Go.Rig-Operator/deploy/rancher/helm/rke2/templates/rke2_cp_secret.yaml

{{- range $i := until (.Values.control_plane.node_count | int) }}
---
apiVersion: v1
kind: Secret
metadata:
  name: {{ $.Values.cluster_name }}-cp-{{ $i }}-cloudinit
  namespace: {{ $.Values.cluster_namespace }}
stringData:
  userdata: |
    #cloud-config
    {{- if $.Values.vm.qemu_agent_install }}
    package_update: true
    packages:
      - qemu-guest-agent
    {{- end }}
    write_files:
    {{- if $.Values.control_plane.files }}
{{ $.Values.control_plane.files | toYaml | indent 4 }}
    {{- end }}
    - path: /etc/rancher/rke2/config.yaml
      owner: root
      content: |
        token: {{ $.Values.shared_token }}
        {{- if ne $i 0 }}
        server: https://{{ $.Values.control_plane.vip }}:9345
        {{- end }}
        system-default-registry: {{ $.Values.system_default_registry }}
        tls-san:
          - {{ $.Values.cluster_name }}-cp-{{ $i }}
          - {{ $.Values.control_plane.vip }}
        secrets-encryption: true
        write-kubeconfig-mode: 0640
        use-service-account-credentials: true
    {{- if hasKey $.Values "registry_config" }}
    - path: /etc/rancher/rke2/registries.yaml
      owner: root
      content: |-
{{ $.Values.registry_config | toYaml | indent 8 }}
    {{- end }}
    - path: /etc/hosts
      owner: root
      content: |
        127.0.0.1 localhost
        127.0.0.1 {{$.Values.cluster_name }}-cp-{{ $i }}
    runcmd:
    {{- if $.Values.vm.qemu_agent_enable }}
    - - systemctl
      - enable
      - '--now'
      - qemu-guest-agent.service
    {{- end }}
    {{- if not $.Values.vm.airgapped_image }}
    - mkdir -p /var/lib/rancher/rke2-artifacts && wget https://raw.githubusercontent.com/rancher/rke2/refs/heads/master/install.sh -O /var/lib/rancher/install.sh && chmod +x /var/lib/rancher/install.sh
    {{- end}}
    - INSTALL_RKE2_VERSION={{ $.Values.rke2_version }} /var/lib/rancher/install.sh
    - systemctl enable rke2-server.service
    - useradd -r -c "etcd user" -s /sbin/nologin -M etcd -U
    - systemctl start rke2-server.service
    ssh_authorized_keys:
    - {{ $.Values.ssh_pub_key }}
  {{- if ne $.Values.control_plane.ipam "dhcp" }}
  {{- if hasKey $.Values.control_plane "network" }}
  networkdata: |
{{ index $.Values.control_plane.network $i | indent 4 }}
  {{- end}}
  {{- else}}
  networkdata: ""
  {{- end}}
{{- end}}