fix: helm before rke2 managed manifests

- add fact to list namespaces - require namespace before adding additional config - renamed some files to better match what they are
2025-09-20 22:35:35 +10:00 · 2025-09-20 22:35:35 +10:00 · 4ef99b4573
commit 4ef99b4573
parent 4c9204858e
6 changed files with 55 additions and 11 deletions
--- a/hieradata/roles/infra/k8s/control.yaml
+++ b/hieradata/roles/infra/k8s/control.yaml
@ -27,11 +27,8 @@ rke2::csi_ceph_templates:
  - ceph-csi-config
  - ceph-csi-secret
 rke2::extra_config_files:
-  - namespaces
  - rke2-canal-config
-  - purelb-config
-  - ingres-lb-nginx
-  - ingres-route-rancher
+  - service-loadbalancer-nginx
 rke2::config_hash:
  advertise-address: "%{hiera('networking_loopback0_ip')}"
  cluster-domain: "svc.k8s.unkin.net"
--- a/modules/rke2/files/ingress-route-rancher.yaml
+++ b/modules/rke2/files/ingress-route-rancher.yaml
--- a/modules/rke2/files/namespaces.yaml
+++ b/modules/rke2/files/namespaces.yaml
@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cattle-system
-  labels:
-    kubernetes.io/metadata.name: cattle-system
--- a/modules/rke2/files/service-loadbalancer-nginx.yaml
+++ b/modules/rke2/files/service-loadbalancer-nginx.yaml
--- a/modules/rke2/lib/facter/k8s_namespaces.rb
+++ b/modules/rke2/lib/facter/k8s_namespaces.rb
@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'open3'
+
+Facter.add(:k8s_namespaces) do
+  confine do
+    File.exist?('/etc/rancher/rke2/rke2.yaml') &&
+      File.executable?('/usr/bin/kubectl') # Adjust this path if needed
+  end
+
+  setcode do
+    env = { 'KUBECONFIG' => '/etc/rancher/rke2/rke2.yaml' }
+    cmd = ['/usr/bin/kubectl', 'get', 'namespaces', '-o', 'json']
+
+    stdout, stderr, status = Open3.capture3(env, *cmd)
+
+    if status.success?
+      json = JSON.parse(stdout)
+      json['items'].map { |item| item['metadata']['name'] }
+    else
+      Facter.debug("kubectl error: #{stderr}")
+      []
+    end
+  rescue StandardError => e
+    Facter.debug("Exception in k8s_namespaces fact: #{e.message}")
+    []
+  end
+end
--- a/modules/rke2/manifests/config.pp
+++ b/modules/rke2/manifests/config.pp
@ -77,7 +77,31 @@ class rke2::config (
  # on the controller nodes only
  if $node_type == 'server' {

-    # manage extra config config
+    # wait for purelb helm to setup namespace
+    if 'purelb' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/purelb-config.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/purelb-config.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # wait for rancher helm to setup namespace
+    if 'cattle-system' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/ingress-route-rancher.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/ingress-route-rancher.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # manage extra config config (these are not dependent on helm)
    $extra_config_files.each |$file| {

      file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":