#cloud-config

write_files:
  - path: /opt/bin/kube-net-update.sh
    permissions: 0755
    content: |
      #!/bin/sh
      set -x -e
      nh=${ETCD_WATCH_KEY##*/}
      net=$ETCD_WATCH_VALUE
      case $ETCD_WATCH_ACTION in
      set) ip route replace $net via $nh dev eth2 metric 900 ;;
      expire) ip route del $net via $nh metric 900 ;;
      esac
  - path: /opt/bin/download-release.sh
    permissions: 0755
    content: |
      #!/bin/bash
      OBJECT_URL="CLOUD_FILES_URL"
      echo "Downloading release ($OBJECT_URL)"
      wget "${OBJECT_URL}" -O /opt/kubernetes.tar.gz
      echo "Unpacking release"
      rm -rf /opt/kubernetes || false
      tar xzf /opt/kubernetes.tar.gz -C /opt/

coreos:
  etcd:
    name: kubernetes-minion-INDEX
    discovery: https://discovery.etcd.io/DISCOVERY_ID
    addr: $private_ipv4:4001
    peer-addr: $private_ipv4:7001
    peer-bind-addr: $private_ipv4:7001

  fleet:
    public-ip: $private_ipv4
    metadata: kubernetes_role=minion

  update:
    reboot-strategy: etcd-lock

  units:
    - name: etcd.service
      command: start
    - name: fleet.service
      command: start
    - name: download-release.service
      command: start
      content: |
        [Unit]
        Description=Downloads Kubernetes Release
        After=network-online.target
        Requires=network-online.target
        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/bin/bash /opt/bin/download-release.sh
    - name: minion-kubelet.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Kubelet
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        After=network-online.target
        Requires=network-online.target
        After=docker.service
        Requires=docker.service
        After=download-release.service
        Requires=download-release.service
        [Service]
        ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kubelet /opt/bin/kubelet
        ExecStart=/opt/bin/kubelet --address=$private_ipv4 --hostname_override=$private_ipv4 --etcd_servers=http://127.0.0.1:4001 --logtostderr=true --config=/opt/kubernetes-manifests --cluster_dns=DNS_SERVER_IP --cluster_domain=DNS_DOMAIN
        Restart=always
        RestartSec=2
    - name: minion-proxy.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Proxy
        Documentation=https://github.com/GoogleCloudPlatform/kubernetes
        After=network-online.target
        Requires=network-online.target
        After=docker.service
        Requires=docker.service
        After=download-release.service
        Requires=download-release.service
        [Service]
        ExecStartPre=/usr/bin/ln -sf /opt/kubernetes/server/bin/kube-proxy /opt/bin/kube-proxy
        ExecStart=/opt/bin/kube-proxy --bind_address=$private_ipv4 --etcd_servers=http://127.0.0.1:4001 --logtostderr=true --v=2
        Restart=always
        RestartSec=2
    - name: minion-advertiser.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Minion Advertiser
        After=etcd.service
        Requires=etcd.service
        After=minion-kubelet.service
        [Service]
        ExecStart=/bin/sh -c 'while :; do etcdctl set /corekube/minions/$private_ipv4 $private_ipv4 --ttl 300; sleep 120; done'
        Restart=always
        RestartSec=120
    - name: net-advertiser.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Network Advertiser
        After=etcd.service
        Requires=etcd.service
        After=minion-kubelet.service
        [Service]
        ExecStart=/bin/sh -c 'eth2_ip=$$(ip -o -f inet a show dev eth2 | sed "s/.* inet \([0-9.]\+\).*/\1/"); while :; do etcdctl set /corekube/net/$$eth2_ip 10.240.INDEX.0/24 --ttl 300; sleep 120; done'
        Restart=always
        RestartSec=120
    - name: net-router.service
      command: start
      content: |
        [Unit]
        Description=Kubernetes Network Router
        After=etcd.service
        Requires=etcd.service
        After=minion-kubelet.service
        [Service]
        ExecStart=/usr/bin/etcdctl exec-watch --recursive /corekube/net -- /opt/bin/kube-net-update.sh
        Restart=always
        RestartSec=120
    - name: cbr0.netdev
      command: start
      content: |
        [NetDev]
        Kind=bridge
        Name=cbr0
    - name: cbr0.network
      command: start
      content: |
        [Match]
        Name=cbr0

        [Network]
        Address=10.240.INDEX.1/24
    - name: nat.service
      command: start
      content: |
        [Unit]
        Description=NAT container->outside traffic

        [Service]
        ExecStart=/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -s 10.240.INDEX.0/24 -j MASQUERADE
        ExecStart=/usr/sbin/iptables -t nat -A POSTROUTING -o eth1 -s 10.240.INDEX.0/24 -j MASQUERADE
        RemainAfterExit=yes
        Type=oneshot
    - name: docker.service
      command: start
      content: |
        [Unit]
        After=network.target
        Description=Docker Application Container Engine
        Documentation=http://docs.docker.io

        [Service]
        ExecStartPre=/bin/mount --make-rprivate /
        ExecStart=/usr/bin/docker -d -H fd:// -b cbr0 --iptables=false
        Restart=always
        RestartSec=30

        [Install]
        WantedBy=multi-user.target
    - name: format-data.service
      command: start
      content: |
        [Unit]
        Description=Formats data drive
        [Service]
        Type=oneshot
        RemainAfterExit=yes
        ExecStart=/usr/sbin/wipefs -f /dev/xvde1
        ExecStart=/usr/sbin/mkfs.btrfs -f /dev/xvde1
    - name: var-lib-docker-volumes.mount
      command: start
      content: |
        [Unit]
        Description=Mount data drive to /var/lib/docker/volumes
        Requires=format-data.service
        After=format-data.service
        Before=docker.service
        [Mount]
        What=/dev/xvde1
        Where=/var/lib/docker/volumes
        Type=btrfs