---
profiles::pki::vault::alt_names:
  - k8s-control.service.consul
  - k8s-control.query.consul
  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - k8s-control.service.consul
  - k8s-control.query.consul
  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"

# configure consul service
consul::services:
  k8s-control:
    service_name: 'k8s-control'
    tags:
      - 'k8s'
      - 'container'
    address: "%{hiera('networking_loopback0_ip')}"
    port: 6443
    checks:
      - id: 'k8s-control_https_check'
        name: 'k8s-control HTTPS Check'
        http: "https://%{facts.networking.fqdn}:6443"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: k8s-control
    disposition: write

# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
  eth0:
    type: physical
    forwarding: true
    dhcp: true
    mtu: 1500