# config rke2
class rke2::config (
  Enum['server', 'agent'] $node_type = $rke2::node_type,
  Stdlib::Absolutepath    $config_file = $rke2::config_file,
  Hash                    $config_hash = $rke2::config_hash,
  Stdlib::HTTPSUrl        $join_url = $rke2::join_url,
  Stdlib::Fqdn            $bootstrap_node = $rke2::bootstrap_node,
  String                  $node_token = $rke2::node_token,
  Array[String[1]]        $extra_config_files = $rke2::extra_config_files,
){

  # if its not the bootstrap node, add join path to config
  if $node_type == 'server' {
    if $trusted['certname'] != $bootstrap_node {
      $config = merge($config_hash, {
        server => $join_url,
        token  => $node_token,
      } )
    }else{
      $config = merge($config_hash, {})
    }
  } elsif $node_type == 'agent' {
      $config = merge($config_hash, {
        server => $join_url,
        token  => $node_token,
      } )
  }else{
    $config = $config_hash
  }

  # create the config file
  file { $config_file:
    ensure  => file,
    content => Sensitive($config.to_yaml),
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
    require => Package["rke2-${node_type}"],
    before  => Service["rke2-${node_type}"],
  }

  # create a script to verify k8s api is up (used by consul)
  file {'/usr/local/bin/check_k8s_api.sh':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
    source => 'puppet:///modules/rke2/check_k8s_api.sh',
  }

  # symlink kubectl to path
  file {'/usr/bin/kubectl':
    ensure  => link,
    target  => '/var/lib/rancher/rke2/bin/kubectl',
    require => Package["rke2-${node_type}"],
  }

  # when ProtectKernelDefaults=true
  sysctl { 'vm.overcommit_memory':
    value  => '1',
    before => Service["rke2-${node_type}"],
  }
  sysctl { 'kernel.panic':
    value  => '10',
    before => Service["rke2-${node_type}"],
  }

  # on the controller nodes only
  if $node_type == 'server' and $facts['k8s_masters'] and $facts['k8s_masters'] > 2 {

    # wait for purelb helm to setup namespace
    if 'purelb' in $facts['k8s_namespaces'] {
      file {'/var/lib/rancher/rke2/server/manifests/purelb-config.yaml':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        source  => 'puppet:///modules/rke2/purelb-config.yaml',
        require => Service['rke2-server'],
      }
    }

    # wait for rancher helm to setup namespace
    if 'cattle-system' in $facts['k8s_namespaces'] {
      file {'/var/lib/rancher/rke2/server/manifests/ingress-route-rancher.yaml':
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        source  => 'puppet:///modules/rke2/ingress-route-rancher.yaml',
        require => Service['rke2-server'],
      }
    }

    # manage extra config config (these are not dependent on helm)
    $extra_config_files.each |$file| {

      file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":
        ensure  => file,
        owner   => 'root',
        group   => 'root',
        mode    => '0644',
        source  => "puppet:///modules/rke2/${file}.yaml",
        require => Service['rke2-server'],
      }
    }

  }
}