variant: fcos
version: 1.5.0
systemd:
  units:
    - name: rpm-ostree-install-k3s-selinux.service
      enabled: true
      contents: |
        [Unit]
        Description=Layer k3s-selinux with rpm-ostree
        Wants=network-online.target
        After=network-online.target
        Before=zincati.service
        ConditionPathExists=!/var/lib/misc/%N.stamp

        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/rpm-ostree --idempotent install --apply-live --allow-inactive --assumeyes k3s-selinux
        ExecStart=/bin/touch /var/lib/misc/%N.stamp
        ExecStartPost=/usr/sbin/restorecon -Rv /usr/local/bin

        [Install]
        WantedBy=multi-user.target
    - name: k3s.service
      enabled: true
      contents: |
        [Unit]
        Description=Lightweight Kubernetes
        Documentation=https://k3s.io
        ConditionPathExists=/usr/share/selinux/packages/k3s.pp
        Wants=network-online.target
        After=network-online.target

        [Install]
        WantedBy=multi-user.target

        [Service]
        Type=notify
        EnvironmentFile=-/etc/default/%N
        EnvironmentFile=-/etc/sysconfig/%N
        EnvironmentFile=-/etc/systemd/system/k3s.service.env
        KillMode=process
        Delegate=yes
        # Having non-zero Limit*s causes performance problems due to accounting overhead
        # in the kernel. We recommend using cgroups to do container-local accounting.
        LimitNOFILE=1048576
        LimitNPROC=infinity
        LimitCORE=infinity
        TasksMax=infinity
        TimeoutStartSec=0
        Restart=always
        RestartSec=5s
        ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
        ExecStartPre=-/sbin/modprobe br_netfilter
        ExecStartPre=-/sbin/modprobe overlay
        ExecStart=/usr/local/bin/k3s \
            server \
          '--selinux'
storage:
  files:
    - path: /usr/local/bin/k3s
      mode: 0755
      contents:
        source: https://github.com/k3s-io/k3s/releases/download/v1.27.5+k3s1/k3s
        verification:
          hash: sha256-aa3387f1e01e21478d8042d6ab0cb25c299fe0920e2e30fc760ab36fb7a3d459
    - path: /usr/local/bin/k3s-killall.sh
      mode: 0755
      contents:
        local: k3s-killall.sh
    - path: /usr/local/bin/k3s-uninstall.sh
      mode: 0755
      contents:
        local: k3s-uninstall.sh
    - path: /etc/systemd/system/k3s.service.env
      mode: 0600
      contents:
        inline: ""
    - path: /etc/yum.repos.d/rancher-k3s-common.repo
      contents:
        inline: |
          [rancher-k3s-common-stable]
          name=Rancher K3s Common (stable)
          baseurl=https://rpm.rancher.io/k3s/stable/common/coreos/noarch
          enabled=1
          gpgcheck=1
          repo_gpgcheck=0
          gpgkey=https://rpm.rancher.io/public.key
  links:
    - path: /usr/local/bin/kubectl
      target: /usr/local/bin/k3s
    - path: /usr/local/bin/crictl
      target: /usr/local/bin/k3s