variant: fcos
version: 1.5.0
passwd:
  users:
    - name: core
      ssh_authorized_keys:
        - "ssh-rsa YOUR_PUBLIC_SSH_KEY_HERE"

storage:
  files:
    # Load required kernel modules for Kubernetes/CRI-O
    - path: /etc/modules-load.d/k8s.conf
      mode: 0644
      contents:
        inline: |
          overlay
          br_netfilter

    # Configure Sysctl for networking
    - path: /etc/sysctl.d/k8s.conf
      mode: 0644
      contents:
        inline: |
          net.bridge.bridge-nf-call-iptables  = 1
          net.bridge.bridge-nf-call-ip6tables = 1
          net.ipv4.ip_forward                 = 1
          
    # Configure zincati to check airlock before rebooting after update
    - path: /etc/zincati/config.d/50-strategy-fleetlock.toml
      contents:
      inline: |
        [updates]
        strategy = "fleetlock"
        [updates.fleetlock]
        base_url = "http://airlock.example.com/v1/pre-reboot"

systemd:
  units:
    # Ensure CRI-O (Container Runtime) is enabled and started
    - name: crio.service
      enabled: true

    # Kubelet Service definition
    - name: kubelet.service
      enabled: true
      contents: |
        [Unit]
        Description=Kubernetes Kubelet
        Documentation=https://github.com/kubernetes/kubernetes
        After=crio.service
        Requires=crio.service

        [Service]
        ExecStartPre=/usr/bin/mkdir -p /etc/kubernetes/manifests
        ExecStart=/usr/bin/kubelet \
          --container-runtime-endpoint=unix:///var/run/crio/crio.sock \
          --register-node=true \
          --v=2
        Restart=always
        StartLimitInterval=0
        RestartSec=10

        [Install]
        WantedBy=multi-user.target