init

Readme.md

@@ -0,0 +1,16 @@
+# Configs
+
+## Hypervisor
+
+Configurations made on the VM hypervisor.
+
+- [HAProxy](hypervisor/haproxy/Readme.md)
+- [interfaces](hypervisor/interfaces/Readme.md)
+- [VM routing](hypervisor/routing/Readme.md)
+
+## K8s
+
+Configurations and services for k8s.
+
+- [Traefik](k8s/traefik/Readme.md)
+- [ZFS-provisioner](k8s/zfs-provisioner/Readme.md)

hypervisor/haproxy/Readme.md

@@ -0,0 +1,20 @@
+# HAProxy
+
+The loadbalancer running on the hypervisor, this forwards traffic to all the nodes.
+
+## Requirements
+
+- [docker](https://docs.docker.com/engine/install/debian/)
+
+## Install
+
+```sh
+# copy to /opt/haproxy on the hypervisor
+docker compose up -d
+```
+
+## Config
+
+- Add ports to *docker-compose.yml* 'ports' section.
+- Add backend to *haproxy.conf* with all the nodes' IPs.
+- Make sure to match it with the traefik or service definitions in k8s.

hypervisor/haproxy/docker-compose.yml

@@ -0,0 +1,9 @@
+services:
+  haproxy:
+    image: haproxy:3.1
+    restart: always
+    ports:
+      - 80:80/tcp
+      - 443:443/tcp
+    volumes:
+      - ./haproxy.conf:/usr/local/etc/haproxy/haproxy.cfg:ro

hypervisor/haproxy/haproxy.conf

@@ -0,0 +1,29 @@
+global
+    daemon
+    maxconn 2048
+
+defaults
+    mode tcp
+    timeout connect 5s
+    timeout client  30s
+    timeout server  30s
+
+frontend http
+    bind *:80
+    default_backend traefik_http
+
+frontend https
+    bind *:443
+    default_backend traefik_https
+
+backend traefik_http
+    balance roundrobin
+    server node1 192.168.123.28:30080 check
+    server node2 192.168.123.27:30080 check
+    server node3 192.168.123.42:30080 check
+
+backend traefik_https
+    balance roundrobin
+    server node1 192.168.123.28:30443 check
+    server node2 192.168.123.27:30443 check
+    server node3 192.168.123.42:30443 check

hypervisor/interfaces/10-lan0.link

@@ -0,0 +1,6 @@
+[Match]
+MACAddress=1c:98:ec:12:50:60
+
+[Link]
+Name=lan0
+WakeOnLan=magic

hypervisor/interfaces/10-lan1.link

@@ -0,0 +1,6 @@
+[Match]
+MACAddress=1c:98:ec:12:50:61
+
+[Link]
+Name=lan1
+WakeOnLan=magic

hypervisor/interfaces/10-lan2.link

@@ -0,0 +1,6 @@
+[Match]
+MACAddress=1c:98:ec:12:50:62
+
+[Link]
+Name=lan2
+WakeOnLan=magic

hypervisor/interfaces/10-lan3.link

@@ -0,0 +1,6 @@
+[Match]
+MACAddress=1c:98:ec:12:50:63
+
+[Link]
+Name=lan3
+WakeOnLan=magic

hypervisor/interfaces/20-lan.network

@@ -0,0 +1,5 @@
+[Match]
+Name=lan*
+
+[Network]
+Bridge=br0

hypervisor/interfaces/30-br0.netdev

@@ -0,0 +1,4 @@
+[NetDev]
+Name=br0
+Kind=bridge
+MACAddress=none

hypervisor/interfaces/40-br0.link

@@ -0,0 +1,5 @@
+[Match]
+OriginalName=br0
+
+[Link]
+MACAddressPolicy=none

hypervisor/interfaces/50-br0.network

@@ -0,0 +1,10 @@
+[Match]
+Name=br0
+
+[Network]
+Address=192.168.1.232/24
+Gateway=192.168.1.1
+DNS=192.168.1.1
+DNS=1.1.1.3#family.cloudflare-dns.com
+DNS=1.0.0.3#family.cloudflare-dns.com
+DNSOverTLS=yes

hypervisor/interfaces/60-vm0.netdev

@@ -0,0 +1,4 @@
+[NetDev]
+Name=vm0
+Kind=bridge
+MACAddress=none

hypervisor/interfaces/70-vm0.link

@@ -0,0 +1,5 @@
+[Match]
+OriginalName=vm0
+
+[Link]
+MACAddressPolicy=none

hypervisor/interfaces/80-vm0.network

@@ -0,0 +1,6 @@
+[Match]
+Name=vm0
+
+[Network]
+Address=192.168.123.1/24
+Gateway=192.168.1.1

hypervisor/interfaces/Readme.md

@@ -0,0 +1,17 @@
+# Network interfaces
+
+## Requirements
+
+- systemd-networkd
+
+## Configure
+
+```sh
+# copy files to /etc/systemd/network
+# change mac addresses if needed
+# change 50-br0.network as desired
+systemctl mask NetworkManager.service
+systemctl disable NetworkManager.service
+systemctl enable --now systemd-networkd.service
+update-initramfs -u -a
+```

hypervisor/routing/Readme.md

@@ -0,0 +1,19 @@
+# VM routing
+
+Enable IPv4 forwarding for VM access from outside for NAT.
+
+## Requirements
+
+- iptables-persistent
+- libvirt
+- systemd-newtorkd
+
+## Configure
+
+Change the IP ranges and the LAN intreface (eg. br0) of the hypervisor in the commands.
+
+```sh
+iptables -I FORWARD -s 192.168.1.0/24 -d 192.168.123.0/24 -j ACCEPT
+iptables -t nat -A POSTROUTING -s 192.168.123.0/24 -o br0 -j MASQUERADE
+netfilter-persistent save
+```

k8s/keepalived/keepalived.yml

@@ -0,0 +1,159 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: keepalived
+
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: keepalived
+  namespace: keepalived
+data:
+  keepalived-generic.conf: |-
+    global_defs {
+        default_interface $INTERFACE
+        enable_script_security 
+    }
+
+    vrrp_instance VI_1 {
+        state BACKUP
+        interface $INTERFACE
+        virtual_router_id 172
+        priority 20
+        advert_int 3
+        authentication {
+            auth_type PASS
+            auth_pass $PASSWORD
+        }
+
+        virtual_ipaddress {
+            $VIP label $INTERFACE:PUB_VIP
+        }
+    }
+
+  init.sh: |-
+    #!/bin/sh
+    set -e
+    cat /keepalived-generic.conf | sed -e "s/\$INTERFACE/$INTERFACE/g" -e "s/\$PASSWORD/$PASSWORD/g" -e "s/\$VIP/$VIP/g" > /keepalived.conf
+    chown root /keepalived.conf && chmod 600 /keepalived.conf
+
+---
+
+apiVersion: v1
+kind: Secret
+metadata:
+  name: keepalived
+  namespace: keepalived
+type: Opaque
+data:
+  password: WXVjaDVkb28=
+
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  labels:
+    app: keepalived
+  name: keepalived-public
+  namespace: keepalived
+spec:
+  selector:
+    matchLabels:
+      app: keepalived
+  template:
+    metadata:
+      labels:
+        app: keepalived
+    spec:
+      initContainers:
+        - image: lettore/keepalived:latest
+          imagePullPolicy: Always
+          name: generate-config
+          command: ["/bin/bash", "/init.sh"]
+          env:
+            - name: VIP
+              value: 192.168.123.240
+            - name: INTERFACE
+              value: lan0
+            - name: PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: keepalived
+                  key: password
+          volumeMounts:
+            - mountPath: /keepalived.conf
+              name: generated-config
+            - mountPath: /keepalived-generic.conf
+              name: generic-config
+              subPath: keepalived-generic.conf
+            - mountPath: /init.sh
+              name: init
+              subPath: init.sh
+      containers:
+        - image: lettore/keepalived:latest
+          imagePullPolicy: Always
+          livenessProbe:
+            exec:
+              command:
+                - pidof
+                - keepalived
+            failureThreshold: 3
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            successThreshold: 1
+            timeoutSeconds: 1
+          name: keepalived
+          resources: {}
+          securityContext:
+            capabilities:
+              add:
+                - NET_ADMIN
+            privileged: true
+          terminationMessagePath: /dev/termination-log
+          terminationMessagePolicy: File
+          volumeMounts:
+            - mountPath: /etc/localtime
+              name: host-localtime
+            - mountPath: /usr/local/etc/keepalived/keepalived.conf
+              name: generated-config
+      dnsPolicy: ClusterFirstWithHostNet
+      hostNetwork: true
+      priorityClassName: system-cluster-critical
+      restartPolicy: Always
+      schedulerName: default-scheduler
+      securityContext: {}
+      terminationGracePeriodSeconds: 30
+      tolerations:
+        - key: CriticalAddonsOnly
+          operator: Exists
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/master
+        - effect: NoSchedule
+          key: node-role.kubernetes.io/control-plane
+      volumes:
+        - name: generic-config
+          configMap:
+            name: keepalived
+            items:
+              - key: keepalived-generic.conf
+                path: keepalived-generic.conf
+        - name: init
+          configMap:
+            name: keepalived
+            items:
+              - key: init.sh
+                path: init.sh
+        - name: generated-config
+          hostPath:
+            path: /tmp/keepalived.conf
+            type: FileOrCreate
+        - name: host-localtime
+          hostPath:
+            path: /etc/localtime
+            type: ""
+  updateStrategy:
+    rollingUpdate:
+      maxSurge: 0
+      maxUnavailable: 100%
+    type: RollingUpdate

k8s/traefik/Readme.md

@@ -0,0 +1,21 @@
+# Traefik
+
+This service provides ingress routing for other services.\
+Exposed ports need to be added to the load balancer's config (eg. HAproxy on the VM hypervisor).
+
+## Requirements
+
+- keepalived -> moving VirtualIP
+
+## Configure
+
+- match virtual IP to externalIPs
+
+## Install
+
+```sh
+kubectl create namespace traefik
+helm repo add traefik https://traefik.github.io/charts
+helm repo update
+helm install traefik traefik/traefik --namespace=traefik -f values.yml
+```

k8s/traefik/values.yml

@@ -0,0 +1,27 @@
+deployment:
+  enabled: true
+  kind: DaemonSet
+service:
+  type: LoadBalancer
+  externalIPs:
+    - 192.168.123.240
+ports:
+  web:
+    nodePort: 30080
+  websecure:
+    nodePort: 30443
+  dns:
+    port: 30053
+    exposedPort: 53
+    expose:
+      default: true
+    protocol: UDP
+  dns-tcp:
+    port: 30053
+    exposedPort: 53
+    expose:
+      default: true
+    protocol: TCP
+additionalArguments:
+  - "--entryPoints.dns.address=:30053/udp"
+  - "--entryPoints.dns-tcp.address=:30053/tcp"

k8s/zfs-provisioner/Readme.md

@@ -0,0 +1,36 @@
+# ZFS-provisioner
+
+## Requirements
+
+- ZFS on storage server
+- nfs-kernel-server on storage server
+- sudo on storage server
+
+## Install
+
+- Add user `adduser zfs-provisioner`
+- Configure sudo on storage server:
+
+`echo "zfs-provisioner ALL=(ALL) NOPASSWD:/sbin/zfs *,/bin/chmod *" > /etc/sudoers.d/zfs-provisioner`
+
+- Generate an ssh keypair: `ssh-keygen`
+- Edit *values.yml*
+  - hostAliases: IP and name of hypervisor or storage server
+  - ssh.identities.id_rsa: generated private key
+  - ssh.knownHosts: public machine key of storage server (*/etc/ssh/ssh_host_rsa_key.pub*)
+- Install
+
+```sh
+kubectl create namespace zfs-provisioner
+
+helm repo add zfs-provisioner https://ccremer.github.io/kubernetes-zfs-provisioner
+
+helm install kubernetes-zfs-provisioner --namespace zfs-provisioner zfs-provisioner/kubernetes-zfs-provisioner -f values.yml
+```
+
+- Edit *storage-class.yml* and create the storage class
+  - parameters
+    - hostname: hostname of stroage server (make sure it resolves!)
+    - parentDataset: used ZFS dataset
+
+`kubectl apply -f storage-class.yml`

k8s/zfs-provisioner/ssh/id_rsa

@@ -0,0 +1,38 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+NhAAAAAwEAAQAAAYEAw/7+PGR7He/I/TB4kCZQn/iPuaMuokBcZUZaw8QkyBItV0JOepvt
+Bhc3Fax9D/woRpQCNrJvV1z+7WLGqoy+Ha3ccRXnlhphGbK1kLeHAjsEBkPf5LxFtQ+3Wk
+u4hH6WxvNG5S8IM00CbF0vsiMTZJlCsVBZZym1f5btO11jv+2dG4f/EVhjk4itqZb17cIq
+wI3LiuhCMwlwusSpeDUFBm8NyXDEo5E02ugFKkSUUBBfPEdWIxAxXLJLGsfSL+SgVM75yl
+Z53nw0gYqfTGBWtfsTZi3CWoQzb3rwSnEKaH3rpHm3u6YdBxZ63zFcWzSzHTV88r3QCTlP
+xSqAvjeOoNh4+ATExfuorsORwbelvUEnUw14HJ5cpQRe0zG0J3Ip/INW+7hym6wu40FV2m
+Xk2iU/51FA4XYx4a1PM2Abt1MgsM/6sgVIzG62lqAmp5aZ0z4QXSdYgsTna7kOqfT6bHD0
+oTQmAkuKvd/Fxi58E1I7hNQILTR/QIZVrQ1+Wi5dAAAFiF5bwL5eW8C+AAAAB3NzaC1yc2
+EAAAGBAMP+/jxkex3vyP0weJAmUJ/4j7mjLqJAXGVGWsPEJMgSLVdCTnqb7QYXNxWsfQ/8
+KEaUAjayb1dc/u1ixqqMvh2t3HEV55YaYRmytZC3hwI7BAZD3+S8RbUPt1pLuIR+lsbzRu
+UvCDNNAmxdL7IjE2SZQrFQWWcptX+W7TtdY7/tnRuH/xFYY5OIramW9e3CKsCNy4roQjMJ
+cLrEqXg1BQZvDclwxKORNNroBSpElFAQXzxHViMQMVyySxrH0i/koFTO+cpWed58NIGKn0
+xgVrX7E2YtwlqEM2968EpxCmh966R5t7umHQcWet8xXFs0sx01fPK90Ak5T8UqgL43jqDY
+ePgExMX7qK7DkcG3pb1BJ1MNeByeXKUEXtMxtCdyKfyDVvu4cpusLuNBVdpl5NolP+dRQO
+F2MeGtTzNgG7dTILDP+rIFSMxutpagJqeWmdM+EF0nWILE52u5Dqn0+mxw9KE0JgJLir3f
+xcYufBNSO4TUCC00f0CGVa0NflouXQAAAAMBAAEAAAGAUgVKG7fpFfQc5mf8bEa8gtWgQA
+2cHGZWxEMXBMn2oouI0fV7pi/Olzfr43QVujTKHg8ehglSMvtF683kWccgYIc7s095ZQWR
+ERIKjY9gPny4CG8rKSvo+AalsnHxu/DF5Gg2iP6PrfhSRUsSBLhNC1Jf6Jg5ccSwob5ldO
+x2LAGiN71H7thQg5M1Kb11GZSiE4bDYVQlL/qJZH+cdCOsAK9E08IPaGwB9IIYd0HP11mi
+oTUxROcn4STz7TcmLMi921jpm8tPqhjKVJK58T4xDgWZHOwQF7C0aGLL0jQVOlTd+kQKrc
+iGSEoanUMSm/mHF3P9Z8Gvkw+jp8cLyU2rT9KQtWHxOny/CFfI5odkpJq7RMYlDGA63ExM
+0Y5wbK8PJaMQ5HEI3A4w+5Oe9X3g50mCnXlvE7jCc7qAbm9FO8akU20Cyjt9o+8/1CMwVA
+Gp5+/k9QoRmYOKSNAQ3jCMBatu71IiWw+XwvoQKpDHyHVq264KoZNJwjbsJesolnA5AAAA
+wAPm6PW8RduSuc2QfkKn4fSIXNzZdjWwdcWoGnuQoT7X5gxDWLQZX+RfUcZcWpDfRKpG1L
+FDDiFgMMeHzKsJJRGofC1aE2QXBLi3SEg7pOYFj42DnsxVJduf75pl1IGysCtqo9s46DGC
+Sg0hrpxqPxZZ6mollKR3Y7UK3m3Dgg0+ViL4DZfc/1dFPuVMhIhR/VI5qsU0gYENgYkaSD
+IrqS+Cpauedo0iUnYgvVDgO6QjSKahadpRxbSFH7invv/JQQAAAMEA+ns3PAvfnqFdL+XZ
+M2LsZDAZLXQswoZpWHN/q64LicPaKOuCsZSYyvWlPSaS5fXfTkoTQl7v6lucpiLLmt/vn2
+HOBkSJ4WB/w/kKrGfPsZaHduTWothKnC4EaVKUBM7T4dmfvo92Rb4eelrgnIe7hyuz4byh
+z9GXp8BAJ7fcQdarvl6YSBxtIKQR/3TDvenHbJGYXnZp2KItfCQYWs6E4GU/VDLyY1G/l5
+HWqnZ2kvAGexM/TVaQM845a6ZiE71bAAAAwQDIUHclwiQ27VZmmTHQjiFOKkTj8NCRzf9S
+dUOoQ8tXYUJ+zbocBCY7VzBBYUdnbfSGXTBXiT2HxWyPXr5pui9C5cIv35GRAlg7Po8WzX
+av9FQbsVwi5cuTMmDH5IVYUIZbAtCwRS54Bv7Th1GX4Q0kgVeJIuzxWR/ZqaoPMDaLWRkP
+en4bJRotpAnyctN44W4nyBu6Ezv0qwH0kCYPg9rzreAGmJsDoucvLG6lINKeVdFWqJZmDm
+c5EajNWQLVeKcAAAARbGFjaUByeXplbi1kZWJpYW4BAg==
+-----END OPENSSH PRIVATE KEY-----

k8s/zfs-provisioner/ssh/id_rsa.pub

@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDD/v48ZHsd78j9MHiQJlCf+I+5oy6iQFxlRlrDxCTIEi1XQk56m+0GFzcVrH0P/ChGlAI2sm9XXP7tYsaqjL4drdxxFeeWGmEZsrWQt4cCOwQGQ9/kvEW1D7daS7iEfpbG80blLwgzTQJsXS+yIxNkmUKxUFlnKbV/lu07XWO/7Z0bh/8RWGOTiK2plvXtwirAjcuK6EIzCXC6xKl4NQUGbw3JcMSjkTTa6AUqRJRQEF88R1YjEDFcsksax9Iv5KBUzvnKVnnefDSBip9MYFa1+xNmLcJahDNvevBKcQpofeukebe7ph0HFnrfMVxbNLMdNXzyvdAJOU/FKoC+N46g2Hj4BMTF+6iuw5HBt6W9QSdTDXgcnlylBF7TMbQncin8g1b7uHKbrC7jQVXaZeTaJT/nUUDhdjHhrU8zYBu3UyCwz/qyBUjMbraWoCanlpnTPhBdJ1iCxOdruQ6p9PpscPShNCYCS4q938XGLnwTUjuE1AgtNH9AhlWtDX5aLl0= laci@ryzen-debian

k8s/zfs-provisioner/storage-class.yml

@@ -0,0 +1,12 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: zfs-nfs
+provisioner: pv.kubernetes.io/zfs
+reclaimPolicy: Delete
+parameters:
+  parentDataset: tank/cluster
+  hostname: bigboss
+  type: nfs
+  shareProperties: rw,no_root_squash # no_root_squash by default sets mode to 'ro'
+  reserveSpace: "false"

k8s/zfs-provisioner/values.yml

@@ -0,0 +1,60 @@
+rbac:
+  create: true
+
+hostAliases:
+  192.168.123.1:
+    - bigboss
+
+podSecurityContext:
+  fsGroup: 100
+
+ssh:
+  config: |-
+    Host bigboss
+      IdentityFile ~/.ssh/id_rsa
+      User zfs-provisioner
+
+  identities:
+    id_rsa: |
+      -----BEGIN OPENSSH PRIVATE KEY-----
+      b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
+      NhAAAAAwEAAQAAAYEAw/7+PGR7He/I/TB4kCZQn/iPuaMuokBcZUZaw8QkyBItV0JOepvt
+      Bhc3Fax9D/woRpQCNrJvV1z+7WLGqoy+Ha3ccRXnlhphGbK1kLeHAjsEBkPf5LxFtQ+3Wk
+      u4hH6WxvNG5S8IM00CbF0vsiMTZJlCsVBZZym1f5btO11jv+2dG4f/EVhjk4itqZb17cIq
+      wI3LiuhCMwlwusSpeDUFBm8NyXDEo5E02ugFKkSUUBBfPEdWIxAxXLJLGsfSL+SgVM75yl
+      Z53nw0gYqfTGBWtfsTZi3CWoQzb3rwSnEKaH3rpHm3u6YdBxZ63zFcWzSzHTV88r3QCTlP
+      xSqAvjeOoNh4+ATExfuorsORwbelvUEnUw14HJ5cpQRe0zG0J3Ip/INW+7hym6wu40FV2m
+      Xk2iU/51FA4XYx4a1PM2Abt1MgsM/6sgVIzG62lqAmp5aZ0z4QXSdYgsTna7kOqfT6bHD0
+      oTQmAkuKvd/Fxi58E1I7hNQILTR/QIZVrQ1+Wi5dAAAFiF5bwL5eW8C+AAAAB3NzaC1yc2
+      EAAAGBAMP+/jxkex3vyP0weJAmUJ/4j7mjLqJAXGVGWsPEJMgSLVdCTnqb7QYXNxWsfQ/8
+      KEaUAjayb1dc/u1ixqqMvh2t3HEV55YaYRmytZC3hwI7BAZD3+S8RbUPt1pLuIR+lsbzRu
+      UvCDNNAmxdL7IjE2SZQrFQWWcptX+W7TtdY7/tnRuH/xFYY5OIramW9e3CKsCNy4roQjMJ
+      cLrEqXg1BQZvDclwxKORNNroBSpElFAQXzxHViMQMVyySxrH0i/koFTO+cpWed58NIGKn0
+      xgVrX7E2YtwlqEM2968EpxCmh966R5t7umHQcWet8xXFs0sx01fPK90Ak5T8UqgL43jqDY
+      ePgExMX7qK7DkcG3pb1BJ1MNeByeXKUEXtMxtCdyKfyDVvu4cpusLuNBVdpl5NolP+dRQO
+      F2MeGtTzNgG7dTILDP+rIFSMxutpagJqeWmdM+EF0nWILE52u5Dqn0+mxw9KE0JgJLir3f
+      xcYufBNSO4TUCC00f0CGVa0NflouXQAAAAMBAAEAAAGAUgVKG7fpFfQc5mf8bEa8gtWgQA
+      2cHGZWxEMXBMn2oouI0fV7pi/Olzfr43QVujTKHg8ehglSMvtF683kWccgYIc7s095ZQWR
+      ERIKjY9gPny4CG8rKSvo+AalsnHxu/DF5Gg2iP6PrfhSRUsSBLhNC1Jf6Jg5ccSwob5ldO
+      x2LAGiN71H7thQg5M1Kb11GZSiE4bDYVQlL/qJZH+cdCOsAK9E08IPaGwB9IIYd0HP11mi
+      oTUxROcn4STz7TcmLMi921jpm8tPqhjKVJK58T4xDgWZHOwQF7C0aGLL0jQVOlTd+kQKrc
+      iGSEoanUMSm/mHF3P9Z8Gvkw+jp8cLyU2rT9KQtWHxOny/CFfI5odkpJq7RMYlDGA63ExM
+      0Y5wbK8PJaMQ5HEI3A4w+5Oe9X3g50mCnXlvE7jCc7qAbm9FO8akU20Cyjt9o+8/1CMwVA
+      Gp5+/k9QoRmYOKSNAQ3jCMBatu71IiWw+XwvoQKpDHyHVq264KoZNJwjbsJesolnA5AAAA
+      wAPm6PW8RduSuc2QfkKn4fSIXNzZdjWwdcWoGnuQoT7X5gxDWLQZX+RfUcZcWpDfRKpG1L
+      FDDiFgMMeHzKsJJRGofC1aE2QXBLi3SEg7pOYFj42DnsxVJduf75pl1IGysCtqo9s46DGC
+      Sg0hrpxqPxZZ6mollKR3Y7UK3m3Dgg0+ViL4DZfc/1dFPuVMhIhR/VI5qsU0gYENgYkaSD
+      IrqS+Cpauedo0iUnYgvVDgO6QjSKahadpRxbSFH7invv/JQQAAAMEA+ns3PAvfnqFdL+XZ
+      M2LsZDAZLXQswoZpWHN/q64LicPaKOuCsZSYyvWlPSaS5fXfTkoTQl7v6lucpiLLmt/vn2
+      HOBkSJ4WB/w/kKrGfPsZaHduTWothKnC4EaVKUBM7T4dmfvo92Rb4eelrgnIe7hyuz4byh
+      z9GXp8BAJ7fcQdarvl6YSBxtIKQR/3TDvenHbJGYXnZp2KItfCQYWs6E4GU/VDLyY1G/l5
+      HWqnZ2kvAGexM/TVaQM845a6ZiE71bAAAAwQDIUHclwiQ27VZmmTHQjiFOKkTj8NCRzf9S
+      dUOoQ8tXYUJ+zbocBCY7VzBBYUdnbfSGXTBXiT2HxWyPXr5pui9C5cIv35GRAlg7Po8WzX
+      av9FQbsVwi5cuTMmDH5IVYUIZbAtCwRS54Bv7Th1GX4Q0kgVeJIuzxWR/ZqaoPMDaLWRkP
+      en4bJRotpAnyctN44W4nyBu6Ezv0qwH0kCYPg9rzreAGmJsDoucvLG6lINKeVdFWqJZmDm
+      c5EajNWQLVeKcAAAARbGFjaUByeXplbi1kZWJpYW4BAg==
+      -----END OPENSSH PRIVATE KEY-----
+
+  knownHosts:
+    - host: bigboss
+      pubKey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCR/kxAp0UK/XZrf5gCHkLcDatkaEYbcTL3EL2LkQZoMqVRfihOfTEpk+PBs/sqENUsXb6GLBxh50wDq8lMES4PgLQmHnkkJjBxBit1NscDNNQqtdNf1JXVOBOEPBrVvW0qDJMAXWhkB2r8JRpd8/Uj4Sj3KNGrCum3VRDglkLkSxUS74urdN9r1XpwvjPY5wzALwKRAKxQ+MuMI/zy3paFWLT/cpDkn6G2IK6MEScNgDho4EsMN0p5uksDiyCPy++/22aLQlwJhGpsC+hVeK3TKrlma33MdfIdrbp6LDTp36yN4qGO2GDs+wM/z7nscingzNhzP7lXizy30Nzb+sYqgwaQ2Gw/gj3aa9UycHrPk2iElUFPfNGsQ2Koxc/J89ouc8WLkxKldCEYAqr5Vo0BOZ4nFJscs/jh5xudOrEzurykFYA3Q5fG3c+mUBAhr0uMTKJUXLJtcjyGGPZoyuCEE3hsfqMxyHSsGxxG5j29zv29he9sodlhKLADxIEN1tc=