Switch to flannel, ignore k8s interfaces for zerotier, hard code dns for both k8s and docker due to systemd resolvd, and disable ipv6

terraform-code/user-data.sh

@@ -1,13 +1,43 @@
 #!/bin/bash
 apt-get update                                                  
-apt-get install python-dev python-pip curl sudo -y
+apt-get install python-dev python-pip curl sudo open-iscsi -y
+
+# Disable ipv6
+sysctl -w net.ipv6.conf.all.disable_ipv6=1
+sysctl -w net.ipv6.conf.default.disable_ipv6=1
+
+cat <<EOF > /etc/sysctl.d/ipv6.conf
+net.ipv6.conf.all.disable_ipv6 = 1
+net.ipv6.conf.default.disable_ipv6 = 1
+net.ipv6.conf.lo.disable_ipv6 = 1
+EOF
+
+# enable tun module
+modprobe tun
+cat <<EOF > /etc/modules-load.d/tun.conf
+tun
+EOF
+
+service networking restart
+
+# force zerotier to ignore kubernetes interfaces when it's looking for a gateway
+mkdir -p /var/lib/zerotier-one
+cat <<EOF > /var/lib/zerotier-one/local.conf
+{
+  "settings": {
+    "interfacePrefixBlacklist": [ "flannel", "veth", "cni", "docker" ],
+    "allowTcpFallbackRelay": false
+  }
+}
+EOF
+
+curl -s https://install.zerotier.com | bash
+zerotier-cli join ${zerotier_network}
 
 if ! which docker > /dev/null; then                                                                 
   curl -s -L https://raw.githubusercontent.com/rancher/install-docker/master/19.03.9.sh | bash      
 fi 
 
-curl -s https://install.zerotier.com | bash
-zerotier-cli join ${zerotier_network}
 user=debian
 if ! cat /etc/passwd | grep debian; then
   # Add the user (--gecos "" ensures that this runs non-interactively)
@@ -32,5 +62,11 @@ if ! cat /etc/passwd | grep debian; then
 fi
 usermod -a -G docker $user
 
-# for RKE
-# iptables -I INPUT -j ACCEPT
+mkdir -p /etc/docker
+cat <<EOF > /etc/docker/daemon.json
+{
+  "dns": ["1.1.1.1", "8.8.4.4"]
+}
+EOF
+
+service docker restart