Go.Rig-Operator/deploy/rancher/helm/rke2/templates/rke2_cp_secret.yaml

{{- range $i := until (.Values.control_plane.node_count | int) }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ $.Values.cluster_name }}-cp-{{ $i }}-cloudinit
  namespace: {{ $.Values.cluster_namespace }}
stringData:
  userdata: |
    #cloud-config
    {{- if $.Values.vm.qemu_agent_install }}
    package_update: true
    packages:
      - qemu-guest-agent
    {{- end }}
    write_files:
    {{- if $.Values.control_plane.files }}
{{ $.Values.control_plane.files | toYaml | indent 4 }}
    {{- end }}
    - path: /etc/rancher/rke2/config.yaml
      owner: root
      content: |
        token: {{ $.Values.shared_token }}
        {{- if ne $i 0 }}
        server: https://{{ $.Values.control_plane.vip }}:9345
        {{- end }}
        system-default-registry: {{ $.Values.system_default_registry }}
        tls-san:
          - {{ $.Values.cluster_name }}-cp-{{ $i }}
          - {{ $.Values.control_plane.vip }}
        secrets-encryption: true
        write-kubeconfig-mode: 0640
        use-service-account-credentials: true
    {{- if hasKey $.Values "registry_config" }}
    - path: /etc/rancher/rke2/registries.yaml
      owner: root
      content: |-
{{ $.Values.registry_config | toYaml | indent 8 }}
    {{- end }}
    - path: /etc/hosts
      owner: root
      content: |
        127.0.0.1 localhost
        127.0.0.1 {{$.Values.cluster_name }}-cp-{{ $i }}
    runcmd:
    {{- if $.Values.vm.qemu_agent_enable }}
    - - systemctl
      - enable
      - '--now'
      - qemu-guest-agent.service
    {{- end }}
    {{- if not $.Values.vm.airgapped_image }}
    - mkdir -p /var/lib/rancher/rke2-artifacts && wget https://raw.githubusercontent.com/rancher/rke2/refs/heads/master/install.sh -O /var/lib/rancher/install.sh && chmod +x /var/lib/rancher/install.sh
    {{- end}}
    - INSTALL_RKE2_VERSION={{ $.Values.rke2_version }} /var/lib/rancher/install.sh
    - systemctl enable rke2-server.service
    - useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
    - systemctl start rke2-server.service
    ssh_authorized_keys:
    - {{ $.Values.ssh_pub_key }}
  {{- if ne $.Values.control_plane.ipam "dhcp" }}
  {{- if hasKey $.Values.control_plane "network" }}
  networkdata: |
{{ index $.Values.control_plane.network $i | indent 4 }}
  {{- end}}
  {{- else}}
  networkdata: ""
  {{- end}}
{{- end}}
Drop initial code 2026-01-15 09:58:01 +00:00			`{{- range $i := until (.Values.control_plane.node_count \| int) }}`
			`---`
			`apiVersion: v1`
			`kind: Secret`
			`metadata:`
			`name: {{ $.Values.cluster_name }}-cp-{{ $i }}-cloudinit`
			`namespace: {{ $.Values.cluster_namespace }}`
			`stringData:`
			`userdata: \|`
			`#cloud-config`
			`{{- if $.Values.vm.qemu_agent_install }}`
			`package_update: true`
			`packages:`
			`- qemu-guest-agent`
			`{{- end }}`
			`write_files:`
			`{{- if $.Values.control_plane.files }}`
			`{{ $.Values.control_plane.files \| toYaml \| indent 4 }}`
			`{{- end }}`
			`- path: /etc/rancher/rke2/config.yaml`
			`owner: root`
			`content: \|`
			`token: {{ $.Values.shared_token }}`
			`{{- if ne $i 0 }}`
			`server: https://{{ $.Values.control_plane.vip }}:9345`
			`{{- end }}`
			`system-default-registry: {{ $.Values.system_default_registry }}`
			`tls-san:`
			`- {{ $.Values.cluster_name }}-cp-{{ $i }}`
			`- {{ $.Values.control_plane.vip }}`
			`secrets-encryption: true`
			`write-kubeconfig-mode: 0640`
			`use-service-account-credentials: true`
			`{{- if hasKey $.Values "registry_config" }}`
			`- path: /etc/rancher/rke2/registries.yaml`
			`owner: root`
			`content: \|-`
			`{{ $.Values.registry_config \| toYaml \| indent 8 }}`
			`{{- end }}`
			`- path: /etc/hosts`
			`owner: root`
			`content: \|`
			`127.0.0.1 localhost`
			`127.0.0.1 {{$.Values.cluster_name }}-cp-{{ $i }}`
			`runcmd:`
			`{{- if $.Values.vm.qemu_agent_enable }}`
			`- - systemctl`
			`- enable`
			`- '--now'`
			`- qemu-guest-agent.service`
			`{{- end }}`
			`{{- if not $.Values.vm.airgapped_image }}`
			`- mkdir -p /var/lib/rancher/rke2-artifacts && wget https://raw.githubusercontent.com/rancher/rke2/refs/heads/master/install.sh -O /var/lib/rancher/install.sh && chmod +x /var/lib/rancher/install.sh`
			`{{- end}}`
			`- INSTALL_RKE2_VERSION={{ $.Values.rke2_version }} /var/lib/rancher/install.sh`
			`- systemctl enable rke2-server.service`
			`- useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U`
			`- systemctl start rke2-server.service`
			`ssh_authorized_keys:`
			`- {{ $.Values.ssh_pub_key }}`
			`{{- if ne $.Values.control_plane.ipam "dhcp" }}`
			`{{- if hasKey $.Values.control_plane "network" }}`
			`networkdata: \|`
			`{{ index $.Values.control_plane.network $i \| indent 4 }}`
			`{{- end}}`
			`{{- else}}`
			`networkdata: ""`
			`{{- end}}`
			`{{- end}}`