0cHM6Ly9naXRodWIuY29tL3Byb2plY3RjYWxpY28vY2FsaWNvY3RsL3JlbGVhc2VzL2Rvd25sb2FkL3YzLjIxLjQvY2FsaWNvY3RsLWxpbnV4LWFtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL2NhbGljb2N0bCAKL3Vzci9iaW4vY3VybCAtbyAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkgLUwgaHR0cHM6Ly9naXRodWIuY29tL3RpZ2VyYS9jY29sMS9yZWxlYXNlcy9kb3dubG9hZC8xLjAvdmVyaWZ5X2FtZDY0Ci91c3IvYmluL2NobW9kICt4IC91c3IvbG9jYWwvYmluL3ZlcmlmeQplbHNlCi91c3IvYmluL2N1cmwgLW8gL3Vzci9iaW4va3ViZWN0bCAtTCBodHRwczovL3N0b3JhZ2UuZ29vZ2xlYXBpcy5jb20va3ViZXJuZXRlcy1yZWxlYXNlL3JlbGVhc2UvdjEuMTkuMi9iaW4vbGludXgvYXJtNjQva3ViZWN0bAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2Jpbi9rdWJlY3RsCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vY2FsaWNvY3RsIC1MIGh0dHBzOi8vZ2l0aHViLmNvbS9wcm9qZWN0Y2FsaWNvL2NhbGljb2N0bC9yZWxlYXNlcy9kb3dubG9hZC92My4yMS40L2NhbGljb2N0bC1saW51eC1hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi9jYWxpY29jdGwgCi91c3IvYmluL2N1cmwgLW8gL3Vzci9sb2NhbC9iaW4vdmVyaWZ5IC1MIGh0dHBzOi8vZ2l0aHViLmNvbS90aWdlcmEvY2NvbDEvcmVsZWFzZXMvZG93bmxvYWQvMS4wL3ZlcmlmeV9hcm02NAovdXNyL2Jpbi9jaG1vZCAreCAvdXNyL2xvY2FsL2Jpbi92ZXJpZnkKZmkKL3Vzci9iaW4vZWNobyBhbGlhcyBjYWxpY29jdGw9IidjYWxpY29jdGwgLS1hbGxvdy12ZXJzaW9uLW1pc21hdGNoJyIgPj4gL2V0Yy9wcm9maWxl 46 | owner: root:root 47 | path: /root/bin_downloader.sh 48 | permissions: '0644' 49 | ssh_authorized_keys: 50 | - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 51 | ssh_keys: 52 | rsa_private: | 53 | -----BEGIN RSA PRIVATE KEY----- 54 | MIIEowIBAAKCAQEAr1tnUS7tDy0HkOauV++kWj74fP5YYU87nHTos4MyX21Apb3u 55 | ClQor7Qdf0tK1+rrmS+k2YbUQ6wdW1RgJMJ7es00/4q0NZctQLHiwBiHQPtN4pEO 56 | IA9YS/jD1EZKODvalsg6Qcz7Y4p0ZF2Ez3Q3t4OY49QmTCPLsPqDsHcX//Xn3hH4 57 | kGfqWbqoLRCbbcVsdzay6osmYYnIklaEccl5DpbTHaL8zXnnkQdCpBSoY0loY01t 58 | EESdfWbA7R95cQoUHe2BX07WC9KHt2ZESDcx8H69b801WqJVkxe9B+C1hWk2aZhV 59 | mflpplza4lB8KL9kwbAmETACZDO9jwIvFprVkQIDAQABAoIBAGGevNGREh+UrdWY 60 | 1g3WNuSWkbbj0Ue62DCtVK46p1xAcfDS3yWY3F2UI6etvqic+zN4NolyadCSjHU/ 61 | b5aHPj6K5qosCU6cLnEJlnXiMcmXHTC4F+j5IeqJPlt6Fe9gQrwWE3h2KKytc0Y8 62 | Waczx6C9/es3O2q/srF/hLhEVHQFAUzVQ0VAYdHZUcWgrTRtCi+etXaYssXLbuH/ 63 | R0UVb4qctEHRbE9LwLOG8u7o+xC9xYnmMUKAKgyEwwYIR5F1kR3Ebl/cx10owfqV 64 | YhF7V3hbpAbNUdsdhG/Wv3Q3pRFzz3hRGQpfFPG1PINpf3j5oGTbMzdxuT6ddbq+ 65 | 1wNsWcECgYEA3HXqkoRx5bSvIMhrOQJmrXjxo5ecWfa8sLohJJYkka9G3TprA4fy 66 | 9p1IbPgkzDO0RQmCxKQt3Z7OC5mk1owevpF+sJEEFYKhRdOoS8u3VONp6vWUikVc 67 | hdpeWAOWOc7tiYMyew6+NprBNF2YbgnRnNXdErfGYGt4p2+Yn19+jIUCgYEAy6Ah 68 | OR8pTaGu2p6WYHJtYPa90zHwVSSBcpNREVoNrIPo/YEOZDPCnKTEX+rHoEdSS1lC 69 | n2E3hytP7vv/sPGRz2R7h2+2Off47smdt4wJ6zoioOTPjWnCUfix4Kjay5WGswSJ 70 | tsMVe2WTaUV/bG/d23du4CLmVHnZOmJK0Ml4iJ0CgYBCBgJhLM8bdvg3vi32XdS4 71 | QQ9E6gPGIZGy75s7ZMfA5Zg4auVfolhOKR5mnA4RJa7oOgfysiSWSZf1e2cVZdNT 72 | SSmC4XsyofOAgPnW8USPZKf02OVKX6ls4M/+VdyopWMYGrWEiw7GNaSE9T7QPZqL 73 | +LSDhYwgli8FHfO8TxIMLQKBgQCv5frtIjsGwcWPOvGCDTbpTRw7pWcL1cYw2Itu 74 | JtGrFiQdYO+ypXfW4wp0JRcfIJ05U7kWft99129sbam6C2O+uPlwzJKozsnuVKH2 75 | nXUwCv9A54dXjGV9dA0MmjCvLtK2MBRamXkkKGHHzW4+mQAYhrpzyhIYJU3+fkxM 76 | wc1qjQKBgF7erwUBI5zt+vPcurh/pANDWuEOz1zqBr3svqXytI8UvySuHP9qfHY0 77 | JLdAyiMNRolMOEVe7umTbB95DifK7DqK2bTw9jrtUdOJ18G5cTf3+pv8NZKCg0B8 78 | 56E90uQJS9aJ/qVZiubWiZpFuIX2tqjulqpp9aN3NbA/Uv8YJa78 79 | -----END RSA PRIVATE KEY----- 80 | 81 | rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCvW2dRLu0PLQeQ5q5X76RaPvh8/lhhTzucdOizgzJfbUClve4KVCivtB1/S0rX6uuZL6TZhtRDrB1bVGAkwnt6zTT/irQ1ly1AseLAGIdA+03ikQ4gD1hL+MPURko4O9qWyDpBzPtjinRkXYTPdDe3g5jj1CZMI8uw+oOwdxf/9efeEfiQZ+pZuqgtEJttxWx3NrLqiyZhiciSVoRxyXkOltMdovzNeeeRB0KkFKhjSWhjTW0QRJ19ZsDtH3lxChQd7YFfTtYL0oe3ZkRINzHwfr1vzTVaolWTF70H4LWFaTZpmFWZ+WmmXNriUHwov2TBsCYRMAJkM72PAi8WmtWR calico@cloud 82 | bootcmd: 83 | - [ /usr/sbin/iptables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 84 | - [ /usr/sbin/ip6tables, -t, mangle, -A, POSTROUTING, -p, tcp, --tcp-flags, 'SYN,RST', SYN, -j, TCPMSS, --set-mss, 1300 ] 85 | runcmd: 86 | - [ /usr/bin/cloud-init, single, --name, cc_write_files, --frequency, always ] 87 | - [ /usr/bin/sh, -c, /etc/dynamicaddress.sh ] 88 | - [ /usr/bin/systemctl, enable, NetworkManager-wait-online.service ] 89 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key, /home/ubuntu/.ssh/id_rsa ] 90 | - [ /usr/bin/cp, -Ra, /etc/ssh/ssh_host_rsa_key.pub, /home/ubuntu/.ssh/id_rsa.pub ] 91 | - [ /usr/bin/chmod, +x, /root/bin_downloader.sh ] 92 | - [ /root/bin_downloader.sh ] 93 | - [ /usr/bin/chown, -R, ubuntu:ubuntu, /home/ubuntu ] 94 | - [ /usr/bin/systemctl, enable, k3s-agent.service ] 95 | 96 | power_state: 97 | mode: reboot 98 | -------------------------------------------------------------------------------- /yaobank.yaml: -------------------------------------------------------------------------------- 1 | --- 2 | apiVersion: v1 3 | kind: Namespace 4 | metadata: 5 | name: yaobank 6 | labels: 7 | istio-injection: disabled 8 | 9 | --- 10 | apiVersion: v1 11 | kind: Service 12 | metadata: 13 | name: database 14 | namespace: yaobank 15 | labels: 16 | app: database 17 | spec: 18 | ports: 19 | - port: 2379 20 | name: http 21 | selector: 22 | app: database 23 | 24 | --- 25 | apiVersion: v1 26 | kind: ServiceAccount 27 | metadata: 28 | name: database 29 | namespace: yaobank 30 | labels: 31 | app: yaobank 32 | 33 | --- 34 | apiVersion: apps/v1 35 | kind: Deployment 36 | metadata: 37 | name: database 38 | namespace: yaobank 39 | spec: 40 | selector: 41 | matchLabels: 42 | app: database 43 | version: v1 44 | replicas: 1 45 | template: 46 | metadata: 47 | labels: 48 | app: database 49 | version: v1 50 | spec: 51 | serviceAccountName: database 52 | containers: 53 | - name: database 54 | image: calico/yaobank-database:multiarch 55 | env: 56 | - name: ETCD_UNSUPPORTED_ARCH 57 | value: "arm64" 58 | imagePullPolicy: IfNotPresent 59 | ports: 60 | - containerPort: 2379 61 | command: ["etcd"] 62 | args: 63 | - "-advertise-client-urls" 64 | - "http://database:2379" 65 | - "-listen-client-urls" 66 | - "http://0.0.0.0:2379" 67 | nodeSelector: 68 | kubernetes.io/hostname: node2 69 | 70 | --- 71 | apiVersion: v1 72 | kind: Service 73 | metadata: 74 | name: summary 75 | namespace: yaobank 76 | labels: 77 | app: summary 78 | spec: 79 | ports: 80 | - port: 80 81 | name: http 82 | selector: 83 | app: summary 84 | 85 | --- 86 | apiVersion: v1 87 | kind: ServiceAccount 88 | metadata: 89 | name: summary 90 | namespace: yaobank 91 | labels: 92 | app: yaobank 93 | database: reader 94 | 95 | --- 96 | apiVersion: apps/v1 97 | kind: Deployment 98 | metadata: 99 | name: summary 100 | namespace: yaobank 101 | spec: 102 | replicas: 2 103 | selector: 104 | matchLabels: 105 | app: summary 106 | version: v1 107 | template: 108 | metadata: 109 | labels: 110 | app: summary 111 | version: v1 112 | spec: 113 | serviceAccountName: summary 114 | containers: 115 | - name: summary 116 | image: calico/yaobank-summary:multiarch 117 | imagePullPolicy: Always 118 | ports: 119 | - containerPort: 80 120 | 121 | --- 122 | apiVersion: v1 123 | kind: Service 124 | metadata: 125 | name: customer 126 | namespace: yaobank 127 | labels: 128 | app: customer 129 | spec: 130 | type: NodePort 131 | ports: 132 | - port: 80 133 | nodePort: 30180 134 | name: http 135 | selector: 136 | app: customer 137 | 138 | --- 139 | apiVersion: v1 140 | kind: ServiceAccount 141 | metadata: 142 | name: customer 143 | namespace: yaobank 144 | labels: 145 | app: yaobank 146 | summary: reader 147 | 148 | --- 149 | apiVersion: apps/v1 150 | kind: Deployment 151 | metadata: 152 | name: customer 153 | namespace: yaobank 154 | spec: 155 | replicas: 1 156 | selector: 157 | matchLabels: 158 | app: customer 159 | version: v1 160 | template: 161 | metadata: 162 | labels: 163 | app: customer 164 | version: v1 165 | spec: 166 | serviceAccountName: customer 167 | containers: 168 | - name: customer 169 | image: calico/yaobank-customer:multiarch 170 | imagePullPolicy: Always 171 | ports: 172 | - containerPort: 80 173 | nodeSelector: 174 | kubernetes.io/hostname: node1 175 | --- 176 | --------------------------------------------------------------------------------