#Cloud-init

Cloud images expect cloud-init for first-boot configuration: user creation, SSH key injection, package installs, custom commands. The build uses cloud-init to inject its own SSH key, so you must include a cloudInit block for cloud-image sources.

Minimal:

cloudInit:
    userData: |
        #cloud-config
        ssh_authorized_keys: []

The empty ssh_authorized_keys: [] is fine — the build appends its own key. You can use any other cloud-config directives:

cloudInit:
    userData: |
        #cloud-config
        ssh_authorized_keys: []
        timezone: America/Chicago
        package_update: true
        packages:
          - htop
          - vim
        runcmd:
          - echo "first boot" > /var/log/firstboot
        write_files:
          - path: /etc/myapp/config
            content: |
              key=value

If you'd rather keep cloud-config in a ConfigMap, use userDataFrom:

cloudInit:
    userDataFrom:
        configMapRef:
            name: my-cloud-config
            key: user-data

For network-data (rare; needed if you're disabling the cloud's default network setup), use cloudInit.networkData.

Don't put long-running setup in runcmd — use shell provisioners instead. cloud-init is for boot-time prep; provisioners are for the actual build work.