puppet-prod/modules/rke2/manifests/config.pp

# config rke2
class rke2::config (
  Enum['server', 'agent'] $node_type = $rke2::node_type,
  Stdlib::Absolutepath    $config_file = $rke2::config_file,
  Hash                    $config_hash = $rke2::config_hash,
  Stdlib::HTTPSUrl        $join_url = $rke2::join_url,
  Stdlib::Fqdn            $bootstrap_node = $rke2::bootstrap_node,
  String                  $node_token = $rke2::node_token,
){

  # if its not the bootstrap node, add join path to config
  if $node_type == 'server' {
    if $trusted['certname'] != $bootstrap_node {
      $config = merge($config_hash, {
        server => $join_url,
        token  => $node_token,
      } )
    }else{
      $config = $config_hash
    }
  }else{
    $config = $config_hash
  }

  # create the config file
  file { $config_file:
    ensure  => file,
    content => Sensitive($config.to_yaml),
    owner   => 'root',
    group   => 'root',
    mode    => '0644',
  }

  # create a script to verify k8s api is up (used by consul)
  file {'/usr/local/bin/check_k8s_api.sh':
    ensure => file,
    owner  => 'root',
    group  => 'root',
    mode   => '0755',
    source => 'puppet:///modules/rke2/check_k8s_api.sh'
  }

}