#cloud-config
bootcmd:
- [ dnf, module, enable, 'cri-o:1.22', -y ]
- [ ln, -sf, /run/systemd/resolve/stub-resolv.conf, /etc/resolv.conf ]

packages:
- cri-o
- cri-tools
- ethtool
- iptables-nft
- iscsi-initiator-utils
- kubernetes-kubeadm
- kubernetes-node
- wireguard-tools

write_files:
- path: /etc/dnf/dnf.conf
  content: |+
    install_weak_deps=False
  append: true
- path: /etc/modules-load.d/k8s.conf
  content: |+
    br_netfilter
- path: /etc/sysctl.d/k8s.conf
  content: |+
    net.bridge.bridge-nf-call-iptables = 1
    net.bridge.bridge-nf-call-ip6tables = 1
    net.ipv4.ip_forward = 1
- path: /var/lib/cloud/scripts/per-instance/kubeadm-join
  permissions: '0755'
  content: |+
    #!/bin/sh

    BASE_URL=https://dynk8s-provisioner.pyrocufflink.net

    instance_id=$(curl -s 169.254.169.254/latest/meta-data/instance-id)
    az=$(curl -s 169.254.169.254/latest/meta-data/placement/availability-zone)

    curl -fs "${BASE_URL}"/wireguard/config/${instance_id} \
        -o /etc/wireguard/wg0.conf || exit
    systemctl enable --now wg-quick@wg0 || exit

    modprobe br_netfilter || exit
    sysctl -w -f /etc/sysctl.d/k8s.conf || exit

    swapoff -a || exit
    touch /etc/systemd/zram-generator.conf || exit
    systemctl daemon-reload || exit
    systemctl stop 'systemd-zram-setup@*' || exit

    systemctl enable crio iscsid kubelet || exit
    systemctl start crio iscsid || exit

    internal_ip=$(
      ip address show dev wg0 primary | \
      sed -rn 's/.*inet ([0-9.]+).*/\1/p'
    )

    cat > /run/joinconfiguration <<EOF
    apiVersion: kubeadm.k8s.io/v1beta3
    kind: JoinConfiguration
    nodeRegistration:
      kubeletExtraArgs:
        provider-id: aws:///${az}/${instance_id}
        node-ip: ${internal_ip}
    discovery:
      file:
        kubeConfigPath: ${BASE_URL}/kubeadm/kubeconfig/${instance_id}
    EOF
    kubeadm join --config=/run/joinconfiguration

runcmd:
- [ dnf, remove, -y, zram-generator ]