--- hiera_include: - profiles::selinux::setenforce - profiles::ceph::node - profiles::ceph::osd - profiles::ceph::client - exporters::frr_exporter - frrouting - rke2 # manage rke2 rke2::bootstrap_node: prodnxsr0001.main.unkin.net rke2::join_url: https://join-k8s.service.consul:9345 rke2::manage_registries: true rke2::registries: docker.io: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "dockerhub/$1" disable-default-registry-endpoint: true ghcr.io: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "ghcr/$1" disable-default-registry-endpoint: true quay.io: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "quay/$1" disable-default-registry-endpoint: true registry.k8s.io: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "k8s-registry/$1" disable-default-registry-endpoint: true registry.gitlab.com: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "gitlab/$1" disable-default-registry-endpoint: true docker.elastic.co: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "elastic/$1" disable-default-registry-endpoint: true gcr.io: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "gcr/$1" disable-default-registry-endpoint: true docker.litellm.ai: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "litellm/$1" disable-default-registry-endpoint: true public.ecr.aws: endpoint: - "https://artifactapi.k8s.syd1.au.unkin.net" rewrite: "^(.*)$": "ecr-public/$1" disable-default-registry-endpoint: true rke2::config_hash: bind-address: "%{hiera('networking_loopback0_ip')}" node-ip: "%{hiera('networking_loopback0_ip')}" node-external-ip: "%{hiera('networking_loopback0_ip')}" write-kubeconfig-mode: 644 kubelet-arg: - '--node-status-update-frequency=4s' - '--max-pods=100' node-label: - "region=%{facts.region}" - "country=%{facts.country}" - "asset=%{facts.dmi.product.serial_number}" - "zone=%{zone}" # FIXME: puppet-python wants to try manage python-dev, which is required by the ceph package python::manage_dev_package: false profiles::packages::include: bridge-utils: {} cephadm: {} profiles::selinux::setenforce::mode: disabled profiles::ceph::client::manage_ceph_conf: false profiles::ceph::client::manage_ceph_package: false profiles::ceph::client::manage_ceph_paths: false profiles::ceph::client::fsid: 'de96a98f-3d23-465a-a899-86d3d67edab8' profiles::ceph::client::mons: - 198.18.23.9 - 198.18.23.10 - 198.18.23.11 - 198.18.23.12 - 198.18.23.13 # additional repos profiles::yum::global::repos: ceph: ensure: present ceph-noarch: ensure: present frr-extras: ensure: present frr-stable: ensure: present rancher-rke2-common-latest: ensure: present rancher-rke2-1-33-latest: ensure: present # dns profiles::dns::base::primary_interface: loopback0 # networking systemd::manage_networkd: true systemd::manage_all_network_files: true networking::interfaces: "%{hiera('networking_1000_iface')}": type: physical ipaddress: "%{hiera('networking_1000_ip')}" gateway: 198.18.15.254 txqueuelen: 10000 forwarding: true "%{hiera('networking_2500_iface')}": type: physical ipaddress: "%{hiera('networking_2500_ip')}" mtu: 1500 txqueuelen: 10000 forwarding: true loopback0: type: dummy ipaddress: "%{hiera('networking_loopback0_ip')}" netmask: 255.255.255.255 mtu: 1500 loopback1: type: dummy ipaddress: "%{hiera('networking_loopback1_ip')}" netmask: 255.255.255.255 mtu: 1500 loopback2: type: dummy ipaddress: "%{hiera('networking_loopback2_ip')}" netmask: 255.255.255.255 mtu: 1500 # configure consul service profiles::consul::client::host_addr: "%{hiera('networking_loopback0_ip')}" profiles::consul::client::node_rules: - resource: service segment: frr_exporter disposition: write # frrouting exporters::frr_exporter::enable: true frrouting::ospfd_router_id: "%{hiera('networking_loopback0_ip')}" frrouting::ospf_preferred_source_enable: true frrouting::ospf_preferred_source: "%{hiera('networking_loopback0_ip')}" frrouting::ospfd_redistribute: - connected frrouting::ospfd_interfaces: "%{hiera('networking_1000_iface')}": area: 0.0.0.0 "%{hiera('networking_2500_iface')}": area: 0.0.0.0 loopback0: area: 0.0.0.0 loopback1: area: 0.0.0.0 loopback2: area: 0.0.0.0 frrouting::daemons: ospfd: true frrouting::ospf_exclude_k8s_enable: true frrouting::k8s_cluster_cidr: '10.42.0.0/16' # RKE2 cluster-cidr (pods) frrouting::k8s_service_cidr: '10.43.0.0/16' # RKE2 service-cidr # sysctl recommendations sysctl::base::values: net.ipv4.conf.default.rp_filter: value: '0' net.ipv4.conf.all.rp_filter: value: '0' fs.inotify.max_user_watches: value: '524288' fs.inotify.max_user_instances: value: '512' # add loopback interfaces to ssh list ssh::server::options: ListenAddress: - "%{hiera('networking_loopback0_ip')}" - "%{hiera('networking_1000_ip')}" - "%{hiera('networking_2500_ip')}" profiles::ssh::sign::principals: - "%{hiera('networking_loopback0_ip')}" - "%{hiera('networking_1000_ip')}" - "%{hiera('networking_2500_ip')}"