From fbab4c60d7b6cb561e404c4a604b417bdd0fc85b Mon Sep 17 00:00:00 2001
From: Maciej Lebiest <szwendacz@maciej.cloud>
Date: Sat, 14 Dec 2024 19:22:26 +0100
Subject: [PATCH] coreos-ignition for k8s node

---
 k8s.json                  | 80 +++++++++++++++++++++++++++++++++++++++
 src/coreos-encrypted.yaml | 37 ++++++++++++++++++
 src/k8s.yaml              | 48 +++++++++++++++++++++++
 3 files changed, 165 insertions(+)
 create mode 100644 k8s.json
 create mode 100644 src/coreos-encrypted.yaml
 create mode 100644 src/k8s.yaml

diff --git a/k8s.json b/k8s.json
new file mode 100644
index 0000000..f962107
--- /dev/null
+++ b/k8s.json
@@ -0,0 +1,80 @@
+{
+    "ignition": {
+        "version": "3.5.0"
+    },
+    "passwd": {
+        "users": [
+            {
+                "name": "root",
+                "sshAuthorizedKeys": [
+                    "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADaetOnr6mX9T+wd0ltUAv0G9JxoIkWZMjTvvBRabNqtGVe+WK9y1ZLyee8XxmxoZaZ/r/qSycC/oY0+dl7xv9ZwQHlhMeo1YYIFPd/R1NZu9laYRA+CNTnx+amggXSxccvbIIAu8hs1cX+vad/AVthkDWptrw40RqYyV82cRfVRrvqrQ== maciej@fedora"
+                ]
+            }
+        ]
+    },
+    "storage": {
+        "disks": [
+            {
+                "device": "/dev/disk/by-id/coreos-boot-disk",
+                "partitions": [
+                    {
+                        "label": "root",
+                        "number": 4,
+                        "resize": true,
+                        "sizeMiB": 51200
+                    },
+                    {
+                        "label": "data",
+                        "number": 5,
+                        "resize": true,
+                        "sizeMiB": 0
+                    }
+                ]
+            }
+        ],
+        "filesystems": [
+            {
+                "device": "/dev/mapper/root",
+                "format": "btrfs",
+                "label": "root",
+                "mountOptions": [
+                    "noatime",
+                    "discard=async",
+                    "compress-force=zstd:1"
+                ],
+                "wipeFilesystem": true
+            },
+            {
+                "device": "/dev/mapper/data",
+                "format": "btrfs",
+                "label": "data",
+                "mountOptions": [
+                    "noatime",
+                    "discard=async"
+                ],
+                "wipeFilesystem": true
+            }
+        ],
+        "luks": [
+            {
+                "device": "/dev/disk/by-partlabel/root",
+                "discard": true,
+                "keyFile": {
+                    "compression": "",
+                    "source": "data:,changeme"
+                },
+                "label": "root",
+                "name": "root",
+                "wipeVolume": true
+            }
+        ]
+    },
+    "systemd": {
+        "units": [
+            {
+                "enabled": false,
+                "name": "zincati.service"
+            }
+        ]
+    }
+}
diff --git a/src/coreos-encrypted.yaml b/src/coreos-encrypted.yaml
new file mode 100644
index 0000000..fa555fd
--- /dev/null
+++ b/src/coreos-encrypted.yaml
@@ -0,0 +1,37 @@
+variant: fcos
+version: 1.6.0
+passwd:
+  users:
+  - name: root
+    ssh_authorized_keys:
+    - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADaetOnr6mX9T+wd0ltUAv0G9JxoIkWZMjTvvBRabNqtGVe+WK9y1ZLyee8XxmxoZaZ/r/qSycC/oY0+dl7xv9ZwQHlhMeo1YYIFPd/R1NZu9laYRA+CNTnx+amggXSxccvbIIAu8hs1cX+vad/AVthkDWptrw40RqYyV82cRfVRrvqrQ== maciej@fedora
+storage:
+  disks:
+  - device: /dev/disk/by-id/coreos-boot-disk
+    partitions:
+    - label: root
+      number: 4
+      # 0 means to use all available space
+      size_mib: 0
+      resize: true
+  filesystems:
+  - device: /dev/mapper/root
+    format: btrfs
+    mount_options:
+    - noatime
+    - discard=async
+    - compress-force=zstd:1
+    wipe_filesystem: true
+    label: root
+  luks:
+  - name: root
+    label: root
+    device: /dev/disk/by-partlabel/root
+    discard: true
+    key_file:
+      inline: changeme
+    wipe_volume: true
+systemd:
+  units:
+  - name: "zincati.service"
+    enabled: false
diff --git a/src/k8s.yaml b/src/k8s.yaml
new file mode 100644
index 0000000..4ad66a2
--- /dev/null
+++ b/src/k8s.yaml
@@ -0,0 +1,48 @@
+variant: fcos
+version: 1.6.0
+passwd:
+  users:
+  - name: root
+    ssh_authorized_keys:
+    - ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBADaetOnr6mX9T+wd0ltUAv0G9JxoIkWZMjTvvBRabNqtGVe+WK9y1ZLyee8XxmxoZaZ/r/qSycC/oY0+dl7xv9ZwQHlhMeo1YYIFPd/R1NZu9laYRA+CNTnx+amggXSxccvbIIAu8hs1cX+vad/AVthkDWptrw40RqYyV82cRfVRrvqrQ== maciej@fedora
+storage:
+  disks:
+  - device: /dev/disk/by-id/coreos-boot-disk
+    partitions:
+    - label: root
+      number: 4
+      size_mib: 51200 # 50GiB
+      resize: true
+    - label: data
+      number: 5
+      # 0 means to use all available space
+      size_mib: 0
+      resize: true
+  filesystems:
+  - device: /dev/mapper/root
+    format: btrfs
+    mount_options:
+    - noatime
+    - discard=async
+    - compress-force=zstd:1
+    wipe_filesystem: true
+    label: root
+  - device: /dev/mapper/data
+    format: btrfs
+    mount_options:
+    - noatime
+    - discard=async
+    wipe_filesystem: true
+    label: data
+  luks:
+  - name: root
+    label: root
+    device: /dev/disk/by-partlabel/root
+    discard: true
+    key_file:
+      inline: changeme
+    wipe_volume: true
+systemd:
+  units:
+  - name: "zincati.service"
+    enabled: false