version: '3'
services:
  # startup:
  #   image: bash:5
  #   command: -xe /host/startup.sh
  #   volumes:
  #     - manifests:/manifests
  #     - .:/host:ro
  server:
    image: rancher/k3s
    restart: always
    command: server --disable traefik --disable local-storage --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
      - /run
      - /var/run
    privileged: true
    environment:
      - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
      - K3S_KUBECONFIG_OUTPUT=/host/kubectl/kubeconfig.yaml
      - K3S_KUBECONFIG_MODE=666
    volumes:
      - k3s_data:/var/lib/rancher/k3s
      - nfs_data:/srv/nfs
      - manifests:/var/lib/rancher/k3s/server/manifests/manifests:ro
      - .:/host
    ports:
      - 80:30080
      - 443:30443
      - 6443:6443
  agent:
    image: rancher/k3s
    restart: always
    command: agent --kubelet-arg authentication-token-webhook --kubelet-arg authorization-mode=Webhook
    tmpfs:
      - /run
      - /var/run
    privileged: true
    environment:
      - K3S_URL=https://server:6443
      - K3S_CLUSTER_SECRET=${K3S_CLUSTER_SECRET:-replaceme}
    volumes:
      - nfs_data:/srv/nfs

volumes:
  k3s_data:
  nfs_data:
  manifests:
    driver_opts:
      type: tmpfs
      device: tmpfs