#cloud-config
# Sets up everything required to kubeadm init a control plane.
# kubeadm init --apiserver-advertise-address 10.0.1.1 --pod-network-cidr 10.244.0.0/16
---
apt:
  sources:
    tailscale.list:
      source: deb https://pkgs.tailscale.com/stable/ubuntu jammy main
      keyid: 2596A99EAAB33821893C0A79458CA832957F5868
    kubernetes.list:
      source: deb https://apt.kubernetes.io/ kubernetes-xenial main
      keyid: A362B822F6DEDC652817EA46B53DC80D13EDEF05
    docker.list:
      source: deb https://download.docker.com/linux/ubuntu jammy stable
      keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
write_files:
  - path: /etc/sysctl.d/k8s.conf
    content: |
      net.bridge.bridge-nf-call-iptables  = 1
      net.bridge.bridge-nf-call-ip6tables = 1
      net.ipv4.ip_forward                 = 1
  - path: /etc/modules-load.d/k8s.conf
    content: |
      overlay
      br_netfilter
  - path: /etc/containerd/config.toml
    content: |
      [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options]
          SystemdCgroup = true
      disabled_plugins = []
  - path: /root/k8s.yaml
    content: |
      apiVersion: kubelet.config.k8s.io/v1beta1
      kind: KubeletConfiguration
      cgroupDriver: systemd
  - path: /etc/kubernetes/resolv.conf
    content: |
      nameserver 1.1.1.1
      nameserver 1.0.0.1
      nameserver 2606:4700:4700::1111
  - path: /etc/default/kubelet
    content: |
      KUBELET_EXTRA_ARGS="--resolv-conf=/etc/kubernetes/resolv.conf"
packages:
  - tailscale
  - apt-transport-https
  - ca-certificates
  - curl
  - kubelet
  - kubeadm
  - kubectl
  - containerd.io
runcmd:
  - [ modprobe, overlay ]
  - [ modprobe, br_netfilter ]
  - [ sysctl, --system ] 
  - [ tailscale, up, -auth-key, ${tailscale_key}, -ssh ]
  - [ apt-mark, hold, kubelet, kubeadm, kubectl ]