---
profiles::pki::vault::alt_names:
  - k8s-control.service.consul
  - k8s-control.query.consul
  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"

profiles::ssh::sign::principals:
  - k8s-control.service.consul
  - k8s-control.query.consul
  - "k8s-control.service.%{facts.country}-%{facts.region}.consul"

# configure consul service
consul::services:
  k8s-control:
    service_name: 'k8s-control'
    tags:
      - 'k8s'
      - 'container'
    address: "%{facts.networking.fqdn}"
    port: 6443
    checks:
      - id: 'k8s-control_https_check'
        name: 'k8s-control HTTPS Check'
        http: "https://%{facts.networking.fqdn}:6443"
        method: 'GET'
        tls_skip_verify: true
        interval: '10s'
        timeout: '1s'
profiles::consul::client::node_rules:
  - resource: service
    segment: k8s-control
    disposition: write

# networking
systemd::manage_networkd: true
systemd::manage_all_network_files: true
networking::interfaces:
  eth0:
    type: physical
    forwarding: true
    dhcp: true
    mtu: 1500

# package management
profiles::packages::include:
  containerd.io: {}
  kubeadm: {}
  kubectl: {}
  kubelet: {}

profiles::yum::global::repos:
  k8s:
    name: k8s
    descr: k8s repository
    target: /etc/yum.repos.d/k8s.repo
    baseurl: https://packagerepo.service.consul/k8s/1.32/1.32-daily/%{facts.os.architecture}/os/
    gpgkey: https://packagerepo.service.consul/k8s/1.32/1.32-daily/%{facts.os.architecture}/os/repomd.xml.key
    mirrorlist: absent
  containerd:
    name: containerd
    descr: containerd repository
    target: /etc/yum.repos.d/containerd.repo
    baseurl: https://packagerepo.service.consul/docker/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os
    gpgkey: https://packagerepo.service.consul/docker/el%{facts.os.release.major}/stable-daily/%{facts.os.architecture}/os/gpg
    mirrorlist: absent