diff --git a/.gitignore b/.gitignore index eaf103a..60e348d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,7 @@ -.terraform/ +.DS_Store -./kubernetes-kvm-terraform/join-command.txt -./kubernetes-kvm-terraform/kubeconfig +.terraform/ +.terraform.lock.hcl + +kubernetes-kvm-terraform/join-command.txt +kubernetes-kvm-terraform/kubeconfig diff --git a/docker-30/gitea/docker-compose.yaml b/docker-30/gitea/docker-compose.yaml index f9a37ae..7beb302 100644 --- a/docker-30/gitea/docker-compose.yaml +++ b/docker-30/gitea/docker-compose.yaml @@ -57,6 +57,15 @@ services: - GITEA__server__ROOT_URL=https://gitea.home.hrajfrisbee.cz - GITEA__security__SECRET_KEY=${GITEA_SECRET_KEY} - GITEA__security__INTERNAL_TOKEN=${INTERNAL_TOKEN} + - GITEA__mailer__ENABLED=true + - GITEA__mailer__PROTOCOL=smtps + - GITEA__mailer__SMTP_ADDR=smtp.gmail.com + - GITEA__mailer__SMTP_PORT=465 + - GITEA__mailer__USER=kacerr.cz@gmail.com + - GITEA__mailer__PASSWD=${GMAIL_GITEA_APP_PASSWORD} + - GITEA__mailer__FROM=kacerr.cz+gitea@gmail.com + - GITEA__packages__ENABLED=true + #- GITEA__storage__STORAGE_TYPE=minio #- GITEA__storage__MINIO_ENDPOINT=minio:9000 #- GITEA__storage__MINIO_ACCESS_KEY_ID=gitea @@ -83,7 +92,7 @@ services: depends_on: - gitea environment: - GITEA_INSTANCE_URL: http://gitea:3000 + GITEA_INSTANCE_URL: https://gitea.home.hrajfrisbee.cz/ GITEA_RUNNER_REGISTRATION_TOKEN: ${RUNNER_TOKEN} volumes: - ./runner-data:/data diff --git a/docker-30/kanidm/readme.md b/docker-30/kanidm/readme.md index e0fea5f..27c2930 100644 --- a/docker-30/kanidm/readme.md +++ b/docker-30/kanidm/readme.md @@ -54,6 +54,50 @@ kanidm person get novakj | grep memberof kanidm group get idm_people_self_name_write ``` +## configure oauth proxy + +```bash +kanidm system oauth2 create oauth2-proxy "OAuth2 Proxy" https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/callback +kanidm system oauth2 set-landing-url oauth2-proxy https://oauth2-proxy.lab.home.hrajfrisbee.cz +kanidm system oauth2 enable-pkce oauth2-proxy +kanidm system oauth2 warning-insecure-client-disable-pkce oauth2-proxy # if proxy doesn't support PKCE +kanidm system oauth2 get oauth2-proxy # note the client secret + +# update incorrect urls if needed +remove-redirect-url +kanidm system oauth2 add-redirect-url oauth2-proxy https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/callback +kanidm system oauth2 set-landing-url oauth2-proxy https://oauth2-proxy.lab.home.hrajfrisbee.cz + +# output +✔ Multiple authentication tokens exist. Please select one · idm_admin@idm.home.hrajfrisbee.cz +--- +class: account +class: key_object +class: key_object_internal +class: key_object_jwe_a128gcm +class: key_object_jwt_es256 +class: memberof +class: oauth2_resource_server +class: oauth2_resource_server_basic +class: object +displayname: OAuth2 Proxy +key_internal_data: 69df0a387991455f7c9800f13b881803: valid jwe_a128gcm 0 +key_internal_data: c5f61c48a9c0eb61ba993a36748826cc: valid jws_es256 0 +name: oauth2-proxy +oauth2_allow_insecure_client_disable_pkce: true +oauth2_rs_basic_secret: hidden +oauth2_rs_origin_landing: https://oauth2-proxylab.home.hrajfrisbee.cz/ +oauth2_strict_redirect_uri: true +spn: oauth2-proxy@idm.home.hrajfrisbee.cz +uuid: d0dcbad5-90e4-4e36-a51b-653624069009 + +secret: 7KJbUe5x35NVCT1VbzZfhYBU19cz9Xe9Z1fvw4WazrkHX2c8 + + + +kanidm system oauth2 update-scope-map oauth2-proxy k8s_users openid profile email +``` + ```bash diff --git a/gitops/home-kubernetes/external-secrets/secretstore-vault.yaml b/gitops/home-kubernetes/external-secrets/secretstore-vault.yaml deleted file mode 100644 index b4e77c6..0000000 --- a/gitops/home-kubernetes/external-secrets/secretstore-vault.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: external-secrets.io/v1 -kind: SecretStore -metadata: - name: vault-backend - namespace: external-secrets -spec: - provider: - vault: - server: "https://vault.hrajfrisbee.cz:8200" - path: "secret" - version: "v2" - auth: - appRole: - path: "approle" - roleId: "864e352d-2064-2bf9-2c73-dbd676a95368" # or reference a secret - secretRef: - name: vault-approle - key: secret-id \ No newline at end of file diff --git a/gitops/home-kubernetes/ingress-nginx/helmrelease_ingress-nginx.yaml b/gitops/home-kubernetes/ingress-nginx/helmrelease_ingress-nginx.yaml index c04c864..db1cd24 100644 --- a/gitops/home-kubernetes/ingress-nginx/helmrelease_ingress-nginx.yaml +++ b/gitops/home-kubernetes/ingress-nginx/helmrelease_ingress-nginx.yaml @@ -11,11 +11,13 @@ spec: sourceRef: kind: HelmRepository name: ingress-nginx - version: 4.12.0 + version: 4.14.1 values: controller: admissionWebhooks: enabled: false patch: enabled: false + config: + annotations-risk-level: "Critical" interval: 5m0s \ No newline at end of file diff --git a/gitops/home-kubernetes/mariadb-operator/helmrelease-crds.yaml b/gitops/home-kubernetes/mariadb-operator/helmrelease-crds.yaml new file mode 100644 index 0000000..ba1ba78 --- /dev/null +++ b/gitops/home-kubernetes/mariadb-operator/helmrelease-crds.yaml @@ -0,0 +1,19 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator-crds + namespace: mariadb-operator +spec: + interval: 1h + chart: + spec: + chart: mariadb-operator-crds + version: "25.10.*" + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + install: + crds: Create + upgrade: + crds: CreateReplace \ No newline at end of file diff --git a/gitops/home-kubernetes/mariadb-operator/helmrelease-operator.yaml b/gitops/home-kubernetes/mariadb-operator/helmrelease-operator.yaml new file mode 100644 index 0000000..37aa114 --- /dev/null +++ b/gitops/home-kubernetes/mariadb-operator/helmrelease-operator.yaml @@ -0,0 +1,31 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: mariadb-operator + namespace: mariadb-operator +spec: + interval: 1h + dependsOn: + - name: mariadb-operator-crds + chart: + spec: + chart: mariadb-operator + version: "25.10.*" + sourceRef: + kind: HelmRepository + name: mariadb-operator + namespace: flux-system + values: + # uses built-in cert-controller for webhook TLS (no cert-manager dep) + webhook: + cert: + certManager: + enabled: false + # disable HA for operator itself (fine for testing) + ha: + enabled: false + # optional: enable metrics + metrics: + enabled: false + serviceMonitor: + enabled: false \ No newline at end of file diff --git a/gitops/home-kubernetes/mariadb-operator/helmrepository.yaml b/gitops/home-kubernetes/mariadb-operator/helmrepository.yaml new file mode 100644 index 0000000..b0aaa50 --- /dev/null +++ b/gitops/home-kubernetes/mariadb-operator/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: mariadb-operator + namespace: flux-system +spec: + interval: 1h + url: https://helm.mariadb.com/mariadb-operator \ No newline at end of file diff --git a/gitops/home-kubernetes/mariadb-operator/namespace.yaml b/gitops/home-kubernetes/mariadb-operator/namespace.yaml new file mode 100644 index 0000000..168b98d --- /dev/null +++ b/gitops/home-kubernetes/mariadb-operator/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: mariadb-operator \ No newline at end of file diff --git a/gitops/home-kubernetes/next-cloud/externalsecret.yaml b/gitops/home-kubernetes/next-cloud/externalsecret.yaml new file mode 100644 index 0000000..d49889f --- /dev/null +++ b/gitops/home-kubernetes/next-cloud/externalsecret.yaml @@ -0,0 +1,34 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: nextcloud-secrets + namespace: nextcloud +spec: + refreshInterval: 1h + secretStoreRef: + name: vault-backend # or your store + kind: ClusterSecretStore + target: + name: nextcloud-secrets + creationPolicy: Owner + data: + - secretKey: nextcloud-password + remoteRef: + key: k8s_home/nextcloud/admin + property: password + - secretKey: nextcloud-username + remoteRef: + key: k8s_home/nextcloud/admin + property: username + - secretKey: db-username + remoteRef: + key: k8s_home/nextcloud/postgres + property: db-username + - secretKey: postgres-password + remoteRef: + key: k8s_home/nextcloud/postgres + property: password + - secretKey: redis-password + remoteRef: + key: k8s_home/nextcloud/redis + property: password diff --git a/gitops/home-kubernetes/next-cloud/helmrelease.yaml b/gitops/home-kubernetes/next-cloud/helmrelease.yaml new file mode 100644 index 0000000..179cb22 --- /dev/null +++ b/gitops/home-kubernetes/next-cloud/helmrelease.yaml @@ -0,0 +1,263 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: nextcloud + namespace: nextcloud +spec: + interval: 30m + timeout: 15m # Nextcloud init can be slow + chart: + spec: + chart: nextcloud + version: "8.6.0" # Latest as of Jan 2025 + sourceRef: + kind: HelmRepository + name: nextcloud + namespace: flux-system + interval: 12h + install: + crds: CreateReplace + remediation: + retries: 3 + upgrade: + crds: CreateReplace + cleanupOnFail: true + remediation: + retries: 3 + remediateLastFailure: true + # CRITICAL: Suspend during major version upgrades to prevent restart loops + # suspend: true + values: + image: + repository: nextcloud + tag: 32.0.3-apache # Latest as of Jan 2025. For fresh installs only. + # UPGRADE PATH: If upgrading from older version, go sequentially: + # 29.x → 30.0.x → 31.0.x → 32.0.x (one major at a time) + pullPolicy: IfNotPresent + + replicaCount: 1 # >1 requires Redis, see below + + nextcloud: + host: nextcloud.lab.home.hrajfrisbee.cz # Substitute or hardcode + # existingSecret: nextcloud-admin # Alternative to inline credentials + existingSecret: + enabled: true + secretName: nextcloud-secrets + # usernameKey: username + passwordKey: nextcloud-password + + username: admin + # password set via valuesFrom secret + + + # PHP tuning - critical for stability + phpConfigs: + uploadLimit.ini: | + upload_max_filesize = 16G + post_max_size = 16G + max_input_time = 3600 + max_execution_time = 3600 + www-conf.ini: | + [www] + pm = dynamic + pm.max_children = 20 + pm.start_servers = 4 + pm.min_spare_servers = 2 + pm.max_spare_servers = 6 + pm.max_requests = 500 + memory.ini: | + memory_limit = 1G + opcache.ini: | + opcache.enable = 1 + opcache.interned_strings_buffer = 32 + opcache.max_accelerated_files = 10000 + opcache.memory_consumption = 256 + opcache.save_comments = 1 + opcache.revalidate_freq = 60 + ; Set to 0 if using ConfigMap-mounted configs + + configs: + # Proxy and overwrite settings - CRITICAL for ingress + proxy.config.php: |- + array( + 0 => '127.0.0.1', + 1 => '10.0.0.0/8', + 2 => '172.16.0.0/12', + 3 => '192.168.0.0/16', + ), + 'forwarded_for_headers' => array('HTTP_X_FORWARDED_FOR'), + 'overwriteprotocol' => 'https', + ); + + # Performance and maintenance + custom.config.php: |- + 'US', + 'maintenance_window_start' => 1, + 'filelocking.enabled' => true, + 'memcache.local' => '\\OC\\Memcache\\APCu', + 'memcache.distributed' => '\\OC\\Memcache\\Redis', + 'memcache.locking' => '\\OC\\Memcache\\Redis', + 'redis' => array( + 'host' => 'nextcloud-redis-master', + 'port' => 6379, + 'password' => getenv('REDIS_PASSWORD'), + ), + ); + + extraEnv: + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + name: nextcloud-secrets + key: redis-password + + # Ingress - adjust for your ingress controller + ingress: + enabled: true + className: nginx # or traefik, etc. + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "16G" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" + nginx.ingress.kubernetes.io/server-snippet: | + server_tokens off; + proxy_hide_header X-Powered-By; + rewrite ^/.well-known/webfinger /index.php/.well-known/webfinger last; + rewrite ^/.well-known/nodeinfo /index.php/.well-known/nodeinfo last; + rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + location = /.well-known/carddav { + return 301 $scheme://$host/remote.php/dav; + } + location = /.well-known/caldav { + return 301 $scheme://$host/remote.php/dav; + } + cert-manager.io/cluster-issuer: letsencrypt-prod + tls: + - secretName: nextcloud-tls + hosts: + - nextcloud.lab.home.hrajfrisbee.cz + + # PostgreSQL - strongly recommended over MariaDB for Nextcloud + postgresql: + enabled: true + global: + postgresql: + auth: + username: nextcloud + database: nextcloud + existingSecret: nextcloud-secrets + secretKeys: + userPasswordKey: postgres-password + primary: + persistence: + enabled: true + size: 8Gi + storageClass: "" # Use default or specify + resources: + requests: + memory: 256Mi + cpu: 100m + limits: + memory: 512Mi + + # Redis - required for file locking and sessions + redis: + enabled: true + auth: + enabled: true + existingSecret: nextcloud-secrets + existingSecretPasswordKey: redis-password + architecture: standalone + master: + persistence: + enabled: true + size: 1Gi + + # Disable built-in databases we're not using + mariadb: + enabled: false + internalDatabase: + enabled: false + + externalDatabase: + enabled: true + type: postgresql + host: nextcloud-postgresql # Service name created by subchart + user: nextcloud + database: nextcloud + existingSecret: + enabled: true + secretName: nextcloud-secrets + passwordKey: postgres-password + + # Cron job - CRITICAL: never use AJAX cron + cronjob: + enabled: true + schedule: "*/5 * * * *" + resources: + requests: + memory: 256Mi + cpu: 50m + limits: + memory: 512Mi + + # Main persistence + persistence: + enabled: true + storageClass: "" # Specify your storage class + size: 100Gi + accessMode: ReadWriteOnce + # nextcloudData - separate PVC for user data (recommended) + nextcloudData: + enabled: true + storageClass: "" + size: 500Gi + accessMode: ReadWriteOnce + + # Resource limits - tune based on usage + resources: + requests: + cpu: 200m + memory: 512Mi + limits: + memory: 2Gi + + # Liveness/Readiness - tuned to prevent upgrade restart loops + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + startupProbe: + enabled: true + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 10 + failureThreshold: 30 # 15 minutes for upgrades + + # Security context - avoid fsGroup recursive chown + securityContext: + fsGroupChangePolicy: OnRootMismatch + podSecurityContext: + fsGroup: 33 # www-data + + # Metrics - optional but recommended + metrics: + enabled: false # Enable if you have Prometheus + # serviceMonitor: + # enabled: true \ No newline at end of file diff --git a/gitops/home-kubernetes/next-cloud/helmrepository.yaml b/gitops/home-kubernetes/next-cloud/helmrepository.yaml new file mode 100644 index 0000000..6af4cb8 --- /dev/null +++ b/gitops/home-kubernetes/next-cloud/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: nextcloud + namespace: flux-system +spec: + interval: 24h + url: https://nextcloud.github.io/helm/ diff --git a/gitops/home-kubernetes/next-cloud/namespace.yaml b/gitops/home-kubernetes/next-cloud/namespace.yaml new file mode 100644 index 0000000..cfb1bbd --- /dev/null +++ b/gitops/home-kubernetes/next-cloud/namespace.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: nextcloud + labels: + pod-security.kubernetes.io/enforce: baseline + pod-security.kubernetes.io/warn: restricted \ No newline at end of file diff --git a/gitops/home-kubernetes/plane/helmrelease.yaml b/gitops/home-kubernetes/plane/helmrelease.yaml index e6c169d..04eaa30 100644 --- a/gitops/home-kubernetes/plane/helmrelease.yaml +++ b/gitops/home-kubernetes/plane/helmrelease.yaml @@ -33,7 +33,7 @@ spec: rabbitmqHost: "plane-mq.lab.home.hrajfrisbee.cz" # optional ingressClass: nginx ingress_annotations: - cert-manager.io/cluster-issuer: letsencrypt-production + cert-manager.io/cluster-issuer: letsencrypt-prod nginx.ingress.kubernetes.io/auth-url: "https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/auth" nginx.ingress.kubernetes.io/auth-signin: "https://oauth2-proxy.lab.home.hrajfrisbee.cz/oauth2/start?rd=$scheme://$host$escaped_request_uri" nginx.ingress.kubernetes.io/auth-response-headers: "X-Auth-Request-User,X-Auth-Request-Email,Authorization" diff --git a/gitops/home-kubernetes/seafile/conf/seahub_settings.py b/gitops/home-kubernetes/seafile/conf/seahub_settings.py new file mode 100644 index 0000000..e69de29 diff --git a/gitops/home-kubernetes/seafile/externalsecret.yaml b/gitops/home-kubernetes/seafile/externalsecret.yaml new file mode 100644 index 0000000..2a36d35 --- /dev/null +++ b/gitops/home-kubernetes/seafile/externalsecret.yaml @@ -0,0 +1,30 @@ +apiVersion: external-secrets.io/v1 +kind: ExternalSecret +metadata: + name: seafile-secret + namespace: seafile +spec: + refreshInterval: 1h + secretStoreRef: + name: vault-backend # or your store + kind: ClusterSecretStore + target: + name: seafile-secret + creationPolicy: Owner + data: + - secretKey: JWT_PRIVATE_KEY + remoteRef: + key: k8s_home/seafile + property: JWT_PRIVATE_KEY + - secretKey: SEAFILE_MYSQL_DB_PASSWORD + remoteRef: + key: k8s_home/seafile + property: SEAFILE_MYSQL_DB_PASSWORD + - secretKey: INIT_SEAFILE_ADMIN_PASSWORD + remoteRef: + key: k8s_home/seafile + property: INIT_SEAFILE_ADMIN_PASSWORD + - secretKey: INIT_SEAFILE_MYSQL_ROOT_PASSWORD + remoteRef: + key: k8s_home/seafile + property: INIT_SEAFILE_MYSQL_ROOT_PASSWORD diff --git a/gitops/home-kubernetes/seafile/helmrelease.yaml b/gitops/home-kubernetes/seafile/helmrelease.yaml new file mode 100644 index 0000000..1b65497 --- /dev/null +++ b/gitops/home-kubernetes/seafile/helmrelease.yaml @@ -0,0 +1,114 @@ +# apps/seafile/helmrelease.yaml +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: seafile + namespace: seafile +spec: + interval: 30m + chart: + spec: + chart: ce + version: "13.0.2" + sourceRef: + kind: HelmRepository + name: seafile + namespace: flux-system + install: + createNamespace: true + remediation: + retries: 3 + upgrade: + remediation: + retries: 3 + + # Post-render patches + postRenderers: + - kustomize: + patches: + # Remove imagePullSecrets from all Deployments + - target: + kind: Deployment + patch: | + - op: remove + path: /spec/template/spec/imagePullSecrets + # Remove from StatefulSets (MariaDB, etc.) + - target: + kind: StatefulSet + patch: | + - op: remove + path: /spec/template/spec/imagePullSecrets + # Remove from Pods if any + - target: + kind: Pod + patch: | + - op: remove + path: /spec/imagePullSecrets + values: + seafile: + initMode: true + + # The following are the configurations of seafile container + configs: + image: seafileltd/seafile-mc:13.0-latest + seafileDataVolume: + storage: 10Gi + + # The following are environments of seafile services + env: + # for Seafile server + TIME_ZONE: "UTC" + SEAFILE_LOG_TO_STDOUT: "true" + SITE_ROOT: "/" + SEAFILE_SERVER_HOSTNAME: "seafile.lab.home.hrajfrisbee.cz" + SEAFILE_SERVER_PROTOCOL: "https" + + # for database + SEAFILE_MYSQL_DB_HOST: "seafile-mariadb" + SEAFILE_MYSQL_DB_PORT: "3306" + SEAFILE_MYSQL_DB_USER: "seafile" + #SEAFILE_MYSQL_DB_CCNET_DB_NAME: "ccnet-db" + #SEAFILE_MYSQL_DB_SEAFILE_DB_NAME: "seafile-db" + #SEAFILE_MYSQL_DB_SEAHUB_DB_NAME: "seahub-db" + + # for cache + CACHE_PROVIDER: "redis" + + ## for redis + REDIS_HOST: "redis" + REDIS_PORT: "6379" + + ## for memcached + #MEMCACHED_HOST: "" + #MEMCACHED_PORT: "11211" + + # for notification + ENABLE_NOTIFICATION_SERVER: "false" + NOTIFICATION_SERVER_URL: "" + + # for seadoc + ENABLE_SEADOC: "false" + SEADOC_SERVER_URL: "" # only valid in ENABLE_SEADOC = true + + # for Seafile AI + ENABLE_SEAFILE_AI: "false" + SEAFILE_AI_SERVER_URL: "" + + # for Metadata server + MD_FILE_COUNT_LIMIT: "100000" + + # initialization (only valid in first-time deployment and initMode = true) + + ## for Seafile admin + INIT_SEAFILE_ADMIN_EMAIL: "kacerr.cz@gmail.com" + + # if you are using another secret name / key for seafile or mysql, please make correct the following fields: + #secretsMap: + # DB_ROOT_PASSWD: # Env's name + # secret: seafile-secret # secret's name, `seafile-secret` if not specify + # key: INIT_SEAFILE_MYSQL_ROOT_PASSWORD # secret's key, `Env's name` if not specify + + # extra configurations + extraResources: {} + extraEnv: [] + extraVolumes: [] \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/helmrepository.yaml b/gitops/home-kubernetes/seafile/helmrepository.yaml new file mode 100644 index 0000000..1f2a99d --- /dev/null +++ b/gitops/home-kubernetes/seafile/helmrepository.yaml @@ -0,0 +1,8 @@ +apiVersion: source.toolkit.fluxcd.io/v1 +kind: HelmRepository +metadata: + name: seafile + namespace: flux-system +spec: + interval: 1h + url: https://haiwen.github.io/seafile-helm-chart/repo \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/ingress.yaml b/gitops/home-kubernetes/seafile/ingress.yaml new file mode 100644 index 0000000..8d0b172 --- /dev/null +++ b/gitops/home-kubernetes/seafile/ingress.yaml @@ -0,0 +1,35 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + cert-manager.io/cluster-issuer: letsencrypt-prod + meta.helm.sh/release-name: seafile + meta.helm.sh/release-namespace: seafile + nginx.ingress.kubernetes.io/proxy-body-size: "100m" # 0 = unlimited, or "500m" + nginx.ingress.kubernetes.io/proxy-read-timeout: "600" + nginx.ingress.kubernetes.io/proxy-send-timeout: "600" + nginx.ingress.kubernetes.io/proxy-request-buffering: "off" + labels: + app.kubernetes.io/component: app + app.kubernetes.io/instance: seafile + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: seafile + name: seafile + namespace: seafile +spec: + ingressClassName: nginx + rules: + - host: seafile.lab.home.hrajfrisbee.cz + http: + paths: + - backend: + service: + name: seafile + port: + number: 80 + path: / + pathType: Prefix + tls: + - hosts: + - seafile.lab.home.hrajfrisbee.cz + secretName: seafile-tls \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb-database-ccnet-db.yaml.rmv b/gitops/home-kubernetes/seafile/mariadb-database-ccnet-db.yaml.rmv new file mode 100644 index 0000000..f46ef34 --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb-database-ccnet-db.yaml.rmv @@ -0,0 +1,10 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: ccnet-db + namespace: seafile +spec: + mariaDbRef: + name: seafile-mariadb + characterSet: utf8mb4 + collate: utf8mb4_general_ci \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb-database-seafile-db.yaml.rmv b/gitops/home-kubernetes/seafile/mariadb-database-seafile-db.yaml.rmv new file mode 100644 index 0000000..31dfae8 --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb-database-seafile-db.yaml.rmv @@ -0,0 +1,10 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: seafile-db + namespace: seafile +spec: + mariaDbRef: + name: seafile-mariadb + characterSet: utf8mb4 + collate: utf8mb4_general_ci \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb-database-seahub-db.yaml.rmv b/gitops/home-kubernetes/seafile/mariadb-database-seahub-db.yaml.rmv new file mode 100644 index 0000000..ece4771 --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb-database-seahub-db.yaml.rmv @@ -0,0 +1,10 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Database +metadata: + name: seahub-db + namespace: seafile +spec: + mariaDbRef: + name: seafile-mariadb + characterSet: utf8mb4 + collate: utf8mb4_general_ci \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb-grant-seafile.yaml b/gitops/home-kubernetes/seafile/mariadb-grant-seafile.yaml new file mode 100644 index 0000000..927953b --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb-grant-seafile.yaml @@ -0,0 +1,61 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: Grant +metadata: + name: all-privileges +spec: + mariaDbRef: + name: seafile-mariadb + username: seafile + database: "*" + table: "*" + privileges: + - ALL PRIVILEGES + grantOption: true +# --- +# apiVersion: k8s.mariadb.com/v1alpha1 +# kind: Grant +# metadata: +# name: seafile-grant +# namespace: seafile +# spec: +# mariaDbRef: +# name: seafile-mariadb +# privileges: +# - ALL PRIVILEGES +# database: seafile-db +# table: "*" +# username: seafile +# host: "%" +# grantOption: false +# --- +# apiVersion: k8s.mariadb.com/v1alpha1 +# kind: Grant +# metadata: +# name: seahub-grant +# namespace: seafile +# spec: +# mariaDbRef: +# name: seafile-mariadb +# privileges: +# - ALL PRIVILEGES +# database: seahub-db +# table: "*" +# username: seafile +# host: "%" +# grantOption: false +# --- +# apiVersion: k8s.mariadb.com/v1alpha1 +# kind: Grant +# metadata: +# name: ccnet-grant +# namespace: seafile +# spec: +# mariaDbRef: +# name: seafile-mariadb +# privileges: +# - ALL PRIVILEGES +# database: ccnet-db +# table: "*" +# username: seafile +# host: "%" +# grantOption: false \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb-user.yaml b/gitops/home-kubernetes/seafile/mariadb-user.yaml new file mode 100644 index 0000000..166b561 --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb-user.yaml @@ -0,0 +1,13 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: User +metadata: + name: seafile + namespace: seafile +spec: + mariaDbRef: + name: seafile-mariadb + passwordSecretKeyRef: + name: seafile-secret + key: SEAFILE_MYSQL_DB_PASSWORD + maxUserConnections: 20 + host: "%" \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/mariadb.yaml b/gitops/home-kubernetes/seafile/mariadb.yaml new file mode 100644 index 0000000..198c156 --- /dev/null +++ b/gitops/home-kubernetes/seafile/mariadb.yaml @@ -0,0 +1,33 @@ +apiVersion: k8s.mariadb.com/v1alpha1 +kind: MariaDB +metadata: + name: seafile-mariadb + namespace: seafile +spec: + rootPasswordSecretKeyRef: + name: seafile-secret + key: INIT_SEAFILE_MYSQL_ROOT_PASSWORD + + image: mariadb:11.4 + + port: 3306 + + storage: + size: 10Gi + # storageClassName: your-storage-class + + resources: + requests: + cpu: 100m + memory: 256Mi + limits: + memory: 1Gi + + myCnf: | + [mariadb] + bind-address=* + default_storage_engine=InnoDB + binlog_format=row + innodb_autoinc_lock_mode=2 + innodb_buffer_pool_size=256M + max_allowed_packet=256M \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/memcached.yaml b/gitops/home-kubernetes/seafile/memcached.yaml new file mode 100644 index 0000000..a027a16 --- /dev/null +++ b/gitops/home-kubernetes/seafile/memcached.yaml @@ -0,0 +1,39 @@ +# apiVersion: apps/v1 +# kind: Deployment +# metadata: +# name: seafile-memcached +# namespace: seafile +# spec: +# replicas: 1 +# selector: +# matchLabels: +# app: seafile-memcached +# template: +# metadata: +# labels: +# app: seafile-memcached +# spec: +# containers: +# - name: memcached +# image: memcached:1.6-alpine +# args: ["-m", "128"] # 128MB memory limit +# ports: +# - containerPort: 11211 +# resources: +# requests: +# memory: 64Mi +# cpu: 25m +# limits: +# memory: 192Mi +# --- +# apiVersion: v1 +# kind: Service +# metadata: +# name: seafile-memcached +# namespace: seafile +# spec: +# selector: +# app: seafile-memcached +# ports: +# - port: 11211 +# targetPort: 11211 \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/my-values.yaml.src b/gitops/home-kubernetes/seafile/my-values.yaml.src new file mode 100644 index 0000000..7f4215c --- /dev/null +++ b/gitops/home-kubernetes/seafile/my-values.yaml.src @@ -0,0 +1,67 @@ +seafile: + initMode: true + + # The following are the configurations of seafile container + configs: + image: seafileltd/seafile-mc:13.0-latest + seafileDataVolume: + storage: 10Gi + + # The following are environments of seafile services + env: + # for Seafile server + TIME_ZONE: "UTC" + SEAFILE_LOG_TO_STDOUT: "true" + SITE_ROOT: "/" + SEAFILE_SERVER_HOSTNAME: "seafile.lab.home.hrajfrisbee.cz" + SEAFILE_SERVER_PROTOCOL: "https" + + # for database + SEAFILE_MYSQL_DB_HOST: "seafile-mariadb" + SEAFILE_MYSQL_DB_PORT: "3306" + SEAFILE_MYSQL_DB_USER: "seafile" + SEAFILE_MYSQL_DB_CCNET_DB_NAME: "ccnet-db" + SEAFILE_MYSQL_DB_SEAFILE_DB_NAME: "seafile-db" + SEAFILE_MYSQL_DB_SEAHUB_DB_NAME: "seahub-db" + + # for cache + CACHE_PROVIDER: "redis" + + ## for redis + REDIS_HOST: "redis" + REDIS_PORT: "6379" + + ## for memcached + #MEMCACHED_HOST: "" + #MEMCACHED_PORT: "11211" + + # for notification + ENABLE_NOTIFICATION_SERVER: "false" + NOTIFICATION_SERVER_URL: "" + + # for seadoc + ENABLE_SEADOC: "false" + SEADOC_SERVER_URL: "" # only valid in ENABLE_SEADOC = true + + # for Seafile AI + ENABLE_SEAFILE_AI: "false" + SEAFILE_AI_SERVER_URL: "" + + # for Metadata server + MD_FILE_COUNT_LIMIT: "100000" + + # initialization (only valid in first-time deployment and initMode = true) + + ## for Seafile admin + INIT_SEAFILE_ADMIN_EMAIL: "kacerr.cz@gmail.com" + + # if you are using another secret name / key for seafile or mysql, please make correct the following fields: + #secretsMap: + # DB_ROOT_PASSWD: # Env's name + # secret: seafile-secret # secret's name, `seafile-secret` if not specify + # key: INIT_SEAFILE_MYSQL_ROOT_PASSWORD # secret's key, `Env's name` if not specify + + # extra configurations + extraResources: {} + extraEnv: [] + extraVolumes: [] \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/namespace.yaml b/gitops/home-kubernetes/seafile/namespace.yaml new file mode 100644 index 0000000..1a311ec --- /dev/null +++ b/gitops/home-kubernetes/seafile/namespace.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: Namespace +metadata: + labels: + kubernetes.io/metadata.name: seafile + name: seafile \ No newline at end of file diff --git a/gitops/home-kubernetes/seafile/readme.md b/gitops/home-kubernetes/seafile/readme.md new file mode 100644 index 0000000..521a9cc --- /dev/null +++ b/gitops/home-kubernetes/seafile/readme.md @@ -0,0 +1,4 @@ +## deployment + +it looks like seafile deployment is not "straightforward" it first has to be started in `initialization mode` - `initMode: true` and after initialization switched into `normal` mode. + diff --git a/gitops/home-kubernetes/seafile/redis-full-deployment.yaml b/gitops/home-kubernetes/seafile/redis-full-deployment.yaml new file mode 100644 index 0000000..aa1c8dc --- /dev/null +++ b/gitops/home-kubernetes/seafile/redis-full-deployment.yaml @@ -0,0 +1,84 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: redis-config + namespace: seafile +data: + redis.conf: | + maxmemory 128mb + maxmemory-policy allkeys-lru + appendonly yes + appendfsync everysec +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: redis + namespace: seafile + labels: + app: redis +spec: + replicas: 1 + selector: + matchLabels: + app: redis + strategy: + type: Recreate + template: + metadata: + labels: + app: redis + spec: + containers: + - name: redis + image: redis:7-alpine + args: + - redis-server + - /etc/redis/redis.conf + ports: + - containerPort: 6379 + name: redis + resources: + requests: + cpu: 50m + memory: 64Mi + limits: + memory: 256Mi + volumeMounts: + - name: redis-config + mountPath: /etc/redis + - name: redis-data + mountPath: /data + livenessProbe: + exec: + command: [redis-cli, ping] + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + exec: + command: [redis-cli, ping] + initialDelaySeconds: 3 + periodSeconds: 5 + volumes: + - name: redis-config + configMap: + name: redis-config + - name: redis-data + emptyDir: {} +--- +apiVersion: v1 +kind: Service +metadata: + name: redis + namespace: seafile + labels: + app: redis +spec: + selector: + app: redis + ports: + - port: 6379 + targetPort: 6379 + name: redis + type: ClusterIP \ No newline at end of file diff --git a/kubernetes-kvm-terraform/nodes-on-beelink.tf b/kubernetes-kvm-terraform/nodes-on-beelink.tf index 3c6ca02..96f6a12 100644 --- a/kubernetes-kvm-terraform/nodes-on-beelink.tf +++ b/kubernetes-kvm-terraform/nodes-on-beelink.tf @@ -19,7 +19,7 @@ resource "libvirt_volume" "node_02_disk" { type = "qcow2" } } - capacity = 21474836480 + capacity = 53687091200 } locals { diff --git a/kubernetes-kvm-terraform/nodes-on-homer.tf b/kubernetes-kvm-terraform/nodes-on-homer.tf index e8127ed..d472835 100644 --- a/kubernetes-kvm-terraform/nodes-on-homer.tf +++ b/kubernetes-kvm-terraform/nodes-on-homer.tf @@ -19,7 +19,7 @@ resource "libvirt_volume" "node_01_disk" { type = "qcow2" } } - capacity = 21474836480 + capacity = 53687091200 } locals { @@ -162,7 +162,8 @@ locals { - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg - echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list - apt-get update && apt-get install -y containerd.io - - cat > /etc/containerd/config.toml <<'xEOF' + - | + cat > /etc/containerd/config.toml <<'CONTAINERD' version = 2 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] runtime_type = "io.containerd.runc.v2" @@ -170,7 +171,7 @@ locals { SystemdCgroup = true [plugins."io.containerd.grpc.v1.cri".registry] config_path = "/etc/containerd/certs.d" - xEOF + CONTAINERD - systemctl restart containerd # kubeadm/kubelet/kubectl v1.32 diff --git a/kubernetes-kvm-terraform/terraform.tfstate b/kubernetes-kvm-terraform/terraform.tfstate index dc47ccc..53b1ba2 100644 --- a/kubernetes-kvm-terraform/terraform.tfstate +++ b/kubernetes-kvm-terraform/terraform.tfstate @@ -1 +1 @@ -{"version":4,"terraform_version":"1.11.2","serial":88,"lineage":"69f81358-9017-b0fa-2e3d-404364b1f698","outputs":{"master_ip":{"value":"192.168.0.31","type":"string"},"node_01_ip":{"value":"192.168.0.32","type":"string"},"node_02_ip":{"value":"192.168.0.33","type":"string"}},"resources":[{"mode":"data","type":"local_file","name":"join_command","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","instances":[{"schema_version":0,"attributes":{"content":"kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9 \n","content_base64":"a3ViZWFkbSBqb2luIDE5Mi4xNjguMC4zMTo2NDQzIC0tdG9rZW4gbmZiazI0LjB2MnFjemVzdXdseGNjNnAgLS1kaXNjb3ZlcnktdG9rZW4tY2EtY2VydC1oYXNoIHNoYTI1NjpjMDk5NTVlMDliYTc5ODgyYmE3NzY2MTI1YjU3MDMwYjJlODdkZGUwYWM0OWFmMzUxZGUyOGUxYzkyZDBiZWI5IAo=","content_base64sha256":"UhrHXweUjlkBKNBJBsvyv/UF8Z0HavzxjmvvKtPqExI=","content_base64sha512":"9/PxTzu68Zk9icpO9YFUsMcre2PYkbUtCL1FzCPwErHDI0pxIx/kfbe5cwC8TFu6QZyCfxeyDHt49T4leKwqrw==","content_md5":"5a600470c8b9f2afabb0244f3b11cbde","content_sha1":"6f257920dd5627719ef5c5f181ce8a310b93b22f","content_sha256":"521ac75f07948e590128d04906cbf2bff505f19d076afcf18e6bef2ad3ea1312","content_sha512":"f7f3f14f3bbaf1993d89ca4ef58154b0c72b7b63d891b52d08bd45cc23f012b1c3234a71231fe47db7b97300bc4c5bba419c827f17b20c7b78f53e2578ac2aaf","filename":"./join-command.txt","id":"6f257920dd5627719ef5c5f181ce8a310b93b22f"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"295268ac2ef5dcc3","meta_data":"\"instance-id\": \"kube-master-31\"\n\"local-hostname\": \"kube-master-31\"\n","name":"kube-master-31-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.31/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-master-31\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg \n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n extraArgs:\n oidc-issuer-url: \"https://idm.home.hrajfrisbee.cz/oauth2/openid/k8s\"\n oidc-client-id: \"k8s\"\n oidc-signing-algs: \"ES256\" \n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k \n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n\n # init cluster\n - kubeadm init --config=/root/kubeadm-config.yaml --skip-phases=addon/kube-proxy\n \n # kubeconfig for root\n - mkdir -p /root/.kube \u0026\u0026 cp /etc/kubernetes/admin.conf /root/.kube/config\n\n # wait for API server\n - |\n echo \"Waiting for API server...\"\n until kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes ; do\n echo \"Waiting for API server...\"\n sleep 5\n done\n\n # CNI (cilium example, swap for flannel/calico as needed)\n - |\n CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)\n curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz\n tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin\n cilium install --kubeconfig=/etc/kubernetes/admin.conf --set kubeProxyReplacement=true --wait \n"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"845e3681ac0f1b93","meta_data":"\"instance-id\": \"kube-node-32\"\n\"local-hostname\": \"kube-node-32\"\n","name":"kube-node-32-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.32/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-845e3681ac0f1b93.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-32\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - cat \u003e /etc/containerd/config.toml \u003c\u003c'xEOF'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n xEOF \n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"id":"bf025b8c6359dfff","meta_data":"\"instance-id\": \"kube-node-33\"\n\"local-hostname\": \"kube-node-33\"\n","name":"kube-node-33-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.33/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-bf025b8c6359dfff.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-33\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - |\n cat \u003e /etc/containerd/config.toml \u003c\u003c'CONTAINERD'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n CONTAINERD\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"master","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":null,"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":6,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":2048,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-master-31","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"1d3d2721-a2f0-49d0-a458-a905c4b6e5cd","vcpu":2,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":10,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-32","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"c0edcd4c-f090-41ab-8dae-f49d44a56d0c","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_01","libvirt_volume.node_01_disk","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":15,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-33","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"83795bdf-38eb-49d2-90c4-bd37335de158","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_02","libvirt_volume.node_02_disk","libvirt_volume.ubuntu_base_beelink","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso"}},"id":"/srv/vms/kube-master-31-cloudinit.iso","key":"/srv/vms/kube-master-31-cloudinit.iso","name":"kube-master-31-cloudinit.iso","path":"/srv/vms/kube-master-31-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-845e3681ac0f1b93.iso"}},"id":"/srv/vms/kube-node-32-cloudinit.iso","key":"/srv/vms/kube-node-32-cloudinit.iso","name":"kube-node-32-cloudinit.iso","path":"/srv/vms/kube-node-32-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-bf025b8c6359dfff.iso"}},"id":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","key":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","name":"kube-node-33-cloudinit.iso","path":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_01_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":15701405696,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-node-32.qcow2","key":"/srv/vms/kube-node-32.qcow2","name":"kube-node-32.qcow2","path":"/srv/vms/kube-node-32.qcow2","physical":15701245952,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-node-32.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_02_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":200704,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/var/lib/libvirt/images/kube-node-33.qcow2","key":"/var/lib/libvirt/images/kube-node-33.qcow2","name":"kube-node-33.qcow2","path":"/var/lib/libvirt/images/kube-node-33.qcow2","physical":196928,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/kube-node-33.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_beelink"]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_beelink","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","key":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_homer","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/srv/vms/ubuntu-24.04-base.qcow2","key":"/srv/vms/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/srv/vms/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":7336095744,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-master-31.qcow2","key":"/srv/vms/kube-master-31.qcow2","name":"kube-master-31.qcow2","path":"/srv/vms/kube-master-31.qcow2","physical":7335968768,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-master-31.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"null_resource","name":"kubeadm_token","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"591435519595944093","triggers":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"null_resource","name":"kubeconfig","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"8367063358226307615","triggers":null},"sensitive_attributes":[]}]}],"check_results":null} +{"version":4,"terraform_version":"1.11.2","serial":95,"lineage":"69f81358-9017-b0fa-2e3d-404364b1f698","outputs":{"master_ip":{"value":"192.168.0.31","type":"string"},"node_01_ip":{"value":"192.168.0.32","type":"string"},"node_02_ip":{"value":"192.168.0.33","type":"string"}},"resources":[{"mode":"data","type":"local_file","name":"join_command","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","instances":[{"schema_version":0,"attributes":{"content":"kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9 \n","content_base64":"a3ViZWFkbSBqb2luIDE5Mi4xNjguMC4zMTo2NDQzIC0tdG9rZW4gNGo4bjN3Lml3dmFkMmpjbjU4ZmExdGYgLS1kaXNjb3ZlcnktdG9rZW4tY2EtY2VydC1oYXNoIHNoYTI1NjpjMDk5NTVlMDliYTc5ODgyYmE3NzY2MTI1YjU3MDMwYjJlODdkZGUwYWM0OWFmMzUxZGUyOGUxYzkyZDBiZWI5IAo=","content_base64sha256":"roumEfzzwONt5YNNfe87nLW8Bpr9MrRxbVydkUYBULI=","content_base64sha512":"32X/VG3E9T6fTZdW5dkdb2XW65gtUR5J+i/FIDgiIcaDTsQDIOx3Z4owVNEJlgdOhP+99GWhFWAzxCWJVy9WvA==","content_md5":"a275ae2e28acfaca1cab4b2067f06e1b","content_sha1":"204224df0c1c72ec6e279c262472e0f6097ff618","content_sha256":"ae8ba611fcf3c0e36de5834d7def3b9cb5bc069afd32b4716d5c9d91460150b2","content_sha512":"df65ff546dc4f53e9f4d9756e5d91d6f65d6eb982d511e49fa2fc520382221c6834ec40320ec77678a3054d10996074e84ffbdf465a1156033c42589572f56bc","filename":"./join-command.txt","id":"204224df0c1c72ec6e279c262472e0f6097ff618"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"295268ac2ef5dcc3","meta_data":"\"instance-id\": \"kube-master-31\"\n\"local-hostname\": \"kube-master-31\"\n","name":"kube-master-31-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.31/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-master-31\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg \n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n extraArgs:\n oidc-issuer-url: \"https://idm.home.hrajfrisbee.cz/oauth2/openid/k8s\"\n oidc-client-id: \"k8s\"\n oidc-signing-algs: \"ES256\" \n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k \n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n\n # init cluster\n - kubeadm init --config=/root/kubeadm-config.yaml --skip-phases=addon/kube-proxy\n \n # kubeconfig for root\n - mkdir -p /root/.kube \u0026\u0026 cp /etc/kubernetes/admin.conf /root/.kube/config\n\n # wait for API server\n - |\n echo \"Waiting for API server...\"\n until kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes ; do\n echo \"Waiting for API server...\"\n sleep 5\n done\n\n # CNI (cilium example, swap for flannel/calico as needed)\n - |\n CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)\n curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz\n tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin\n cilium install --kubeconfig=/etc/kubernetes/admin.conf --set kubeProxyReplacement=true --wait \n"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"15a969c022087669","meta_data":"\"instance-id\": \"kube-node-32\"\n\"local-hostname\": \"kube-node-32\"\n","name":"kube-node-32-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.32/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-15a969c022087669.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-32\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - |\n cat \u003e /etc/containerd/config.toml \u003c\u003c'CONTAINERD'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n CONTAINERD\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"id":"f7d5cde2f01193f5","meta_data":"\"instance-id\": \"kube-node-33\"\n\"local-hostname\": \"kube-node-33\"\n","name":"kube-node-33-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.33/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-f7d5cde2f01193f5.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-33\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - |\n cat \u003e /etc/containerd/config.toml \u003c\u003c'CONTAINERD'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n CONTAINERD\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"master","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":null,"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":12,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":4096,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-master-31","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"1d3d2721-a2f0-49d0-a458-a905c4b6e5cd","vcpu":3,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":15,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-32","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"3ce32377-42df-4e35-9cb3-7a32e387b14d","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_01","libvirt_volume.node_01_disk","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":18,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-33","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"c27afbe4-d5a9-49e1-8c62-40dd585a0485","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_02","libvirt_volume.node_02_disk","libvirt_volume.ubuntu_base_beelink","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso"}},"id":"/srv/vms/kube-master-31-cloudinit.iso","key":"/srv/vms/kube-master-31-cloudinit.iso","name":"kube-master-31-cloudinit.iso","path":"/srv/vms/kube-master-31-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-15a969c022087669.iso"}},"id":"/srv/vms/kube-node-32-cloudinit.iso","key":"/srv/vms/kube-node-32-cloudinit.iso","name":"kube-node-32-cloudinit.iso","path":"/srv/vms/kube-node-32-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-f7d5cde2f01193f5.iso"}},"id":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","key":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","name":"kube-node-33-cloudinit.iso","path":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_01_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":200704,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":53687091200,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-node-32.qcow2","key":"/srv/vms/kube-node-32.qcow2","name":"kube-node-32.qcow2","path":"/srv/vms/kube-node-32.qcow2","physical":197408,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-node-32.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_02_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":12228427776,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null},"capacity":53687091200,"capacity_unit":null,"create":null,"id":"/var/lib/libvirt/images/kube-node-33.qcow2","key":"/var/lib/libvirt/images/kube-node-33.qcow2","name":"kube-node-33.qcow2","path":"/var/lib/libvirt/images/kube-node-33.qcow2","physical":12228231168,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/kube-node-33.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_beelink"]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_beelink","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","key":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_homer","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/srv/vms/ubuntu-24.04-base.qcow2","key":"/srv/vms/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/srv/vms/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":11319377920,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-master-31.qcow2","key":"/srv/vms/kube-master-31.qcow2","name":"kube-master-31.qcow2","path":"/srv/vms/kube-master-31.qcow2","physical":11319181312,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-master-31.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"null_resource","name":"kubeadm_token","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"4165376310159713019","triggers":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"null_resource","name":"kubeconfig","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"8367063358226307615","triggers":null},"sensitive_attributes":[]}]}],"check_results":null} diff --git a/kubernetes-kvm-terraform/terraform.tfstate.backup b/kubernetes-kvm-terraform/terraform.tfstate.backup index 5df3ecf..d91e9eb 100644 --- a/kubernetes-kvm-terraform/terraform.tfstate.backup +++ b/kubernetes-kvm-terraform/terraform.tfstate.backup @@ -1 +1 @@ -{"version":4,"terraform_version":"1.11.2","serial":87,"lineage":"69f81358-9017-b0fa-2e3d-404364b1f698","outputs":{"master_ip":{"value":"192.168.0.31","type":"string"},"node_01_ip":{"value":"192.168.0.32","type":"string"},"node_02_ip":{"value":"192.168.0.33","type":"string"}},"resources":[{"mode":"data","type":"local_file","name":"join_command","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","instances":[{"schema_version":0,"attributes":{"content":"kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9 \n","content_base64":"a3ViZWFkbSBqb2luIDE5Mi4xNjguMC4zMTo2NDQzIC0tdG9rZW4gbmZiazI0LjB2MnFjemVzdXdseGNjNnAgLS1kaXNjb3ZlcnktdG9rZW4tY2EtY2VydC1oYXNoIHNoYTI1NjpjMDk5NTVlMDliYTc5ODgyYmE3NzY2MTI1YjU3MDMwYjJlODdkZGUwYWM0OWFmMzUxZGUyOGUxYzkyZDBiZWI5IAo=","content_base64sha256":"UhrHXweUjlkBKNBJBsvyv/UF8Z0HavzxjmvvKtPqExI=","content_base64sha512":"9/PxTzu68Zk9icpO9YFUsMcre2PYkbUtCL1FzCPwErHDI0pxIx/kfbe5cwC8TFu6QZyCfxeyDHt49T4leKwqrw==","content_md5":"5a600470c8b9f2afabb0244f3b11cbde","content_sha1":"6f257920dd5627719ef5c5f181ce8a310b93b22f","content_sha256":"521ac75f07948e590128d04906cbf2bff505f19d076afcf18e6bef2ad3ea1312","content_sha512":"f7f3f14f3bbaf1993d89ca4ef58154b0c72b7b63d891b52d08bd45cc23f012b1c3234a71231fe47db7b97300bc4c5bba419c827f17b20c7b78f53e2578ac2aaf","filename":"./join-command.txt","id":"6f257920dd5627719ef5c5f181ce8a310b93b22f"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"295268ac2ef5dcc3","meta_data":"\"instance-id\": \"kube-master-31\"\n\"local-hostname\": \"kube-master-31\"\n","name":"kube-master-31-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.31/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-master-31\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg \n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n extraArgs:\n oidc-issuer-url: \"https://idm.home.hrajfrisbee.cz/oauth2/openid/k8s\"\n oidc-client-id: \"k8s\"\n oidc-signing-algs: \"ES256\" \n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k \n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n\n # init cluster\n - kubeadm init --config=/root/kubeadm-config.yaml --skip-phases=addon/kube-proxy\n \n # kubeconfig for root\n - mkdir -p /root/.kube \u0026\u0026 cp /etc/kubernetes/admin.conf /root/.kube/config\n\n # wait for API server\n - |\n echo \"Waiting for API server...\"\n until kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes ; do\n echo \"Waiting for API server...\"\n sleep 5\n done\n\n # CNI (cilium example, swap for flannel/calico as needed)\n - |\n CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)\n curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz\n tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin\n cilium install --kubeconfig=/etc/kubernetes/admin.conf --set kubeProxyReplacement=true --wait \n"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"845e3681ac0f1b93","meta_data":"\"instance-id\": \"kube-node-32\"\n\"local-hostname\": \"kube-node-32\"\n","name":"kube-node-32-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.32/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-845e3681ac0f1b93.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-32\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - cat \u003e /etc/containerd/config.toml \u003c\u003c'xEOF'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n xEOF \n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"id":"bf025b8c6359dfff","meta_data":"\"instance-id\": \"kube-node-33\"\n\"local-hostname\": \"kube-node-33\"\n","name":"kube-node-33-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.33/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-bf025b8c6359dfff.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-33\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - |\n cat \u003e /etc/containerd/config.toml \u003c\u003c'CONTAINERD'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n CONTAINERD\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token nfbk24.0v2qczesuwlxcc6p --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"master","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":null,"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":6,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":2048,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-master-31","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"1d3d2721-a2f0-49d0-a458-a905c4b6e5cd","vcpu":2,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":10,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-32","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"c0edcd4c-f090-41ab-8dae-f49d44a56d0c","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_01","libvirt_volume.node_01_disk","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":14,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-33","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"f0a8cdd3-e7aa-4316-b6f6-39121e8612f5","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_02","libvirt_volume.node_02_disk","libvirt_volume.ubuntu_base_beelink","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso"}},"id":"/srv/vms/kube-master-31-cloudinit.iso","key":"/srv/vms/kube-master-31-cloudinit.iso","name":"kube-master-31-cloudinit.iso","path":"/srv/vms/kube-master-31-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-845e3681ac0f1b93.iso"}},"id":"/srv/vms/kube-node-32-cloudinit.iso","key":"/srv/vms/kube-node-32-cloudinit.iso","name":"kube-node-32-cloudinit.iso","path":"/srv/vms/kube-node-32-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-bf025b8c6359dfff.iso"}},"id":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","key":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","name":"kube-node-33-cloudinit.iso","path":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_01_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":15701139456,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-node-32.qcow2","key":"/srv/vms/kube-node-32.qcow2","name":"kube-node-32.qcow2","path":"/srv/vms/kube-node-32.qcow2","physical":15700983808,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-node-32.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_02_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":1112686592,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/var/lib/libvirt/images/kube-node-33.qcow2","key":"/var/lib/libvirt/images/kube-node-33.qcow2","name":"kube-node-33.qcow2","path":"/var/lib/libvirt/images/kube-node-33.qcow2","physical":1112735744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/kube-node-33.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_beelink"]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_beelink","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","key":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_homer","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/srv/vms/ubuntu-24.04-base.qcow2","key":"/srv/vms/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/srv/vms/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":7335309312,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-master-31.qcow2","key":"/srv/vms/kube-master-31.qcow2","name":"kube-master-31.qcow2","path":"/srv/vms/kube-master-31.qcow2","physical":7335182336,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-master-31.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"null_resource","name":"kubeadm_token","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"591435519595944093","triggers":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"null_resource","name":"kubeconfig","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"8367063358226307615","triggers":null},"sensitive_attributes":[]}]}],"check_results":null} +{"version":4,"terraform_version":"1.11.2","serial":94,"lineage":"69f81358-9017-b0fa-2e3d-404364b1f698","outputs":{"master_ip":{"value":"192.168.0.31","type":"string"},"node_01_ip":{"value":"192.168.0.32","type":"string"},"node_02_ip":{"value":"192.168.0.33","type":"string"}},"resources":[{"mode":"data","type":"local_file","name":"join_command","provider":"provider[\"registry.opentofu.org/hashicorp/local\"]","instances":[{"schema_version":0,"attributes":{"content":"kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9 \n","content_base64":"a3ViZWFkbSBqb2luIDE5Mi4xNjguMC4zMTo2NDQzIC0tdG9rZW4gNGo4bjN3Lml3dmFkMmpjbjU4ZmExdGYgLS1kaXNjb3ZlcnktdG9rZW4tY2EtY2VydC1oYXNoIHNoYTI1NjpjMDk5NTVlMDliYTc5ODgyYmE3NzY2MTI1YjU3MDMwYjJlODdkZGUwYWM0OWFmMzUxZGUyOGUxYzkyZDBiZWI5IAo=","content_base64sha256":"roumEfzzwONt5YNNfe87nLW8Bpr9MrRxbVydkUYBULI=","content_base64sha512":"32X/VG3E9T6fTZdW5dkdb2XW65gtUR5J+i/FIDgiIcaDTsQDIOx3Z4owVNEJlgdOhP+99GWhFWAzxCWJVy9WvA==","content_md5":"a275ae2e28acfaca1cab4b2067f06e1b","content_sha1":"204224df0c1c72ec6e279c262472e0f6097ff618","content_sha256":"ae8ba611fcf3c0e36de5834d7def3b9cb5bc069afd32b4716d5c9d91460150b2","content_sha512":"df65ff546dc4f53e9f4d9756e5d91d6f65d6eb982d511e49fa2fc520382221c6834ec40320ec77678a3054d10996074e84ffbdf465a1156033c42589572f56bc","filename":"./join-command.txt","id":"204224df0c1c72ec6e279c262472e0f6097ff618"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"295268ac2ef5dcc3","meta_data":"\"instance-id\": \"kube-master-31\"\n\"local-hostname\": \"kube-master-31\"\n","name":"kube-master-31-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.31/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-master-31\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg \n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n extraArgs:\n oidc-issuer-url: \"https://idm.home.hrajfrisbee.cz/oauth2/openid/k8s\"\n oidc-client-id: \"k8s\"\n oidc-signing-algs: \"ES256\" \n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k \n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n\n # init cluster\n - kubeadm init --config=/root/kubeadm-config.yaml --skip-phases=addon/kube-proxy\n \n # kubeconfig for root\n - mkdir -p /root/.kube \u0026\u0026 cp /etc/kubernetes/admin.conf /root/.kube/config\n\n # wait for API server\n - |\n echo \"Waiting for API server...\"\n until kubectl --kubeconfig=/etc/kubernetes/admin.conf get nodes ; do\n echo \"Waiting for API server...\"\n sleep 5\n done\n\n # CNI (cilium example, swap for flannel/calico as needed)\n - |\n CILIUM_CLI_VERSION=$(curl -s https://raw.githubusercontent.com/cilium/cilium-cli/main/stable.txt)\n curl -L --remote-name-all https://github.com/cilium/cilium-cli/releases/download/${CILIUM_CLI_VERSION}/cilium-linux-amd64.tar.gz\n tar xzvf cilium-linux-amd64.tar.gz -C /usr/local/bin\n cilium install --kubeconfig=/etc/kubernetes/admin.conf --set kubeProxyReplacement=true --wait \n"},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"id":"be2499403c2dd84c","meta_data":"\"instance-id\": \"kube-node-32\"\n\"local-hostname\": \"kube-node-32\"\n","name":"kube-node-32-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.32/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-be2499403c2dd84c.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-32\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - cat \u003e /etc/containerd/config.toml \u003c\u003c'xEOF'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n xEOF \n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_cloudinit_disk","name":"commoninit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"id":"f7d5cde2f01193f5","meta_data":"\"instance-id\": \"kube-node-33\"\n\"local-hostname\": \"kube-node-33\"\n","name":"kube-node-33-cloudinit.iso","network_config":"version: 2\nethernets:\n eth0:\n match:\n driver: virtio_net\n addresses:\n - 192.168.0.33/24\n routes:\n - to: default\n via: 192.168.0.4\n nameservers:\n addresses:\n - 8.8.8.8\n","path":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-f7d5cde2f01193f5.iso","size":49152,"user_data":"#cloud-config\nhostname: kube-node-33\nusers:\n - name: ubuntu\n sudo: ALL=(ALL) NOPASSWD:ALL\n shell: /bin/bash\n ssh_authorized_keys:\n - ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTLxDOQMsumLpjIzMXvpN/hvoMfbVFcl7TDKXTYLBJIvTOLWO/elI3PeJkXNAlaIT1lgJQB7NwQED+DciPLjCLzkG3aSxuJdZRo0Z+vHm9CEUkWnq8icLTQs0zYadK6p24VpMqT61cGNv9L/riciMRWT6l2SdRN2ZBR6MhCXMZy/XgRRlcV9iN1n9T0Q9aZjaQ2CjgG59wTLdQ0bHRlFBSt2q6erFmCIiBHUJba4avDVRvYryvMgkopayL/eK2gxaloMjcMt4z+zIokxhQONPPU2AvqMcqQIsWGQYIzIkJ0UOO8ly/PAFCpgvukWJepmZR30vVBALFCRZCUN1zMbI3 jan.novak@Jans-MacBook-Air-9.local\n\nchpasswd:\n list: |\n ubuntu:yourpassword\n expire: false\nssh_pwauth: true\npackage_update: true\npackages:\n - qemu-guest-agent\n - openssh-server\n - apt-transport-https\n - ca-certificates\n - curl\n - gnupg\n - nvme-cli\n\nwrite_files:\n - path: /etc/modules-load.d/k8s.conf\n content: |\n overlay\n br_netfilter\n\n - path: /etc/sysctl.d/k8s.conf\n content: |\n net.bridge.bridge-nf-call-iptables = 1\n net.bridge.bridge-nf-call-ip6tables = 1\n net.ipv4.ip_forward = 1\n\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n\n # Update existing containerd config to enable registry config_path\n - path: /etc/containerd/config.toml\n content: |\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n\n # Mirror configs for each upstream registry\n - path: /etc/containerd/certs.d/docker.io/hosts.toml\n content: |\n server = \"https://registry-1.docker.io\"\n [host.\"http://192.168.0.30:5000/v2/docker.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/registry.k8s.io/hosts.toml\n content: |\n server = \"https://registry.k8s.io\"\n [host.\"http://192.168.0.30:5000/v2/registry.k8s.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/ghcr.io/hosts.toml\n content: |\n server = \"https://ghcr.io\"\n [host.\"http://192.168.0.30:5000/v2/ghcr.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true\n\n - path: /etc/containerd/certs.d/quay.io/hosts.toml\n content: |\n server = \"https://quay.io\"\n [host.\"http://192.168.0.30:5000/v2/quay.io\"]\n capabilities = [\"pull\", \"resolve\"]\n skip_verify = true\n override_path = true \n\n - path: /root/kubeadm-config.yaml\n content: |\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: InitConfiguration\n nodeRegistration:\n criSocket: unix:///run/containerd/containerd.sock\n ---\n apiVersion: kubeadm.k8s.io/v1beta3\n kind: ClusterConfiguration\n networking:\n podSubnet: \"10.244.0.0/16\"\n ---\n apiVersion: kubelet.config.k8s.io/v1beta1\n kind: KubeletConfiguration\n cgroupDriver: systemd\n\n - path: /etc/profile.d/kubectl.sh\n content: |\n alias k='kubectl'\n source \u003c(kubectl completion bash)\n complete -o default -F __start_kubectl k\n\n - path: /etc/systemd/system/kubelet.service.d/10-containerd.conf\n content: |\n [Unit]\n After=containerd.service\n Requires=containerd.service\n\n [Service]\n ExecStartPre=/bin/bash -c 'until [ -S /var/run/containerd/containerd.sock ]; do sleep 1; done'\n ExecStartPre=/usr/bin/crictl info\n\n\nruncmd:\n - systemctl enable --now qemu-guest-agent\n - systemctl enable --now ssh\n\n # needed for nvme-tcp module\n - apt install linux-modules-extra-$(uname -r)\n - modprobe nvme-tcp\n - echo \"nvme-tcp\" \u003e\u003e /etc/modules-load.d/nvme-tcp.conf\n\n # relevant to kubernetes\n - modprobe overlay\n - modprobe br_netfilter\n - sysctl --system\n\n # containerd\n - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg\n - echo \"deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable\" \u003e /etc/apt/sources.list.d/docker.list\n - apt-get update \u0026\u0026 apt-get install -y containerd.io\n - |\n cat \u003e /etc/containerd/config.toml \u003c\u003c'CONTAINERD'\n version = 2\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc]\n runtime_type = \"io.containerd.runc.v2\"\n [plugins.\"io.containerd.grpc.v1.cri\".containerd.runtimes.runc.options]\n SystemdCgroup = true\n [plugins.\"io.containerd.grpc.v1.cri\".registry]\n config_path = \"/etc/containerd/certs.d\"\n CONTAINERD\n - systemctl restart containerd\n\n # kubeadm/kubelet/kubectl v1.32\n - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.32/deb/Release.key | gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg\n - echo \"deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /\" \u003e /etc/apt/sources.list.d/kubernetes.list\n - apt-get update \u0026\u0026 apt-get install -y kubelet kubeadm kubectl\n - apt-mark hold kubelet kubeadm kubectl\n\n # join cluster\n - kubeadm join 192.168.0.31:6443 --token 4j8n3w.iwvad2jcn58fa1tf --discovery-token-ca-cert-hash sha256:c09955e09ba79882ba7766125b57030b2e87dde0ac49af351de28e1c92d0beb9\n\n"},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"master","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":null,"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-master-31-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":12,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":4096,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-master-31","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"1d3d2721-a2f0-49d0-a458-a905c4b6e5cd","vcpu":3,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/srv/vms/kube-node-32-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":14,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-32","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"5176f9d9-e5b7-4edc-b32d-ff15e210f250","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_01","libvirt_volume.node_01_disk","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_domain","name":"node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"autostart":true,"block_io_tune":null,"bootloader":null,"bootloader_args":null,"clock":null,"cpu":{"cache":null,"check":null,"deprecated_features":null,"features":null,"match":null,"max_phys_addr":null,"migratable":null,"mode":"host-passthrough","model":null,"model_fallback":null,"model_vendor_id":null,"numa":null,"topology":null,"vendor":null},"cpu_tune":null,"create":null,"current_memory":null,"current_memory_unit":null,"default_io_thread":null,"description":null,"destroy":null,"devices":{"audios":null,"channels":null,"consoles":null,"controllers":null,"crypto":null,"disks":[{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":null,"driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"qcow2"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33.qcow2","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"virtio","dev":"vda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null},{"acpi":null,"address":null,"alias":null,"auth":null,"backend_domain":null,"backing_store":null,"block_io":null,"boot":null,"device":"cdrom","driver":{"ats":null,"cache":null,"copy_on_read":null,"detect_zeros":null,"discard":null,"discard_no_unref":null,"error_policy":null,"event_idx":null,"io":null,"io_event_fd":null,"io_thread":null,"io_threads":null,"iommu":null,"metadata_cache":null,"name":"qemu","packed":null,"page_per_vq":null,"queue_size":null,"queues":null,"rerror_policy":null,"type":"raw"},"encryption":null,"geometry":null,"io_tune":null,"mirror":null,"model":null,"product":null,"raw_io":null,"read_only":null,"serial":null,"sgio":null,"shareable":null,"snapshot":null,"source":{"block":null,"cookies":null,"data_store":null,"dir":null,"encryption":null,"file":{"fd_group":null,"file":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","sec_label":null},"index":null,"network":null,"nvme":null,"readahead":null,"reservations":null,"slices":null,"ssl":null,"startup_policy":null,"timeout":null,"vhost_user":null,"vhost_vdpa":null,"volume":null},"target":{"bus":"sata","dev":"sda","removable":null,"rotation_rate":null,"tray":null},"throttle_filters":null,"transient":null,"vendor":null,"wwn":null}],"emulator":null,"filesystems":null,"graphics":null,"hostdevs":null,"hubs":null,"inputs":null,"interfaces":[{"acpi":null,"address":null,"alias":null,"backend":null,"backend_domain":null,"bandwidth":null,"boot":null,"coalesce":null,"down_script":null,"driver":null,"filter_ref":null,"guest":null,"ip":null,"link":null,"mac":null,"managed":null,"model":{"type":"virtio"},"mtu":null,"port_forward":null,"port_options":null,"rom":null,"route":null,"script":null,"source":{"bridge":{"bridge":"br0"},"client":null,"direct":null,"ethernet":null,"hostdev":null,"internal":null,"mcast":null,"network":null,"null":null,"server":null,"udp":null,"user":null,"vdpa":null,"vds":null,"vhost_user":null},"target":null,"teaming":null,"trust_guest_rx_filters":null,"tune":null,"virtual_port":null,"vlan":null,"wait_for_ip":null}],"iommu":null,"leases":null,"mem_balloon":null,"memorydevs":null,"nvram":null,"panics":null,"parallels":null,"pstore":null,"redir_devs":null,"redir_filters":null,"rngs":null,"serials":[{"acpi":null,"address":null,"alias":null,"log":null,"protocol":null,"source":null,"target":null}],"shmems":null,"smartcards":null,"sounds":null,"tpms":null,"videos":null,"vsock":null,"watchdogs":null},"features":null,"gen_id":null,"hwuuid":null,"id":18,"id_map":null,"io_thread_i_ds":null,"io_threads":null,"key_wrap":null,"launch_security":null,"maximum_memory":null,"maximum_memory_slots":null,"maximum_memory_unit":null,"memory":8192,"memory_backing":null,"memory_dump_core":null,"memory_tune":null,"memory_unit":"MiB","metadata":null,"name":"kube-node-33","numa_tune":null,"on_crash":null,"on_poweroff":null,"on_reboot":null,"os":{"acpi":null,"bios":null,"boot_devices":null,"boot_menu":null,"cmdline":null,"dtb":null,"firmware":null,"firmware_info":null,"init":null,"init_args":null,"init_dir":null,"init_env":null,"init_group":null,"init_user":null,"initrd":null,"kernel":null,"loader":null,"loader_format":null,"loader_readonly":null,"loader_secure":null,"loader_stateless":null,"loader_type":null,"nv_ram":null,"shim":null,"sm_bios":null,"type":"hvm","type_arch":"x86_64","type_machine":"q35"},"perf":null,"pm":null,"resource":null,"running":true,"sec_label":null,"sys_info":null,"throttle_groups":null,"title":null,"type":"kvm","uuid":"c27afbe4-d5a9-49e1-8c62-40dd585a0485","vcpu":4,"vcpu_cpuset":null,"vcpu_current":null,"vcpu_placement":null,"vcpus":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.cloudinit_node_02","libvirt_volume.node_02_disk","libvirt_volume.ubuntu_base_beelink","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-295268ac2ef5dcc3.iso"}},"id":"/srv/vms/kube-master-31-cloudinit.iso","key":"/srv/vms/kube-master-31-cloudinit.iso","name":"kube-master-31-cloudinit.iso","path":"/srv/vms/kube-master-31-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_01","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-be2499403c2dd84c.iso"}},"id":"/srv/vms/kube-node-32-cloudinit.iso","key":"/srv/vms/kube-node-32-cloudinit.iso","name":"kube-node-32-cloudinit.iso","path":"/srv/vms/kube-node-32-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_01","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"cloudinit_node_02","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":49152,"allocation_unit":null,"backing_store":null,"capacity":49152,"capacity_unit":null,"create":{"content":{"url":"/var/folders/dq/h32yg2mx55b2m8hxmf1yh66r0000gn/T/terraform-provider-libvirt-cloudinit/cloudinit-f7d5cde2f01193f5.iso"}},"id":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","key":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","name":"kube-node-33-cloudinit.iso","path":"/var/lib/libvirt/images/kube-node-33-cloudinit.iso","physical":49152,"physical_unit":null,"pool":"default","target":null,"type":null},"sensitive_attributes":[],"dependencies":["data.local_file.join_command","libvirt_cloudinit_disk.commoninit","libvirt_cloudinit_disk.commoninit_node_02","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk","null_resource.kubeadm_token"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_01_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":200704,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":53687091200,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-node-32.qcow2","key":"/srv/vms/kube-node-32.qcow2","name":"kube-node-32.qcow2","path":"/srv/vms/kube-node-32.qcow2","physical":197408,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-node-32.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"libvirt_volume","name":"node_02_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":5876797440,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null},"capacity":53687091200,"capacity_unit":null,"create":null,"id":"/var/lib/libvirt/images/kube-node-33.qcow2","key":"/var/lib/libvirt/images/kube-node-33.qcow2","name":"kube-node-33.qcow2","path":"/var/lib/libvirt/images/kube-node-33.qcow2","physical":5876744192,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/kube-node-33.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_beelink"]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_beelink","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-beelink","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","key":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/var/lib/libvirt/images/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_base_homer","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":626663424,"allocation_unit":null,"backing_store":null,"capacity":3758096384,"capacity_unit":null,"create":{"content":{"url":"https://cloud-images.ubuntu.com/noble/current/noble-server-cloudimg-amd64.img"}},"id":"/srv/vms/ubuntu-24.04-base.qcow2","key":"/srv/vms/ubuntu-24.04-base.qcow2","name":"ubuntu-24.04-base.qcow2","path":"/srv/vms/ubuntu-24.04-base.qcow2","physical":626655744,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[]}]},{"mode":"managed","type":"libvirt_volume","name":"ubuntu_disk","provider":"provider[\"registry.opentofu.org/dmacvicar/libvirt\"].kvm-homer","instances":[{"schema_version":0,"attributes":{"allocation":11319246848,"allocation_unit":null,"backing_store":{"format":{"type":"qcow2"},"path":"/srv/vms/ubuntu-24.04-base.qcow2","permissions":null},"capacity":21474836480,"capacity_unit":null,"create":null,"id":"/srv/vms/kube-master-31.qcow2","key":"/srv/vms/kube-master-31.qcow2","name":"kube-master-31.qcow2","path":"/srv/vms/kube-master-31.qcow2","physical":11319050240,"physical_unit":null,"pool":"default","target":{"cluster_size":null,"cluster_size_unit":null,"compat":null,"encryption":null,"features":null,"format":{"type":"qcow2"},"path":"/srv/vms/kube-master-31.qcow2","permissions":null,"timestamps":null},"type":null},"sensitive_attributes":[],"dependencies":["libvirt_volume.ubuntu_base_homer"]}]},{"mode":"managed","type":"null_resource","name":"kubeadm_token","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"4165376310159713019","triggers":null},"sensitive_attributes":[],"dependencies":["libvirt_cloudinit_disk.commoninit","libvirt_domain.master","libvirt_volume.cloudinit","libvirt_volume.ubuntu_base_homer","libvirt_volume.ubuntu_disk"]}]},{"mode":"managed","type":"null_resource","name":"kubeconfig","provider":"provider[\"registry.opentofu.org/hashicorp/null\"]","instances":[{"schema_version":0,"attributes":{"id":"8367063358226307615","triggers":null},"sensitive_attributes":[]}]}],"check_results":null} diff --git a/shadow/nginx-sites-enabled-default b/shadow/nginx-sites-enabled-default new file mode 100644 index 0000000..f9dbf39 --- /dev/null +++ b/shadow/nginx-sites-enabled-default @@ -0,0 +1,255 @@ +## +# You should look at the following URL's in order to grasp a solid understanding +# of Nginx configuration files in order to fully unleash the power of Nginx. +# https://www.nginx.com/resources/wiki/start/ +# https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ +# https://wiki.debian.org/Nginx/DirectoryStructure +# +# In most cases, administrators will remove this file from sites-enabled/ and +# leave it as reference inside of sites-available where it will continue to be +# updated by the nginx packaging team. +# +# This file will automatically load configuration files provided by other +# applications, such as Drupal or Wordpress. These applications will be made +# available underneath a path with that package name, such as /drupal8. +# +# Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. +## + + +# Default server configuration +# +server { + listen 80 default_server; + # listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + + server_name _; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + # pass PHP scripts to FastCGI server + # + #location ~ \.php$ { + # include snippets/fastcgi-php.conf; + # + # # With php-fpm (or other unix sockets): + # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # # With php-cgi (or other tcp sockets): + # fastcgi_pass 127.0.0.1:9000; + #} + + # deny access to .htaccess files, if Apache's document root + # concurs with nginx's one + # + #location ~ /\.ht { + # deny all; + #} +} + +server { + listen 80; + server_name *.lab.home.hrajfrisbee.cz; + + location / { + proxy_pass http://docker-30:9080; + proxy_set_header Host $host; + } +} + + + +server { + # listen [::]:80 default_server; + + # SSL configuration + # + # listen 443 ssl default_server; + # listen [::]:443 ssl default_server; + # + # Note: You should disable gzip for SSL traffic. + # See: https://bugs.debian.org/773332 + # + # Read up on ssl_ciphers to ensure a secure configuration. + # See: https://bugs.debian.org/765782 + # + # Self signed certs generated by the ssl-cert package + # Don't use them in a production server! + # + # include snippets/snakeoil.conf; + + root /var/www/html; + + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; +} + +server { + server_name teleport.hrajfrisbee.cz; # managed by Certbot + location / { + proxy_pass https://192.168.123.26:443; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # WebSocket upgrade settings - CRITICAL for Teleport + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Disable buffering, which can cause issues with real-time connections + proxy_buffering off; + } + + listen 8443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/teleport.hrajfrisbee.cz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/teleport.hrajfrisbee.cz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} + +server { + if ($host = teleport.hrajfrisbee.cz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 ; + server_name teleport.hrajfrisbee.cz; + return 404; # managed by Certbot + + +} + +server { + root /var/www/html; + # Add index.php to the list if you are using PHP + index index.html index.htm index.nginx-debian.html; + server_name gitea.home.hrajfrisbee.cz; # managed by Certbot + + location / { + proxy_pass http://docker-30:3000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + # Gitea Git over HTTP + client_max_body_size 512m; + + listen 8443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/gitea.home.hrajfrisbee.cz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/gitea.home.hrajfrisbee.cz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = gitea.home.hrajfrisbee.cz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80 ; + server_name gitea.home.hrajfrisbee.cz; + return 404; # managed by Certbot + + +} + +server { + server_name idm.home.hrajfrisbee.cz; # managed by Certbot + + location / { + proxy_pass https://docker-30:8443; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + } + + listen 8443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/idm.home.hrajfrisbee.cz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/idm.home.hrajfrisbee.cz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = idm.home.hrajfrisbee.cz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80 ; + server_name idm.home.hrajfrisbee.cz; + return 404; # managed by Certbot +} + + +server { + + root /var/www/html; + server_name vault.hrajfrisbee.cz; # managed by Certbot + location / { + proxy_pass http://docker-30:8200; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + # Required for Vault + proxy_buffering off; + proxy_request_buffering off; + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # Timeouts for long-running ops + proxy_connect_timeout 300; + proxy_send_timeout 300; + proxy_read_timeout 300; } + + listen 8443 ssl; # managed by Certbot + ssl_certificate /etc/letsencrypt/live/vault.hrajfrisbee.cz/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/vault.hrajfrisbee.cz/privkey.pem; # managed by Certbot + include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot + +} +server { + if ($host = vault.hrajfrisbee.cz) { + return 301 https://$host$request_uri; + } # managed by Certbot + + listen 80 ; + server_name vault.hrajfrisbee.cz; + return 404; # managed by Certbot + + +} \ No newline at end of file diff --git a/shadow/nginx.conf b/shadow/nginx.conf new file mode 100644 index 0000000..78d1571 --- /dev/null +++ b/shadow/nginx.conf @@ -0,0 +1,107 @@ +user www-data; +worker_processes auto; +pid /run/nginx.pid; +error_log /var/log/nginx/error.log; +include /etc/nginx/modules-enabled/*.conf; + +events { + worker_connections 768; + # multi_accept on; +} + + +http { + + ## + # Basic Settings + ## + + sendfile on; + tcp_nopush on; + types_hash_max_size 2048; + # server_tokens off; + + # server_names_hash_bucket_size 64; + # server_name_in_redirect off; + + include /etc/nginx/mime.types; + default_type application/octet-stream; + + ## + # SSL Settings + ## + + ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; + + ## + # Logging Settings + ## + + access_log /var/log/nginx/access.log; + + ## + # Gzip Settings + ## + + gzip on; + + # gzip_vary on; + # gzip_proxied any; + # gzip_comp_level 6; + # gzip_buffers 16 8k; + # gzip_http_version 1.1; + # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + ## + # Virtual Host Configs + ## + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} + +stream { + map $ssl_preread_server_name $backend { + # Passthrough to K8s + ~^.+\.lab\.home\.hrajfrisbee\.cz$ k8s_ingress; + + default local_https; + } + + upstream k8s_ingress { + server docker-30:9443; + } + + upstream local_https { + server 127.0.0.1:8443; # Loop back to http block + } + + server { + listen 443; + ssl_preread on; + proxy_pass $backend; + } +} + + +#mail { +# # See sample authentication script at: +# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript +# +# # auth_http localhost/auth.php; +# # pop3_capabilities "TOP" "USER"; +# # imap_capabilities "IMAP4rev1" "UIDPLUS"; +# +# server { +# listen localhost:110; +# protocol pop3; +# proxy on; +# } +# +# server { +# listen localhost:143; +# protocol imap; +# proxy on; +# } +#} diff --git a/vagrant/k8s/loadbalancer-ip-pools.yaml b/vagrant/k8s/loadbalancer-ip-pools.yaml index a5736ed..d0dd7cb 100644 --- a/vagrant/k8s/loadbalancer-ip-pools.yaml +++ b/vagrant/k8s/loadbalancer-ip-pools.yaml @@ -5,5 +5,5 @@ metadata: namespace: kube-system spec: cidrs: - - start: "192.168.0.31" + - start: "192.168.0.35" stop: "192.168.0.39" \ No newline at end of file