From bdd833fa4ec795c37f1653af5ec7b651c65cd3be Mon Sep 17 00:00:00 2001
From: Ben Vincent <ben@unkin.net>
Date: Fri, 30 May 2025 23:21:02 +1000
Subject: [PATCH] feat: create basic k8s roles to start deployment (#302)

- just create roles so can deploy hosts

Reviewed-on: https://git.query.consul/unkinben/puppet-prod/pulls/302
---
 hieradata/roles/infra/k8s/compute.yaml    | 10 ++++++
 hieradata/roles/infra/k8s/control.yaml    | 42 +++++++++++++++++++++++
 site/roles/manifests/infra/k8s/compute.pp | 10 ++++++
 site/roles/manifests/infra/k8s/control.pp | 10 ++++++
 4 files changed, 72 insertions(+)
 create mode 100644 hieradata/roles/infra/k8s/compute.yaml
 create mode 100644 hieradata/roles/infra/k8s/control.yaml
 create mode 100644 site/roles/manifests/infra/k8s/compute.pp
 create mode 100644 site/roles/manifests/infra/k8s/control.pp

diff --git a/hieradata/roles/infra/k8s/compute.yaml b/hieradata/roles/infra/k8s/compute.yaml
new file mode 100644
index 0000000..6f3d533
--- /dev/null
+++ b/hieradata/roles/infra/k8s/compute.yaml
@@ -0,0 +1,10 @@
+---
+# networking
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+    mtu: 1500
diff --git a/hieradata/roles/infra/k8s/control.yaml b/hieradata/roles/infra/k8s/control.yaml
new file mode 100644
index 0000000..2c2a149
--- /dev/null
+++ b/hieradata/roles/infra/k8s/control.yaml
@@ -0,0 +1,42 @@
+---
+profiles::pki::vault::alt_names:
+  - k8s-control.service.consul
+  - k8s-control.query.consul
+  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"
+
+profiles::ssh::sign::principals:
+  - k8s-control.service.consul
+  - k8s-control.query.consul
+  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"
+
+# configure consul service
+consul::services:
+  k8s-control:
+    service_name: 'k8s-control'
+    tags:
+      - 'k8s'
+      - 'container'
+    address: "%{hiera('networking_loopback0_ip')}"
+    port: 6443
+    checks:
+      - id: 'k8s-control_https_check'
+        name: 'k8s-control HTTPS Check'
+        http: "https://%{facts.networking.fqdn}:6443"
+        method: 'GET'
+        tls_skip_verify: true
+        interval: '10s'
+        timeout: '1s'
+profiles::consul::client::node_rules:
+  - resource: service
+    segment: k8s-control
+    disposition: write
+
+# networking
+systemd::manage_networkd: true
+systemd::manage_all_network_files: true
+networking::interfaces:
+  eth0:
+    type: physical
+    forwarding: true
+    dhcp: true
+    mtu: 1500
diff --git a/site/roles/manifests/infra/k8s/compute.pp b/site/roles/manifests/infra/k8s/compute.pp
new file mode 100644
index 0000000..ccb7e12
--- /dev/null
+++ b/site/roles/manifests/infra/k8s/compute.pp
@@ -0,0 +1,10 @@
+# k8s compute nodes
+class roles::infra::k8s::compute {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}
diff --git a/site/roles/manifests/infra/k8s/control.pp b/site/roles/manifests/infra/k8s/control.pp
new file mode 100644
index 0000000..6260183
--- /dev/null
+++ b/site/roles/manifests/infra/k8s/control.pp
@@ -0,0 +1,10 @@
+# k8s control nodes
+class roles::infra::k8s::control {
+  if $facts['firstrun'] {
+    include profiles::defaults
+    include profiles::firstrun::init
+  }else{
+    include profiles::defaults
+    include profiles::base
+  }
+}