feat: create basic k8s roles to start deployment (#302)

- just create roles so can deploy hosts Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
2025-05-30 23:21:02 +10:00 · 2025-05-30 23:21:02 +10:00 · bdd833fa4e
commit bdd833fa4e
parent c10a3e49fa
4 changed files with 72 additions and 0 deletions
--- a/hieradata/roles/infra/k8s/compute.yaml
+++ b/hieradata/roles/infra/k8s/compute.yaml
@ -0,0 +1,10 @@
+---
+# networking
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+    mtu: 1500
--- a/hieradata/roles/infra/k8s/control.yaml
+++ b/hieradata/roles/infra/k8s/control.yaml
@ -0,0 +1,42 @@
+---
+profiles::pki::vault::alt_names:
+  - k8s-control.service.consul
+  - k8s-control.query.consul
+  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"
+
+profiles::ssh::sign::principals:
+  - k8s-control.service.consul
+  - k8s-control.query.consul
+  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"
+
+# configure consul service
+consul::services:
+  k8s-control:
+    service_name: 'k8s-control'
+    tags:
+      - 'k8s'
+      - 'container'
+    address: "%{hiera('networking_loopback0_ip')}"
+    port: 6443
+    checks:
+      - id: 'k8s-control_https_check'
+        name: 'k8s-control HTTPS Check'
+        http: "https://%{facts.networking.fqdn}:6443"
+        method: 'GET'
+        tls_skip_verify: true
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: k8s-control
+    disposition: write
+
+# networking
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+    mtu: 1500
--- a/site/roles/manifests/infra/k8s/compute.pp
+++ b/site/roles/manifests/infra/k8s/compute.pp
@ -0,0 +1,10 @@
+# k8s compute nodes
+class roles::infra::k8s::compute {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}
--- a/site/roles/manifests/infra/k8s/control.pp
+++ b/site/roles/manifests/infra/k8s/control.pp
@ -0,0 +1,10 @@
+# k8s control nodes
+class roles::infra::k8s::control {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}