init: copy from lawndale-infra

kubelet.tf

@@ -0,0 +1,54 @@
+locals {
+  bootstrap_kubeconfig = <<EOM
+apiVersion: v1
+kind: Config
+clusters:
+- cluster:
+    certificate-authority: /var/lib/kubernetes/ca.pem
+    server: ${local.kubernetes_server}
+  name: bootstrap
+contexts:
+- context:
+    cluster: bootstrap
+    user: kubelet-bootstrap
+  name: bootstrap
+current-context: bootstrap
+preferences: {}
+users:
+- name: kubelet-bootstrap
+  user:
+    token: ${local.bootstrap_token}
+EOM
+
+  kubelet_config = yamlencode({
+    kind       = "KubeletConfiguration"
+    apiVersion = "kubelet.config.k8s.io/v1beta1"
+
+    authentication = {
+      anonymous = { enabled = false }
+      webhook   = { enabled = true }
+      x509 = {
+        clientCAFile = "/var/lib/kubernetes/ca.pem"
+      }
+    }
+    authorization = {
+      mode = "Webhook"
+    }
+
+    rotateCertificates = true
+    serverTLSBootstrap = true
+    clusterDomain      = "cluster.local"
+    clusterDNS         = [local.cluster_dns]
+    resolvConf         = "/run/systemd/resolve/resolv.conf"
+
+    maxPods = 110
+    systemReserved = {
+      cpu    = "200m"
+      memory = "128M"
+    }
+    kubeReserved = {
+      cpu    = "100m"
+      memory = "128M"
+    }
+  })
+}