unkin/puppet-prod
2
0
Fork 0
Code Issues 10 Pull Requests Actions Packages Projects Releases Wiki Activity
762f415d2d
puppet-prod/modules/rke2/manifests/config.pp
Ben Vincent 762f415d2d feat: k8s helm rework (#396) 
- remove helm-generated-yaml, replace with helm execs
- template/parameterise ceph csi

Reviewed-on: #396
2025-09-20 17:40:41 +10:00

123 lines
3.6 KiB
Puppet
Raw Blame History

# config rke2
class rke2::config (
Enum['server', 'agent'] $node_type = $rke2::node_type,
Stdlib::Absolutepath $config_file = $rke2::config_file,
Hash $config_hash = $rke2::config_hash,
Stdlib::HTTPSUrl $join_url = $rke2::join_url,
Stdlib::Fqdn $bootstrap_node = $rke2::bootstrap_node,
String $node_token = $rke2::node_token,
Array[String[1]] $extra_config_files = $rke2::extra_config_files,
Boolean $csi_ceph_enable = $rke2::csi_ceph_enable,
Array[String] $csi_ceph_files = $rke2::csi_ceph_files,
Array[String] $csi_ceph_templates = $rke2::csi_ceph_templates,
Optional[String[1]] $csi_ceph_key = $rke2::csi_ceph_key,
Optional[String[1] ] $csi_ceph_clusterid = $rke2::csi_ceph_clusterid,
Optional[Array[String]] $csi_ceph_monitors = $rke2::csi_ceph_monitors,
Optional[String[1]] $csi_ceph_poolname = $rke2::csi_ceph_poolname,
){
# if agent, add token. what other fields should i add?
# how can I add a tls secret using kubectl to add ephemeral certs.
# if its not the bootstrap node, add join path to config
if $node_type == 'server' {
if $trusted['certname'] != $bootstrap_node {
$config = merge($config_hash, {
server => $join_url,
token => $node_token,
} )
}else{
$config = $config_hash
}
} elsif $node_type == 'agent' {
$config = merge($config_hash, {
server => $join_url,
token => $node_token,
} )
}else{
$config = $config_hash
}
# create the config file
file { $config_file:
ensure => file,
content => Sensitive($config.to_yaml),
owner => 'root',
group => 'root',
mode => '0644',
require => Package["rke2-${node_type}"],
before => Service["rke2-${node_type}"],
}
# create a script to verify k8s api is up (used by consul)
file {'/usr/local/bin/check_k8s_api.sh':
ensure => file,
owner => 'root',
group => 'root',
mode => '0755',
source => 'puppet:///modules/rke2/check_k8s_api.sh',
}
# symlink kubectl to path
file {'/usr/bin/kubectl':
ensure => link,
target => '/var/lib/rancher/rke2/bin/kubectl',
require => Package["rke2-${node_type}"],
}
# when ProtectKernelDefaults=true
sysctl { 'vm.overcommit_memory':
value => '1',
before => Service["rke2-${node_type}"],
}
sysctl { 'kernel.panic':
value => '10',
before => Service["rke2-${node_type}"],
}
# on the controller nodes only
if $node_type == 'server' {
# manage extra config config
$extra_config_files.each |$file| {
file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => "puppet:///modules/rke2/${file}.yaml",
require => Service['rke2-server'],
}
}
# manage ceph files
if $csi_ceph_enable {
$csi_ceph_files.each |$file| {
file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
source => "puppet:///modules/rke2/${file}.yaml",
require => Service['rke2-server'],
}
}
$csi_ceph_templates.each |$file| {
file {"/var/lib/rancher/rke2/server/manifests/${file}.yaml":
ensure => file,
owner => 'root',
group => 'root',
mode => '0644',
content => template("rke2/${file}.yaml.erb"),
require => Service['rke2-server'],
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink