fix: helm before rke2 managed manifests

- add fact to list namespaces - require namespace before adding additional config - renamed some files to better match what they are
2025-09-20 22:35:35 +10:00 · 2025-09-20 22:35:35 +10:00 · 2d1f56779f
commit 2d1f56779f
parent 4c9204858e
7 changed files with 56 additions and 12 deletions
--- a/hieradata/roles/infra/k8s.eyaml
+++ b/hieradata/roles/infra/k8s.eyaml
@ -1 +1 @@
-rke2::node_token: ENC[PKCS7,MIIB2gYJKoZIhvcNAQcDoIIByzCCAccCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAVPo7WjzlJQQhxefhV1bu1/+Jo/LY3gMmVGicDnDloGQd1jbdDtNz9wi6Hqqht1xQPdn22XmvvrVXtPhsdjDCGqWxmfZ0qWQVl1Ju2WIh5WsyyZgdE96k2+y7Cg5Dl0brX2m9YSZfow5BF8J8EnCDdRZncOCtFl/SU8ipPEq2uJJR+Y9sJv6aJflnFLCEYgJNbZY9ljMcs5ssJ21VpIqWYA0Z6vKVqOUeIWWKbYZUIoEml7sj3ktmw3loMYA6ED0/nzyYvRVizTvtGXl3IWGVDSt8rQ/kNhzKqURVOsgwfbt7un4n2Kxkreiydj3R6PbLdkpHdtu25dbjue8HLQkc4zCBnAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQMmIatr2oBei35+evghIkLIBwWT6F1WPDV3PA/QYNusfYcI1KrMRYFlDYyEkg/Tf+0gOpty9rdnYL+MQO2fTU9Br+INTr1oJcxJp/Lqap2+NibmBfZcLUIMn3q1S/jZp9BGQTk6RSwODqQ2x5GxDATinrtiUR4TXIIaiaP3KWlP8A7g==]
+rke2::node_token: ENC[PKCS7,MIIB2gYJKoZIhvcNAQcDoIIByzCCAccCAQAxggEhMIIBHQIBADAFMAACAQEwDQYJKoZIhvcNAQEBBQAEggEAPRBcsDJv/SDR4pOi4fBWzU2ayCXW8BaATzpg3h8mHsVPcHwhfL9w9d4BIshM5yzSZwfmj8EBMk6sa4vEcBRN5r5vWDETnjwsvtLULvyiPm5WVYAYe+Z/fzoCUqswWvXrU/yzoMd/oUYFOrtCB0wT4bZX2leg64CQ7DZIf4wZod0Z9EH7YwUpL4mmbLWY29w0Z3F702O8v0hp9J7IWX5A5ob8OLaTy9SmApZEtm35UDz+OAaJ1OZ9yc2pWTkVZ0dSgMvouynJWToZ/k0ZwoW5I32WLeZ6mkYODwXF1ULqVTX3eX/c9HlVilHJar9TlcY46+8ypV3Uoju8j6c86DaRtjCBnAYJKoZIhvcNAQcBMB0GCWCGSAFlAwQBKgQQe3h1bWn1G2HYEwupc7n3EoBwzcA4ICV4efMd1n4d1CW+wlBAoa5T8lXSluf09vajUQmaFhl3pl99v3uc5M38ePPd5QkzoZPfb4kLcmuufGNfwbIXpaQQ+nwQATOX1UG5SOEovshvWnW0iF5JrgIa+MLed9WF48NMbvZZLbwyBe7hrQ==]
--- a/hieradata/roles/infra/k8s/control.yaml
+++ b/hieradata/roles/infra/k8s/control.yaml
@ -27,11 +27,8 @@ rke2::csi_ceph_templates:
  - ceph-csi-config
  - ceph-csi-secret
 rke2::extra_config_files:
-  - namespaces
  - rke2-canal-config
-  - purelb-config
-  - ingres-lb-nginx
-  - ingres-route-rancher
+  - service-loadbalancer-nginx
 rke2::config_hash:
  advertise-address: "%{hiera('networking_loopback0_ip')}"
  cluster-domain: "svc.k8s.unkin.net"
--- a/modules/rke2/files/ingress-route-rancher.yaml
+++ b/modules/rke2/files/ingress-route-rancher.yaml
--- a/modules/rke2/files/namespaces.yaml
+++ b/modules/rke2/files/namespaces.yaml
@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cattle-system
-  labels:
-    kubernetes.io/metadata.name: cattle-system
--- a/modules/rke2/files/service-loadbalancer-nginx.yaml
+++ b/modules/rke2/files/service-loadbalancer-nginx.yaml
--- a/modules/rke2/lib/facter/k8s_namespaces.rb
+++ b/modules/rke2/lib/facter/k8s_namespaces.rb
@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'open3'
+
+Facter.add(:k8s_namespaces) do
+  confine do
+    File.exist?('/etc/rancher/rke2/rke2.yaml') &&
+      File.executable?('/usr/bin/kubectl') # Adjust this path if needed
+  end
+
+  setcode do
+    env = { 'KUBECONFIG' => '/etc/rancher/rke2/rke2.yaml' }
+    cmd = ['/usr/bin/kubectl', 'get', 'namespaces', '-o', 'json']
+
+    stdout, stderr, status = Open3.capture3(env, *cmd)
+
+    if status.success?
+      json = JSON.parse(stdout)
+      json['items'].map { |item| item['metadata']['name'] }
+    else
+      Facter.debug("kubectl error: #{stderr}")
+      []
+    end
+  rescue StandardError => e
+    Facter.debug("Exception in k8s_namespaces fact: #{e.message}")
+    []
+  end
+end
--- a/modules/rke2/manifests/config.pp
+++ b/modules/rke2/manifests/config.pp
@ -77,7 +77,31 @@ class rke2::config (
  # on the controller nodes only
  if $node_type == 'server' {

-    # manage extra config config
+    # wait for purelb helm to setup namespace
+    if 'purelb' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/purelb-config.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/purelb-config.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # wait for rancher helm to setup namespace
+    if 'cattle-system' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/ingress-route-rancher.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/ingress-route-rancher.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # manage extra config config (these are not dependent on helm)
    $extra_config_files.each |$file| {

      file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":