fix: helm before rke2 managed manifests

- add fact to list namespaces
- require namespace before adding additional config
- renamed some files to better match what they are

hieradata/roles/infra/k8s/control.yaml

@@ -27,11 +27,8 @@ rke2::csi_ceph_templates:
   - ceph-csi-config
   - ceph-csi-secret
 rke2::extra_config_files:
-  - namespaces
   - rke2-canal-config
-  - purelb-config
-  - ingres-lb-nginx
-  - ingres-route-rancher
+  - service-loadbalancer-nginx
 rke2::config_hash:
   advertise-address: "%{hiera('networking_loopback0_ip')}"
   cluster-domain: "svc.k8s.unkin.net"

modules/rke2/files/namespaces.yaml

@@ -1,6 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: cattle-system
-  labels:
-    kubernetes.io/metadata.name: cattle-system

modules/rke2/lib/facter/k8s_namespaces.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require 'json'
+require 'open3'
+
+Facter.add(:k8s_namespaces) do
+  confine do
+    File.exist?('/etc/rancher/rke2/rke2.yaml') &&
+      File.executable?('/usr/bin/kubectl') # Adjust this path if needed
+  end
+
+  setcode do
+    env = { 'KUBECONFIG' => '/etc/rancher/rke2/rke2.yaml' }
+    cmd = ['/usr/bin/kubectl', 'get', 'namespaces', '-o', 'json']
+
+    stdout, stderr, status = Open3.capture3(env, *cmd)
+
+    if status.success?
+      json = JSON.parse(stdout)
+      json['items'].map { |item| item['metadata']['name'] }
+    else
+      Facter.debug("kubectl error: #{stderr}")
+      []
+    end
+  rescue StandardError => e
+    Facter.debug("Exception in k8s_namespaces fact: #{e.message}")
+    []
+  end
+end

modules/rke2/manifests/config.pp

@@ -77,7 +77,31 @@ class rke2::config (
   # on the controller nodes only
   if $node_type == 'server' {
 
-    # manage extra config config
+    # wait for purelb helm to setup namespace
+    if 'purelb' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/purelb-config.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/purelb-config.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # wait for rancher helm to setup namespace
+    if 'cattle-system' in $facts['k8s_namespaces'] {
+      file {'/var/lib/rancher/rke2/server/manifests/ingress-route-rancher.yaml':
+        ensure  => file,
+        owner   => 'root',
+        group   => 'root',
+        mode    => '0644',
+        source  => 'puppet:///modules/rke2/ingress-route-rancher.yaml',
+        require => Service['rke2-server'],
+      }
+    }
+
+    # manage extra config config (these are not dependent on helm)
     $extra_config_files.each |$file| {
 
       file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":

modules/rke2/manifests/helm.pp

@@ -65,6 +65,7 @@ class rke2::helm (
 
       $r_cmd = 'helm install rancher rancher-stable/rancher \
                   --namespace cattle-system \
+                  --create-namespace \
                   --set hostname=rancher.main.unkin.net \
                   --set bootstrapPassword=admin \
                   --set ingress.tls.source=secret \