#cloud-config
package_update: true
package_upgrade: true
packages:
  # Update the apt package index and install packages needed to use the Docker and Kubernetes apt repositories over HTTPS
  - apt-transport-https
  - ca-certificates
  - curl
  - gnupg
  - lsb-release


# Let iptables see bridged traffic
# https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/#letting-iptables-see-bridged-traffic
write_files:
 - path: /etc/modules-load.d/k8s.conf
   content: |
    br_netfilter  
 
 - path: /etc/sysctl.d/k8s.conf
   content: |
    net.bridge.bridge-nf-call-ip6tables = 1
    net.bridge.bridge-nf-call-iptables = 1


# create the docker group
groups:
  - docker

# Add default auto created user to docker group
system_info:
  default_user:
    groups: [docker]

runcmd:
 - modprobe br_netfilter # Load br_netfilter module.
 #Docker
 - curl -fsSL https://get.docker.com -o get-docker.sh
 - sh get-docker.sh
 #Install packages
 - apt-get update -y # Update apt package index
 - curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.28/deb/Release.key | sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg
 - echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.28/deb/ /' | sudo tee /etc/apt/sources.list.d/kubernetes.list
 - apt-get update  # Update apt package index
 - apt-get install -y kubelet kubeadm kubectl
 - apt-mark hold kubelet kubeadm kubectl
 - sysctl --system # Reload settings from all system configuration files to take iptables configuration
 #find disabled_plugins in /etc/containerd/config.toml and remove it
  - sed -i '/disabled_plugins = \["cri"\]/d' /etc/containerd/config.toml
  #Restart containerd
  - systemctl restart containerd
 
###Execute on first node, replace advertise-addr. with internal ip to listen on for cluster communication, remove --skip-phases if you want to use a Network plugin other then cilium.
#sudo kubeadm init --pod-network-cidr=10.244.0.0/16 --apiserver-advertise-address=10.0.0.3 --skip-phases=addon/kube-proxy
#https://docs.cilium.io/en/stable/installation/k8s-install-kubeadm/


#outputs sth like this, execute it on all other nodes you want to join to the cluster
#kubeadm join 49.13.81.120:6443 --token f0g8qm.nrs313szon169kl6 \
#	--discovery-token-ca-cert-hash sha256:65b72eb016e2a5f07930790f2f93eba1f2189df40643a3830f9322cb6b57eb17


###After join on a selected node for acc. the kube-api
#mkdir -p $HOME/.kube
#sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#sudo chown $(id -u):$(id -g) $HOME/.kube/config