k4mrul · July 11, 2025 03:43
diff --git a/cloud-init.yaml b/cloud-init.yaml
 #cloud-config
 package_update: true
 packages:
  - bash-completion
  - make
  - vim
  - iptables
  - g++
  - jq
  - fzf
  - kubectx
 write_files:
  - path: /root/setup.sh
    permissions: '0755'
    content: |
      #!/bin/bash
      set -e

      ARCH=$(dpkg --print-architecture)
      EXTERNAL_IP=$(curl -s ifconfig.me)

      # Install yq
      wget "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" -O /usr/bin/yq && chmod +x /usr/bin/yq

      # Install kubectl
      wget -q "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
      install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
      rm kubectl
      
      # Install fluxcd
      curl -s https://fluxcd.io/install.sh | sudo bash

      # Enable bash completion for kubectl
      echo "source /usr/share/bash-completion/bash_completion" >> /home/ubuntu/.bashrc
      echo "source <(kubectl completion bash)" >> /home/ubuntu/.bashrc
      echo "complete -F __start_kubectl k" >> /home/ubuntu/.bashrc
      echo "alias k=kubectl" >> /home/ubuntu/.bashrc

      # Upgrade k0s
      curl --proto '=https' --tlsv1.2 -sSf https://get.k0s.sh | sudo sh

      # Install kubernetes
      k0s config create > /root/k0s.yaml
      ## we will setup cilium cni
      sed -i 's/provider: kuberouter/provider: custom/' /root/k0s.yaml
      ## disable kubeproxy (maybe not needed but necessary for laaaarge cluster) for cilium handle routing with eBPF
      ##yq eval '.spec.network.kubeProxy.disabled = true' -i /root/k0s.yaml
      ## Changing to ipvs mode
      yq e '.spec.network.kubeProxy.mode = "ipvs"' -i /root/k0s.yaml
      ## add vm ip to sans
      yq e ".spec.api.sans += [\"${EXTERNAL_IP}\"]" -i /root/k0s.yaml
      ## Install k8s
      k0s install controller --enable-worker --no-taints -c /root/k0s.yaml
      k0s start
      sleep 120
      mkdir -p /home/ubuntu/.kube/
      k0s kubectl config rename-context Default $HOSTNAME
      yq e ".users[0].name = \"$(hostname)\"" -i /var/lib/k0s/pki/admin.conf
      yq e '.contexts[].context.user = "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
      yq e '(.clusters[].name, .contexts[].context.cluster) |= "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
      k0s kubeconfig admin > /home/ubuntu/.kube/config
      chown ubuntu:ubuntu /home/ubuntu/.kube/ -R

      # Install Helm
      curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash

      # install kustomize
      curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"  | bash
      mv kustomize /usr/local/bin/kustomize

      sleep 60

      # Install cilium via helm
      helm repo add cilium https://helm.cilium.io/
      helm repo update
      helm upgrade --install cilium cilium/cilium --namespace kube-system -f https://gist.githubusercontent.com/k4mrul/c3b93fc6619b6de307d3ee11d536e0d7/raw
      sleep 60
      k0s kubectl apply -f https://gist.githubusercontent.com/k4mrul/e462957521e4d0714a2e50090e9eccfd/raw
           
      # Install ingress-nginx
      helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
      helm repo update
      helm upgrade --install ingress-nginx ingress-nginx \
        --repo https://kubernetes.github.io/ingress-nginx \
        --namespace ingress-nginx --create-namespace \
        --version 4.11.7 \
        --set controller.service.type=LoadBalancer

      # Cert-manager 
      helm repo add jetstack https://charts.jetstack.io
      helm repo update
      helm install \
        cert-manager jetstack/cert-manager \
        --namespace cert-manager \
        --create-namespace \
        --version v1.17.2 \
        --set crds.enabled=true
        
      # forward request to cilium bgp (NOTE, only apply this AFTER adding letsencrypt-staging and letsencrypt-prod clusterissuer. If you apply before, clusterissuer will be not ready state!)
      PRIVATE_IP=$(hostname -I | awk '{print $1}')
      # for aws
      #TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
      #PRIVATE_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-ipv4)
      sudo echo 1 > /proc/sys/net/ipv4/ip_forward
      sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 80 -j DNAT --to-destination 10.42.42.0:80
      sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 443 -j DNAT --to-destination 10.42.42.0:443
      sudo iptables-save        
        
        
      ## install longhorn storage class
      # k0s kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.8.1/deploy/longhorn.yaml

      # Add ubuntu user to docker group
      sudo usermod -aG docker ubuntu

 runcmd:
  - [ bash, /root/setup.sh ]
	#cloud-config
	package_update: true
	packages:
	- bash-completion
	- make
	- vim
	- iptables
	- g++
	- jq
	- fzf
	- kubectx
	write_files:
	- path: /root/setup.sh
	permissions: '0755'
	content: \|
	#!/bin/bash
	set -e

	ARCH=$(dpkg --print-architecture)
	EXTERNAL_IP=$(curl -s ifconfig.me)

	# Install yq
	wget "https://github.com/mikefarah/yq/releases/latest/download/yq_linux_${ARCH}" -O /usr/bin/yq && chmod +x /usr/bin/yq

	# Install kubectl
	wget -q "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/${ARCH}/kubectl"
	install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
	rm kubectl

	# Install fluxcd
	curl -s https://fluxcd.io/install.sh \| sudo bash

	# Enable bash completion for kubectl
	echo "source /usr/share/bash-completion/bash_completion" >> /home/ubuntu/.bashrc
	echo "source <(kubectl completion bash)" >> /home/ubuntu/.bashrc
	echo "complete -F __start_kubectl k" >> /home/ubuntu/.bashrc
	echo "alias k=kubectl" >> /home/ubuntu/.bashrc

	# Upgrade k0s
	curl --proto '=https' --tlsv1.2 -sSf https://get.k0s.sh \| sudo sh

	# Install kubernetes
	k0s config create > /root/k0s.yaml
	## we will setup cilium cni
	sed -i 's/provider: kuberouter/provider: custom/' /root/k0s.yaml
	## disable kubeproxy (maybe not needed but necessary for laaaarge cluster) for cilium handle routing with eBPF
	##yq eval '.spec.network.kubeProxy.disabled = true' -i /root/k0s.yaml
	## Changing to ipvs mode
	yq e '.spec.network.kubeProxy.mode = "ipvs"' -i /root/k0s.yaml
	## add vm ip to sans
	yq e ".spec.api.sans += [\"${EXTERNAL_IP}\"]" -i /root/k0s.yaml
	## Install k8s
	k0s install controller --enable-worker --no-taints -c /root/k0s.yaml
	k0s start
	sleep 120
	mkdir -p /home/ubuntu/.kube/
	k0s kubectl config rename-context Default $HOSTNAME
	yq e ".users[0].name = \"$(hostname)\"" -i /var/lib/k0s/pki/admin.conf
	yq e '.contexts[].context.user = "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
	yq e '(.clusters[].name, .contexts[].context.cluster) \|= "'$(hostname)'"' -i /var/lib/k0s/pki/admin.conf
	k0s kubeconfig admin > /home/ubuntu/.kube/config
	chown ubuntu:ubuntu /home/ubuntu/.kube/ -R

	# Install Helm
	curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 \| bash

	# install kustomize
	curl -s "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" \| bash
	mv kustomize /usr/local/bin/kustomize

	sleep 60

	# Install cilium via helm
	helm repo add cilium https://helm.cilium.io/
	helm repo update
	helm upgrade --install cilium cilium/cilium --namespace kube-system -f https://gist.githubusercontent.com/k4mrul/c3b93fc6619b6de307d3ee11d536e0d7/raw
	sleep 60
	k0s kubectl apply -f https://gist.githubusercontent.com/k4mrul/e462957521e4d0714a2e50090e9eccfd/raw

	# Install ingress-nginx
	helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
	helm repo update
	helm upgrade --install ingress-nginx ingress-nginx \
	--repo https://kubernetes.github.io/ingress-nginx \
	--namespace ingress-nginx --create-namespace \
	--version 4.11.7 \
	--set controller.service.type=LoadBalancer

	# Cert-manager
	helm repo add jetstack https://charts.jetstack.io
	helm repo update
	helm install \
	cert-manager jetstack/cert-manager \
	--namespace cert-manager \
	--create-namespace \
	--version v1.17.2 \
	--set crds.enabled=true

	# forward request to cilium bgp (NOTE, only apply this AFTER adding letsencrypt-staging and letsencrypt-prod clusterissuer. If you apply before, clusterissuer will be not ready state!)
	PRIVATE_IP=$(hostname -I \| awk '{print $1}')
	# for aws
	#TOKEN=$(curl -s -X PUT "http://169.254.169.254/latest/api/token" -H "X-aws-ec2-metadata-token-ttl-seconds: 60")
	#PRIVATE_IP=$(curl -s -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/meta-data/local-ipv4)
	sudo echo 1 > /proc/sys/net/ipv4/ip_forward
	sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 80 -j DNAT --to-destination 10.42.42.0:80
	sudo iptables -t nat -A PREROUTING -d "$PRIVATE_IP" -p tcp --dport 443 -j DNAT --to-destination 10.42.42.0:443
	sudo iptables-save


	## install longhorn storage class
	# k0s kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.8.1/deploy/longhorn.yaml

	# Add ubuntu user to docker group
	sudo usermod -aG docker ubuntu

	runcmd:
	- [ bash, /root/setup.sh ]