diff --git a/REFERENCE.md b/REFERENCE.md
index 5909ef9..b829d80 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -6,6 +6,8 @@
### Classes
+#### Public Classes
+
* [`k8s`](#k8s): Sets up a Kubernetes instance - either as a node or as a server
* [`k8s::install::cni_plugins`](#k8s--install--cni_plugins): Manages the installation of CNI plugins
* [`k8s::install::container_runtime`](#k8s--install--container_runtime): Manages the installation of a container runtime / CRI
@@ -13,27 +15,31 @@
* [`k8s::install::kubeadm`](#k8s--install--kubeadm): Installs the kubeadm binary
* [`k8s::install::kubectl`](#k8s--install--kubectl): Installs the kubectl binary
* [`k8s::node`](#k8s--node): Installs a Kubernetes node
-* [`k8s::node::kube_proxy`](#k8s--node--kube_proxy): Sets up a on-node kube-proxy instance
* [`k8s::node::kubectl`](#k8s--node--kubectl): Installs the kubectl binary
-* [`k8s::node::kubelet`](#k8s--node--kubelet): Installs and configures kubelet
* [`k8s::node::simple_cni`](#k8s--node--simple_cni): Provide a simple bridged standard network interface.
For basic usage if one does not have flannel, cilium, calico or something else yet.
Uses the cni-plugins bridge binary to create a bridge interface to connect the containers
* [`k8s::repo`](#k8s--repo): Handles repositories for the container runtime
* [`k8s::server`](#k8s--server): Sets up a Kubernetes server instance
-* [`k8s::server::apiserver`](#k8s--server--apiserver): Installs and configures a Kubernetes apiserver
-* [`k8s::server::controller_manager`](#k8s--server--controller_manager): Installs and configures a Kubernetes controller manager
* [`k8s::server::etcd`](#k8s--server--etcd): Sets up an etcd cluster node
* [`k8s::server::etcd::setup`](#k8s--server--etcd--setup): Installs and configures an etcd instance
-* [`k8s::server::resources`](#k8s--server--resources): Generates and deploys standard Kubernetes in-cluster services
-* [`k8s::server::resources::bootstrap`](#k8s--server--resources--bootstrap): Generates and deploys the default Puppet boostrap configuration into the cluster
-* [`k8s::server::resources::coredns`](#k8s--server--resources--coredns): Generates and deploys the default CoreDNS DNS provider for Kubernetes
-* [`k8s::server::resources::flannel`](#k8s--server--resources--flannel): Generates and deploys the default CoreDNS DNS provider for Kubernetes
-* [`k8s::server::resources::kube_proxy`](#k8s--server--resources--kube_proxy): Generates and deploys the default kube-proxy service for Kubernetes
-* [`k8s::server::scheduler`](#k8s--server--scheduler): Installs and configures a Kubernetes scheduler
-* [`k8s::server::tls`](#k8s--server--tls): Generates the necessary Kubernetes certificates for a server
* [`k8s::server::wait_online`](#k8s--server--wait_online): Creates a dummy exec to allow deferring applies until the Kubernetes API server has started
+#### Private Classes
+
+* `k8s::common`: Sets up common Kubernetes components - users/groups/folders/etc
+* `k8s::node::kube_proxy`: Sets up a on-node kube-proxy instance
+* `k8s::node::kubelet`: Installs and configures kubelet
+* `k8s::server::apiserver`: Installs and configures a Kubernetes apiserver
+* `k8s::server::controller_manager`: Installs and configures a Kubernetes controller manager
+* `k8s::server::resources`: Generates and deploys standard Kubernetes in-cluster services
+* `k8s::server::resources::bootstrap`: Generates and deploys the default Puppet boostrap configuration into the cluster
+* `k8s::server::resources::coredns`: Generates and deploys the default CoreDNS DNS provider for Kubernetes
+* `k8s::server::resources::flannel`: Generates and deploys the default CoreDNS DNS provider for Kubernetes
+* `k8s::server::resources::kube_proxy`: Generates and deploys the default kube-proxy service for Kubernetes
+* `k8s::server::scheduler`: Installs and configures a Kubernetes scheduler
+* `k8s::server::tls`: Generates the necessary Kubernetes certificates for a server
+
### Defined types
* [`k8s::binary`](#k8s--binary): Deploys a Kubernetes binary
@@ -66,6 +72,7 @@ Uses the cni-plugins bridge binary to create a bridge interface to connect the c
* [`K8s::IP_addresses`](#K8s--IP_addresses): a type to describe multiple IP addresses without subnet sizes
* [`K8s::Native_packaging`](#K8s--Native_packaging): a type to describe Kubernetes native packaging methods
* [`K8s::Node_auth`](#K8s--Node_auth): a type to describe node/kubelet authentication methods
+* [`K8s::Node_role`](#K8s--Node_role): a type to describe a type of Kubernetes node
* [`K8s::PortRange`](#K8s--PortRange): This regexp matches port range values
* [`K8s::Proxy_auth`](#K8s--Proxy_auth): a type to describe kube-proxy authentication methods
* [`K8s::Proxy_method`](#K8s--Proxy_method): a type to describe how kube-proxy should be deployed
@@ -429,11 +436,11 @@ Default value: `true`
##### `role`
-Data type: `Enum['node','server','none']`
+Data type: `Optional[K8s::Node_role]`
-role of the node
+the role of the node
-Default value: `'none'`
+Default value: `undef`
##### `runc_version`
@@ -453,11 +460,11 @@ Default value: `'10.1.0.0/24'`
##### `sysconfig_path`
-Data type: `Optional[Stdlib::Unixpath]`
+Data type: `Stdlib::Unixpath`
-path to the sysconfig directory
+path to the sysconfig directory, per-OS values are configured in hiera
-Default value: `undef`
+Default value: `'/etc/sysconfig'`
##### `tarball_url_template`
@@ -908,114 +915,6 @@ enable puppetdb resource searching
Default value: `$k8s::puppetdb_discovery_tag`
-### `k8s::node::kube_proxy`
-
-For most use-cases, running kube-proxy inside the cluster itself is recommended
-
-#### Parameters
-
-The following parameters are available in the `k8s::node::kube_proxy` class:
-
-* [`arguments`](#-k8s--node--kube_proxy--arguments)
-* [`auth`](#-k8s--node--kube_proxy--auth)
-* [`ca_cert`](#-k8s--node--kube_proxy--ca_cert)
-* [`cert`](#-k8s--node--kube_proxy--cert)
-* [`cluster_cidr`](#-k8s--node--kube_proxy--cluster_cidr)
-* [`config`](#-k8s--node--kube_proxy--config)
-* [`control_plane_url`](#-k8s--node--kube_proxy--control_plane_url)
-* [`ensure`](#-k8s--node--kube_proxy--ensure)
-* [`key`](#-k8s--node--kube_proxy--key)
-* [`puppetdb_discovery_tag`](#-k8s--node--kube_proxy--puppetdb_discovery_tag)
-* [`token`](#-k8s--node--kube_proxy--token)
-
-##### `arguments`
-
-Data type: `Hash[String, Data]`
-
-A hash of additional arguments to pass to kube-proxy
-
-Default value: `{}`
-
-##### `auth`
-
-Data type: `K8s::Proxy_auth`
-
-The authentication method to use for the API server
-
-Default value: `$k8s::node::proxy_auth`
-
-##### `ca_cert`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-The path to the CA certificate to use for the API server
-
-Default value: `$k8s::node::ca_cert`
-
-##### `cert`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-The path to the client certificate to use for the API server
-
-Default value: `$k8s::node::proxy_cert`
-
-##### `cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-The CIDR range of the cluster
-
-Default value: `$k8s::cluster_cidr`
-
-##### `config`
-
-Data type: `Hash[String, Data]`
-
-A hash of additional configuration options to pass to kube-proxy
-
-Default value: `{}`
-
-##### `control_plane_url`
-
-Data type: `Stdlib::HTTPUrl`
-
-The URL of the Kubernetes API server
-
-Default value: `$k8s::node::control_plane_url`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-Whether the kube-proxy service should be configured
-
-Default value: `$k8s::node::ensure`
-
-##### `key`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-The path to the client key to use for the API server
-
-Default value: `$k8s::node::proxy_key`
-
-##### `puppetdb_discovery_tag`
-
-Data type: `String`
-
-The tag to use for PuppetDB service discovery
-
-Default value: `$k8s::node::puppetdb_discovery_tag`
-
-##### `token`
-
-Data type: `Optional[Sensitive[String]]`
-
-The token to use for the API server
-
-Default value: `$k8s::node::proxy_token`
-
### `k8s::node::kubectl`
Installs the kubectl binary
@@ -1034,195 +933,6 @@ Whether to install the binary
Default value: `$k8s::ensure`
-### `k8s::node::kubelet`
-
-Installs and configures kubelet
-
-#### Parameters
-
-The following parameters are available in the `k8s::node::kubelet` class:
-
-* [`arguments`](#-k8s--node--kubelet--arguments)
-* [`auth`](#-k8s--node--kubelet--auth)
-* [`ca_cert`](#-k8s--node--kubelet--ca_cert)
-* [`cert`](#-k8s--node--kubelet--cert)
-* [`cert_path`](#-k8s--node--kubelet--cert_path)
-* [`config`](#-k8s--node--kubelet--config)
-* [`control_plane_url`](#-k8s--node--kubelet--control_plane_url)
-* [`ensure`](#-k8s--node--kubelet--ensure)
-* [`firewall_type`](#-k8s--node--kubelet--firewall_type)
-* [`key`](#-k8s--node--kubelet--key)
-* [`kubeconfig`](#-k8s--node--kubelet--kubeconfig)
-* [`manage_firewall`](#-k8s--node--kubelet--manage_firewall)
-* [`manage_kernel_modules`](#-k8s--node--kubelet--manage_kernel_modules)
-* [`manage_sysctl_settings`](#-k8s--node--kubelet--manage_sysctl_settings)
-* [`puppetdb_discovery_tag`](#-k8s--node--kubelet--puppetdb_discovery_tag)
-* [`rotate_server_tls`](#-k8s--node--kubelet--rotate_server_tls)
-* [`runtime`](#-k8s--node--kubelet--runtime)
-* [`runtime_service`](#-k8s--node--kubelet--runtime_service)
-* [`support_dualstack`](#-k8s--node--kubelet--support_dualstack)
-* [`token`](#-k8s--node--kubelet--token)
-
-##### `arguments`
-
-Data type: `Hash[String, Data]`
-
-additional arguments to pass to kubelet
-
-Default value: `{}`
-
-##### `auth`
-
-Data type: `K8s::Node_auth`
-
-type of node authentication
-
-Default value: `$k8s::node::node_auth`
-
-##### `ca_cert`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the ca cert
-
-Default value: `$k8s::node::ca_cert`
-
-##### `cert`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to node cert file
-
-Default value: `$k8s::node::node_cert`
-
-##### `cert_path`
-
-Data type: `Stdlib::Unixpath`
-
-path to cert files
-
-Default value: `$k8s::node::cert_path`
-
-##### `config`
-
-Data type: `Hash[String, Data]`
-
-additional config to pass to kubelet
-
-Default value: `{}`
-
-##### `control_plane_url`
-
-Data type: `Stdlib::HTTPUrl`
-
-cluster API connection
-
-Default value: `$k8s::node::control_plane_url`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-set ensure for installation or deinstallation
-
-Default value: `$k8s::node::ensure`
-
-##### `firewall_type`
-
-Data type: `Optional[K8s::Firewall]`
-
-define the type of firewall to use
-
-Default value: `$k8s::node::firewall_type`
-
-##### `key`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to node key file
-
-Default value: `$k8s::node::node_key`
-
-##### `kubeconfig`
-
-Data type: `Stdlib::Unixpath`
-
-path to kubeconfig
-
-Default value: `'/srv/kubernetes/kubelet.kubeconf'`
-
-##### `manage_firewall`
-
-Data type: `Boolean`
-
-whether to manage firewall or not
-
-Default value: `$k8s::node::manage_firewall`
-
-##### `manage_kernel_modules`
-
-Data type: `Boolean`
-
-whether to load kernel modules or not
-
-Default value: `$k8s::node::manage_kernel_modules`
-
-##### `manage_sysctl_settings`
-
-Data type: `Boolean`
-
-whether to manage sysctl settings or not
-
-Default value: `$k8s::node::manage_sysctl_settings`
-
-##### `puppetdb_discovery_tag`
-
-Data type: `String[1]`
-
-enable puppetdb resource searching
-
-Default value: `$k8s::node::puppetdb_discovery_tag`
-
-##### `rotate_server_tls`
-
-Data type: `Boolean`
-
-whether to rotate server tls or not
-
-Default value: `$auth == 'bootstrap'`
-
-##### `runtime`
-
-Data type: `String`
-
-which container runtime to use
-
-Default value: `$k8s::container_manager`
-
-##### `runtime_service`
-
-Data type: `String`
-
-name of the service of the container runtime
-
-Default value: `$k8s::container_runtime_service`
-
-##### `support_dualstack`
-
-Data type: `Boolean`
-
-whether to support dualstack or not
-
-Default value: `$k8s::cluster_cidr =~ Array[Data, 2]`
-
-##### `token`
-
-Data type: `Optional[Sensitive[String]]`
-
-k8s token to join a cluster
-
-Default value: `$k8s::node::node_token`
-
### `k8s::node::simple_cni`
Class: k8s::node::simple_cni
@@ -1520,1734 +1230,491 @@ enable puppetdb resource searching
Default value: `$k8s::puppetdb_discovery_tag`
-### `k8s::server::apiserver`
+### `k8s::server::etcd`
-Installs and configures a Kubernetes apiserver
+Sets up an etcd cluster node
#### Parameters
-The following parameters are available in the `k8s::server::apiserver` class:
-
-* [`advertise_address`](#-k8s--server--apiserver--advertise_address)
-* [`aggregator_ca_cert`](#-k8s--server--apiserver--aggregator_ca_cert)
-* [`apiserver_cert`](#-k8s--server--apiserver--apiserver_cert)
-* [`apiserver_client_cert`](#-k8s--server--apiserver--apiserver_client_cert)
-* [`apiserver_client_key`](#-k8s--server--apiserver--apiserver_client_key)
-* [`apiserver_key`](#-k8s--server--apiserver--apiserver_key)
-* [`arguments`](#-k8s--server--apiserver--arguments)
-* [`ca_cert`](#-k8s--server--apiserver--ca_cert)
-* [`cert_path`](#-k8s--server--apiserver--cert_path)
-* [`container_image`](#-k8s--server--apiserver--container_image)
-* [`container_image_tag`](#-k8s--server--apiserver--container_image_tag)
-* [`container_registry`](#-k8s--server--apiserver--container_registry)
-* [`discover_etcd_servers`](#-k8s--server--apiserver--discover_etcd_servers)
-* [`ensure`](#-k8s--server--apiserver--ensure)
-* [`etcd_ca`](#-k8s--server--apiserver--etcd_ca)
-* [`etcd_cert`](#-k8s--server--apiserver--etcd_cert)
-* [`etcd_cluster_name`](#-k8s--server--apiserver--etcd_cluster_name)
-* [`etcd_key`](#-k8s--server--apiserver--etcd_key)
-* [`etcd_servers`](#-k8s--server--apiserver--etcd_servers)
-* [`firewall_type`](#-k8s--server--apiserver--firewall_type)
-* [`front_proxy_cert`](#-k8s--server--apiserver--front_proxy_cert)
-* [`front_proxy_key`](#-k8s--server--apiserver--front_proxy_key)
-* [`manage_firewall`](#-k8s--server--apiserver--manage_firewall)
-* [`puppetdb_discovery_tag`](#-k8s--server--apiserver--puppetdb_discovery_tag)
-* [`service_cluster_cidr`](#-k8s--server--apiserver--service_cluster_cidr)
-* [`serviceaccount_private`](#-k8s--server--apiserver--serviceaccount_private)
-* [`serviceaccount_public`](#-k8s--server--apiserver--serviceaccount_public)
-
-##### `advertise_address`
-
-Data type: `Stdlib::IP::Address::Nosubnet`
-
-bind address of the apiserver
+The following parameters are available in the `k8s::server::etcd` class:
-Default value: `fact('networking.ip')`
+* [`addn_names`](#-k8s--server--etcd--addn_names)
+* [`cert_path`](#-k8s--server--etcd--cert_path)
+* [`client_ca_cert`](#-k8s--server--etcd--client_ca_cert)
+* [`client_ca_key`](#-k8s--server--etcd--client_ca_key)
+* [`cluster_name`](#-k8s--server--etcd--cluster_name)
+* [`ensure`](#-k8s--server--etcd--ensure)
+* [`firewall_type`](#-k8s--server--etcd--firewall_type)
+* [`generate_ca`](#-k8s--server--etcd--generate_ca)
+* [`group`](#-k8s--server--etcd--group)
+* [`manage_certs`](#-k8s--server--etcd--manage_certs)
+* [`manage_firewall`](#-k8s--server--etcd--manage_firewall)
+* [`manage_members`](#-k8s--server--etcd--manage_members)
+* [`manage_setup`](#-k8s--server--etcd--manage_setup)
+* [`peer_ca_cert`](#-k8s--server--etcd--peer_ca_cert)
+* [`peer_ca_key`](#-k8s--server--etcd--peer_ca_key)
+* [`puppetdb_discovery_tag`](#-k8s--server--etcd--puppetdb_discovery_tag)
+* [`self_signed_tls`](#-k8s--server--etcd--self_signed_tls)
+* [`user`](#-k8s--server--etcd--user)
+* [`version`](#-k8s--server--etcd--version)
-##### `aggregator_ca_cert`
+##### `addn_names`
-Data type: `Stdlib::Unixpath`
+Data type: `K8s::TLS_altnames`
-path to the aggregator ca cert file
+additional names for certificates
-Default value: `$k8s::server::tls::aggregator_ca_cert`
+Default value: `[]`
-##### `apiserver_cert`
+##### `cert_path`
Data type: `Stdlib::Unixpath`
-path to the apiserver cert file
+path to cert files
-Default value: `"${cert_path}/kube-apiserver.pem"`
+Default value: `'/var/lib/etcd/certs'`
-##### `apiserver_client_cert`
+##### `client_ca_cert`
Data type: `Stdlib::Unixpath`
-path to the apiserver client cert file
+path to the client ca cert
-Default value: `"${cert_path}/apiserver-kubelet-client.pem"`
+Default value: `"${cert_path}/client-ca.pem"`
-##### `apiserver_client_key`
+##### `client_ca_key`
Data type: `Stdlib::Unixpath`
-path to the apiserver client key file
+path to the client ca key
-Default value: `"${cert_path}/apiserver-kubelet-client.key"`
+Default value: `"${cert_path}/client-ca.key"`
-##### `apiserver_key`
+##### `cluster_name`
-Data type: `Stdlib::Unixpath`
+Data type: `Optional[String[1]]`
-path to the apiserver cert file
+name of the etcd cluster for searching its nodes in the puppetdb, will use k8s::etcd_cluster_name unless otherwise specified
-Default value: `"${cert_path}/kube-apiserver.key"`
+Default value: `undef`
-##### `arguments`
+##### `ensure`
-Data type: `Hash[String, Data]`
+Data type: `K8s::Ensure`
-additional arguments for the apiserver
+set ensure for installation or deinstallation
-Default value: `{}`
+Default value: `'present'`
-##### `ca_cert`
+##### `firewall_type`
-Data type: `Stdlib::Unixpath`
+Data type: `Optional[K8s::Firewall]`
-path to the ca cert
+define the type of firewall to use
-Default value: `$k8s::server::tls::ca_cert`
+Default value: `undef`
-##### `cert_path`
+##### `generate_ca`
-Data type: `Stdlib::Unixpath`
+Data type: `Boolean`
-path to cert files
+whether to generate a own ca or not
-Default value: `$k8s::server::tls::cert_path`
+Default value: `false`
-##### `container_image`
+##### `group`
Data type: `String[1]`
-container image to use for the apiserver
+group to run etcd as
-Default value: `'kube-apiserver'`
+Default value: `'etcd'`
-##### `container_image_tag`
+##### `manage_certs`
-Data type: `Optional[String[1]]`
+Data type: `Boolean`
-container image tag to use for the apiserver
+whether to manage certs or not
-Default value: `$k8s::container_image_tag`
+Default value: `true`
-##### `container_registry`
+##### `manage_firewall`
-Data type: `String[1]`
+Data type: `Boolean`
-container registry to pull the image from
-
-Default value: `$k8s::container_registry`
-
-##### `discover_etcd_servers`
-
-Data type: `Boolean`
-
-enable puppetdb resource searching
-
-Default value: `$k8s::puppetdb_discovery`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-set ensure for installation or deinstallation
-
-Default value: `$k8s::server::ensure`
-
-##### `etcd_ca`
-
-Data type: `Stdlib::Unixpath`
-
-path to the etcd ca cert file
-
-Default value: `"${cert_path}/etcd-ca.pem"`
-
-##### `etcd_cert`
-
-Data type: `Stdlib::Unixpath`
-
-path to the etcd cert file
-
-Default value: `"${cert_path}/etcd.pem"`
-
-##### `etcd_cluster_name`
-
-Data type: `String[1]`
-
-name of the etcd cluster for searching its nodes in the puppetdb
-
-Default value: `$k8s::server::etcd_cluster_name`
-
-##### `etcd_key`
-
-Data type: `Stdlib::Unixpath`
-
-path to the etcd key file
-
-Default value: `"${cert_path}/etcd.key"`
-
-##### `etcd_servers`
-
-Data type: `Optional[Array[Stdlib::HTTPUrl]]`
-
-list etcd servers if no puppetdb is used
-
-Default value: `$k8s::server::etcd_servers`
-
-##### `firewall_type`
-
-Data type: `Optional[K8s::Firewall]`
-
-define the type of firewall to use
-
-Default value: `$k8s::server::firewall_type`
-
-##### `front_proxy_cert`
-
-Data type: `Stdlib::Unixpath`
-
-path to the front proxy cert file
-
-Default value: `"${cert_path}/front-proxy-client.pem"`
-
-##### `front_proxy_key`
-
-Data type: `Stdlib::Unixpath`
-
-path to the front proxy key file
-
-Default value: `"${cert_path}/front-proxy-client.key"`
-
-##### `manage_firewall`
-
-Data type: `Boolean`
-
-whether to manage firewall or not
-
-Default value: `$k8s::server::manage_firewall`
-
-##### `puppetdb_discovery_tag`
-
-Data type: `String`
-
-enable puppetdb resource searching
-
-Default value: `$k8s::server::puppetdb_discovery_tag`
-
-##### `service_cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-cidr of the service cluster
-
-Default value: `$k8s::service_cluster_cidr`
-
-##### `serviceaccount_private`
-
-Data type: `Stdlib::Unixpath`
-
-path to the service account private key file
-
-Default value: `"${cert_path}/service-account.key"`
-
-##### `serviceaccount_public`
-
-Data type: `Stdlib::Unixpath`
-
-path to the service account public key file
-
-Default value: `"${cert_path}/service-account.pub"`
-
-### `k8s::server::controller_manager`
-
-Installs and configures a Kubernetes controller manager
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::controller_manager` class:
-
-* [`arguments`](#-k8s--server--controller_manager--arguments)
-* [`ca_cert`](#-k8s--server--controller_manager--ca_cert)
-* [`ca_key`](#-k8s--server--controller_manager--ca_key)
-* [`cert`](#-k8s--server--controller_manager--cert)
-* [`cert_path`](#-k8s--server--controller_manager--cert_path)
-* [`cluster_cidr`](#-k8s--server--controller_manager--cluster_cidr)
-* [`container_image`](#-k8s--server--controller_manager--container_image)
-* [`container_image_tag`](#-k8s--server--controller_manager--container_image_tag)
-* [`container_registry`](#-k8s--server--controller_manager--container_registry)
-* [`control_plane_url`](#-k8s--server--controller_manager--control_plane_url)
-* [`ensure`](#-k8s--server--controller_manager--ensure)
-* [`key`](#-k8s--server--controller_manager--key)
-* [`service_cluster_cidr`](#-k8s--server--controller_manager--service_cluster_cidr)
-
-##### `arguments`
-
-Data type: `Hash[String, Data]`
-
-Additional arguments to pass to the controller manager.
-
-Default value: `{}`
-
-##### `ca_cert`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the CA certificate.
-
-Default value: `$k8s::server::tls::ca_cert`
-
-##### `ca_key`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the CA key.
-
-Default value: `$k8s::server::tls::ca_key`
-
-##### `cert`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the controller manager certificate.
-
-Default value: `"${cert_path}/kube-controller-manager.pem"`
-
-##### `cert_path`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the TLS certificates.
-
-Default value: `$k8s::server::tls::cert_path`
-
-##### `cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-The CIDR of the cluster.
-
-Default value: `$k8s::cluster_cidr`
-
-##### `container_image`
-
-Data type: `String[1]`
-
-The container image to use for the controller manager.
-
-Default value: `'kube-controller-manager'`
-
-##### `container_image_tag`
-
-Data type: `Optional[String[1]]`
-
-The container image tag to use for the controller manager.
-
-Default value: `$k8s::container_image_tag`
-
-##### `container_registry`
-
-Data type: `String[1]`
-
-The container registry to pull the controller manager image from.
-
-Default value: `$k8s::container_registry`
-
-##### `control_plane_url`
-
-Data type: `Stdlib::HTTPUrl`
-
-The URL of the Kubernetes API server.
-
-Default value: `$k8s::control_plane_url`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-Whether the controller manager should be configured.
-
-Default value: `$k8s::server::ensure`
-
-##### `key`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the controller manager key.
-
-Default value: `"${cert_path}/kube-controller-manager.key"`
-
-##### `service_cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-The CIDR of the service cluster.
-
-Default value: `$k8s::service_cluster_cidr`
-
-### `k8s::server::etcd`
-
-Sets up an etcd cluster node
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::etcd` class:
-
-* [`addn_names`](#-k8s--server--etcd--addn_names)
-* [`cert_path`](#-k8s--server--etcd--cert_path)
-* [`client_ca_cert`](#-k8s--server--etcd--client_ca_cert)
-* [`client_ca_key`](#-k8s--server--etcd--client_ca_key)
-* [`cluster_name`](#-k8s--server--etcd--cluster_name)
-* [`ensure`](#-k8s--server--etcd--ensure)
-* [`firewall_type`](#-k8s--server--etcd--firewall_type)
-* [`generate_ca`](#-k8s--server--etcd--generate_ca)
-* [`group`](#-k8s--server--etcd--group)
-* [`manage_certs`](#-k8s--server--etcd--manage_certs)
-* [`manage_firewall`](#-k8s--server--etcd--manage_firewall)
-* [`manage_members`](#-k8s--server--etcd--manage_members)
-* [`manage_setup`](#-k8s--server--etcd--manage_setup)
-* [`peer_ca_cert`](#-k8s--server--etcd--peer_ca_cert)
-* [`peer_ca_key`](#-k8s--server--etcd--peer_ca_key)
-* [`puppetdb_discovery_tag`](#-k8s--server--etcd--puppetdb_discovery_tag)
-* [`self_signed_tls`](#-k8s--server--etcd--self_signed_tls)
-* [`user`](#-k8s--server--etcd--user)
-* [`version`](#-k8s--server--etcd--version)
-
-##### `addn_names`
-
-Data type: `K8s::TLS_altnames`
-
-additional names for certificates
-
-Default value: `[]`
-
-##### `cert_path`
-
-Data type: `Stdlib::Unixpath`
-
-path to cert files
-
-Default value: `'/var/lib/etcd/certs'`
-
-##### `client_ca_cert`
-
-Data type: `Stdlib::Unixpath`
-
-path to the client ca cert
-
-Default value: `"${cert_path}/client-ca.pem"`
-
-##### `client_ca_key`
-
-Data type: `Stdlib::Unixpath`
-
-path to the client ca key
-
-Default value: `"${cert_path}/client-ca.key"`
-
-##### `cluster_name`
-
-Data type: `String[1]`
-
-name of the etcd cluster for searching its nodes in the puppetdb
-
-Default value: `pick($k8s::server::etcd_cluster_name, 'default')`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-set ensure for installation or deinstallation
-
-Default value: `'present'`
-
-##### `firewall_type`
-
-Data type: `Optional[K8s::Firewall]`
-
-define the type of firewall to use
-
-Default value: `$k8s::server::firewall_type`
-
-##### `generate_ca`
-
-Data type: `Boolean`
-
-whether to generate a own ca or not
+whether to manage firewall or not
Default value: `false`
-##### `group`
-
-Data type: `String[1]`
-
-group to run etcd as
-
-Default value: `'etcd'`
-
-##### `manage_certs`
+##### `manage_members`
Data type: `Boolean`
-whether to manage certs or not
-
-Default value: `true`
-
-##### `manage_firewall`
-
-Data type: `Boolean`
-
-whether to manage firewall or not
-
-Default value: `false`
-
-##### `manage_members`
-
-Data type: `Boolean`
-
-whether to manage the ectd cluster member joining or not
-
-Default value: `false`
-
-##### `manage_setup`
-
-Data type: `Boolean`
-
-whether to manage the setup of etcd or not
-
-Default value: `true`
-
-##### `peer_ca_cert`
-
-Data type: `Stdlib::Unixpath`
-
-path to the peer ca cert
-
-Default value: `"${cert_path}/peer-ca.pem"`
-
-##### `peer_ca_key`
-
-Data type: `Stdlib::Unixpath`
-
-path to the peer ca key
-
-Default value: `"${cert_path}/peer-ca.key"`
-
-##### `puppetdb_discovery_tag`
-
-Data type: `String[1]`
-
-enable puppetdb resource searching
-
-Default value: `pick($k8s::server::puppetdb_discovery_tag, $cluster_name)`
-
-##### `self_signed_tls`
-
-Data type: `Boolean`
-
-whether to use self signed tls or not
-
-Default value: `false`
-
-##### `user`
-
-Data type: `String[1]`
-
-user to run etcd as
-
-Default value: `'etcd'`
-
-##### `version`
-
-Data type: `String[1]`
-
-version of ectd to install
-
-Default value: `pick($k8s::etcd_version, '3.5.1')`
-
-### `k8s::server::etcd::setup`
-
-Installs and configures an etcd instance
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::etcd::setup` class:
-
-* [`advertise_client_urls`](#-k8s--server--etcd--setup--advertise_client_urls)
-* [`archive_template`](#-k8s--server--etcd--setup--archive_template)
-* [`auto_compaction_retention`](#-k8s--server--etcd--setup--auto_compaction_retention)
-* [`auto_tls`](#-k8s--server--etcd--setup--auto_tls)
-* [`binary_path`](#-k8s--server--etcd--setup--binary_path)
-* [`cert_file`](#-k8s--server--etcd--setup--cert_file)
-* [`client_cert_auth`](#-k8s--server--etcd--setup--client_cert_auth)
-* [`data_dir`](#-k8s--server--etcd--setup--data_dir)
-* [`ensure`](#-k8s--server--etcd--setup--ensure)
-* [`etcd_name`](#-k8s--server--etcd--setup--etcd_name)
-* [`fqdn`](#-k8s--server--etcd--setup--fqdn)
-* [`gid`](#-k8s--server--etcd--setup--gid)
-* [`group`](#-k8s--server--etcd--setup--group)
-* [`initial_advertise_peer_urls`](#-k8s--server--etcd--setup--initial_advertise_peer_urls)
-* [`initial_cluster`](#-k8s--server--etcd--setup--initial_cluster)
-* [`initial_cluster_state`](#-k8s--server--etcd--setup--initial_cluster_state)
-* [`initial_cluster_token`](#-k8s--server--etcd--setup--initial_cluster_token)
-* [`install`](#-k8s--server--etcd--setup--install)
-* [`key_file`](#-k8s--server--etcd--setup--key_file)
-* [`listen_client_urls`](#-k8s--server--etcd--setup--listen_client_urls)
-* [`listen_peer_urls`](#-k8s--server--etcd--setup--listen_peer_urls)
-* [`package`](#-k8s--server--etcd--setup--package)
-* [`peer_auto_tls`](#-k8s--server--etcd--setup--peer_auto_tls)
-* [`peer_cert_file`](#-k8s--server--etcd--setup--peer_cert_file)
-* [`peer_client_cert_auth`](#-k8s--server--etcd--setup--peer_client_cert_auth)
-* [`peer_key_file`](#-k8s--server--etcd--setup--peer_key_file)
-* [`peer_trusted_ca_file`](#-k8s--server--etcd--setup--peer_trusted_ca_file)
-* [`proxy`](#-k8s--server--etcd--setup--proxy)
-* [`storage_path`](#-k8s--server--etcd--setup--storage_path)
-* [`trusted_ca_file`](#-k8s--server--etcd--setup--trusted_ca_file)
-* [`uid`](#-k8s--server--etcd--setup--uid)
-* [`user`](#-k8s--server--etcd--setup--user)
-* [`version`](#-k8s--server--etcd--setup--version)
-
-##### `advertise_client_urls`
-
-Data type: `Array[Stdlib::HTTPUrl]`
-
-The client urls to advertise
-
-Default value: `["https://${fqdn}:2379"]`
-
-##### `archive_template`
-
-Data type: `Stdlib::HTTPUrl`
-
-The download url template for the etc archive
-
-Default value: `'https://storage.googleapis.com/etcd/v%{version}/etcd-v%{version}-%{kernel}-%{arch}.%{kernel_ext}'`
-
-##### `auto_compaction_retention`
-
-Data type: `Optional[Integer]`
-
-The auto compaction retention
-
-Default value: `undef`
-
-##### `auto_tls`
-
-Data type: `Boolean`
-
-Use auto tls
-
-Default value: `$k8s::server::etcd::self_signed_tls`
-
-##### `binary_path`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the etcd binary
-
-Default value: `undef`
-
-##### `cert_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the cert file
-
-Default value: `undef`
-
-##### `client_cert_auth`
-
-Data type: `Boolean`
-
-Use client cert auth
-
-Default value: `false`
-
-##### `data_dir`
-
-Data type: `String[1]`
-
-path to the data dir
-
-Default value: `"${etcd_name}.etcd"`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-set ensure for installation or deinstallation
-
-Default value: `$k8s::server::etcd::ensure`
-
-##### `etcd_name`
-
-Data type: `String[1]`
-
-The etcd instance name
-
-Default value: `$facts['networking']['hostname']`
-
-##### `fqdn`
-
-Data type: `String[1]`
-
-fully qualified domain name
-
-Default value: `$facts['networking']['fqdn']`
-
-##### `gid`
-
-Data type: `Optional[Integer[0, 65535]]`
-
-The group system id
-
-Default value: `undef`
-
-##### `group`
-
-Data type: `String[1]`
-
-etcd system user group
-
-Default value: `$k8s::server::etcd::group`
-
-##### `initial_advertise_peer_urls`
-
-Data type: `Array[Stdlib::HTTPUrl]`
-
-The peer urls to advertise
-
-Default value: `["https://${fqdn}:2380"]`
-
-##### `initial_cluster`
-
-Data type: `Array[String[1]]`
-
-The initial cluster
-
-Default value: `[]`
-
-##### `initial_cluster_state`
-
-Data type: `Optional[Enum['existing', 'new']]`
-
-The initial cluster state
-
-Default value: `undef`
-
-##### `initial_cluster_token`
-
-Data type: `Optional[String[1]]`
-
-The initial cluster token
-
-Default value: `undef`
-
-##### `install`
-
-Data type: `Enum['archive','package']`
-
-etcd installation method
-
-Default value: `'archive'`
-
-##### `key_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the key file
-
-Default value: `undef`
-
-##### `listen_client_urls`
-
-Data type: `Array[Stdlib::HTTPUrl]`
-
-The client urls to listen on
-
-Default value: `['https://[::]:2379']`
-
-##### `listen_peer_urls`
-
-Data type: `Array[Stdlib::HTTPUrl]`
-
-The peer urls to listen on
-
-Default value: `['https://[::]:2380']`
-
-##### `package`
-
-Data type: `String[1]`
-
-etcd package name
-
-Default value: `'etcd'`
-
-##### `peer_auto_tls`
-
-Data type: `Boolean`
-
-Use peer auto tls
-
-Default value: `$k8s::server::etcd::self_signed_tls`
-
-##### `peer_cert_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the peer cert file
-
-Default value: `undef`
-
-##### `peer_client_cert_auth`
-
-Data type: `Boolean`
-
-Use peer client cert auth
-
-Default value: `false`
-
-##### `peer_key_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the peer key file
-
-Default value: `undef`
-
-##### `peer_trusted_ca_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the peer trusted ca file
-
-Default value: `undef`
-
-##### `proxy`
-
-Data type: `Enum['on','off','readonly']`
-
-The proxy mode
-
-Default value: `'off'`
-
-##### `storage_path`
-
-Data type: `Stdlib::Unixpath`
-
-path to the working dir of etcd
-
-Default value: `'/var/lib/etcd'`
-
-##### `trusted_ca_file`
-
-Data type: `Optional[Stdlib::Unixpath]`
-
-path to the trusted ca file
-
-Default value: `undef`
-
-##### `uid`
-
-Data type: `Optional[Integer[0, 65535]]`
-
-The user system id
-
-Default value: `undef`
-
-##### `user`
-
-Data type: `String[1]`
-
-etcd system user
-
-Default value: `$k8s::server::etcd::user`
-
-##### `version`
-
-Data type: `String[1]`
-
-The ectd version to install
-
-Default value: `$k8s::server::etcd::version`
-
-### `k8s::server::resources`
-
-Generates and deploys standard Kubernetes in-cluster services
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::resources` class:
-
-* [`ca_cert`](#-k8s--server--resources--ca_cert)
-* [`cluster_cidr`](#-k8s--server--resources--cluster_cidr)
-* [`cluster_domain`](#-k8s--server--resources--cluster_domain)
-* [`control_plane_url`](#-k8s--server--resources--control_plane_url)
-* [`coredns_deployment_config`](#-k8s--server--resources--coredns_deployment_config)
-* [`coredns_image`](#-k8s--server--resources--coredns_image)
-* [`coredns_registry`](#-k8s--server--resources--coredns_registry)
-* [`coredns_tag`](#-k8s--server--resources--coredns_tag)
-* [`dns_service_address`](#-k8s--server--resources--dns_service_address)
-* [`extra_kube_proxy_args`](#-k8s--server--resources--extra_kube_proxy_args)
-* [`flannel_cni_image`](#-k8s--server--resources--flannel_cni_image)
-* [`flannel_cni_registry`](#-k8s--server--resources--flannel_cni_registry)
-* [`flannel_cni_tag`](#-k8s--server--resources--flannel_cni_tag)
-* [`flannel_daemonset_config`](#-k8s--server--resources--flannel_daemonset_config)
-* [`flannel_image`](#-k8s--server--resources--flannel_image)
-* [`flannel_registry`](#-k8s--server--resources--flannel_registry)
-* [`flannel_tag`](#-k8s--server--resources--flannel_tag)
-* [`image_pull_secrets`](#-k8s--server--resources--image_pull_secrets)
-* [`kube_proxy_daemonset_config`](#-k8s--server--resources--kube_proxy_daemonset_config)
-* [`kube_proxy_image`](#-k8s--server--resources--kube_proxy_image)
-* [`kube_proxy_registry`](#-k8s--server--resources--kube_proxy_registry)
-* [`kube_proxy_tag`](#-k8s--server--resources--kube_proxy_tag)
-* [`kubeconfig`](#-k8s--server--resources--kubeconfig)
-* [`manage_bootstrap`](#-k8s--server--resources--manage_bootstrap)
-* [`manage_coredns`](#-k8s--server--resources--manage_coredns)
-* [`manage_flannel`](#-k8s--server--resources--manage_flannel)
-* [`manage_kube_proxy`](#-k8s--server--resources--manage_kube_proxy)
-
-##### `ca_cert`
-
-Data type: `Stdlib::Unixpath`
-
-the path to the CA certificate to use for the cluster
-
-Default value: `$k8s::server::tls::ca_cert`
-
-##### `cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-the CIDR to use for the cluster
-
-Default value: `$k8s::server::cluster_cidr`
-
-##### `cluster_domain`
-
-Data type: `String[1]`
-
-the domain to use for the cluster
-
-Default value: `$k8s::server::cluster_domain`
-
-##### `control_plane_url`
-
-Data type: `String[1]`
-
-the URL to use for the control plane
-
-Default value: `$k8s::server::control_plane_url`
-
-##### `coredns_deployment_config`
-
-Data type: `Hash[String,Data]`
-
-the configuration to use for the CoreDNS Deployment
-
-Default value: `{}`
-
-##### `coredns_image`
-
-Data type: `String[1]`
-
-the image to use for the CoreDNS
-
-Default value: `'coredns/coredns'`
-
-##### `coredns_registry`
-
-Data type: `String[1]`
-
-the registry to use for the CoreDNS image
-
-Default value: `'docker.io'`
-
-##### `coredns_tag`
-
-Data type: `String[1]`
-
-the tag to use for the CoreDNS image
-
-Default value: `'1.8.7'`
-
-##### `dns_service_address`
-
-Data type: `K8s::IP_addresses`
-
-the IP address to use for the DNS service
-
-Default value: `$k8s::server::dns_service_address`
-
-##### `extra_kube_proxy_args`
-
-Data type: `Hash[String,Data]`
-
-the extra arguments to pass to the kube-proxy
-
-Default value: `{}`
-
-##### `flannel_cni_image`
-
-Data type: `String[1]`
-
-the image to use for the Flannel CNI
-
-Default value: `'rancher/mirrored-flannelcni-flannel-cni-plugin'`
-
-##### `flannel_cni_registry`
-
-Data type: `String[1]`
-
-the registry to use for the Flannel CNI image
-
-Default value: `'docker.io'`
-
-##### `flannel_cni_tag`
-
-Data type: `String[1]`
-
-the tag to use for the Flannel CNI image
-
-Default value: `'v1.0.0'`
-
-##### `flannel_daemonset_config`
-
-Data type: `Hash[String,Data]`
-
-the configuration to use for the Flannel DaemonSet
-
-Default value: `{}`
-
-##### `flannel_image`
-
-Data type: `String[1]`
-
-the image to use for the Flannel
-
-Default value: `'rancher/mirrored-flannelcni-flannel'`
-
-##### `flannel_registry`
-
-Data type: `String[1]`
-
-the registry to use for the Flannel image
-
-Default value: `'docker.io'`
-
-##### `flannel_tag`
-
-Data type: `String[1]`
-
-the tag to use for the Flannel image
-
-Default value: `'v0.16.1'`
-
-##### `image_pull_secrets`
-
-Data type: `Optional[Array]`
-
-the secrets to pull from private registries
-
-Default value: `undef`
-
-##### `kube_proxy_daemonset_config`
-
-Data type: `Hash[String,Data]`
-
-the configuration to use for the kube-proxy DaemonSet
-
-Default value: `{}`
-
-##### `kube_proxy_image`
-
-Data type: `String[1]`
-
-the image to use for the kube-proxy
-
-Default value: `'kube-proxy'`
-
-##### `kube_proxy_registry`
-
-Data type: `String[1]`
-
-the registry to use for the kube-proxy image
-
-Default value: `$k8s::container_registry`
-
-##### `kube_proxy_tag`
-
-Data type: `String[1]`
-
-the tag to use for the kube-proxy image
-
-Default value: `"v${k8s::version}"`
-
-##### `kubeconfig`
-
-Data type: `Stdlib::Unixpath`
-
-the path to the kubeconfig file to use for kubectl
-
-Default value: `'/root/.kube/config'`
-
-##### `manage_bootstrap`
-
-Data type: `Boolean`
-
-whether to manage the bootstrap resources
-
-Default value: `true`
-
-##### `manage_coredns`
-
-Data type: `Boolean`
-
-whether to manage the CoreDNS resources
-
-Default value: `true`
-
-##### `manage_flannel`
-
-Data type: `Boolean`
-
-whether to manage the Flannel resources
-
-Default value: `true`
-
-##### `manage_kube_proxy`
-
-Data type: `K8s::Proxy_method`
-
-whether to manage the kube-proxy resources
-
-Default value: `$k8s::manage_kube_proxy`
-
-### `k8s::server::resources::bootstrap`
-
-Generates and deploys the default Puppet boostrap configuration into the cluster
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::resources::bootstrap` class:
-
-* [`control_plane_url`](#-k8s--server--resources--bootstrap--control_plane_url)
-* [`ensure`](#-k8s--server--resources--bootstrap--ensure)
-* [`kubeconfig`](#-k8s--server--resources--bootstrap--kubeconfig)
-* [`secret`](#-k8s--server--resources--bootstrap--secret)
-
-##### `control_plane_url`
-
-Data type: `String[1]`
-
-The main API URL to encode in the bootstrap configuration
-
-Default value: `$k8s::server::resources::control_plane_url`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-Whether the resources should be present or absent
-
-Default value: `$k8s::ensure`
-
-##### `kubeconfig`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the kubeconfig file to use for the bootstrap configuration
-
-Default value: `$k8s::server::resources::kubeconfig`
-
-##### `secret`
-
-Data type: `Optional[Sensitive[K8s::Bootstrap_token]]`
-
-The exact token secret to use, will be generated as a random 16-char string if left blank.
-The generated value can be retrieved from the bootstrap-token-puppet Secret in kube-system.
-
-Default value: `undef`
-
-### `k8s::server::resources::coredns`
-
-Generates and deploys the default CoreDNS DNS provider for Kubernetes
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::resources::coredns` class:
-
-* [`cluster_domain`](#-k8s--server--resources--coredns--cluster_domain)
-* [`corefile_content`](#-k8s--server--resources--coredns--corefile_content)
-* [`deployment_config`](#-k8s--server--resources--coredns--deployment_config)
-* [`dns_service_address`](#-k8s--server--resources--coredns--dns_service_address)
-* [`ensure`](#-k8s--server--resources--coredns--ensure)
-* [`hosts`](#-k8s--server--resources--coredns--hosts)
-* [`image`](#-k8s--server--resources--coredns--image)
-* [`image_pull_secrets`](#-k8s--server--resources--coredns--image_pull_secrets)
-* [`image_tag`](#-k8s--server--resources--coredns--image_tag)
-* [`kubeconfig`](#-k8s--server--resources--coredns--kubeconfig)
-* [`registry`](#-k8s--server--resources--coredns--registry)
-* [`template_path`](#-k8s--server--resources--coredns--template_path)
-* [`template_variables`](#-k8s--server--resources--coredns--template_variables)
-
-##### `cluster_domain`
-
-Data type: `Stdlib::Fqdn`
-
-The cluster domain to use for the CoreDNS ConfigMap
-
-Default value: `$k8s::server::resources::cluster_domain`
-
-##### `corefile_content`
-
-Data type: `Optional[String[1]]`
-
-The content to use for the CoreDNS ConfigMap
-
-Default value: `undef`
-
-##### `deployment_config`
-
-Data type: `Hash[String,Data]`
-
-Additional configuration to merge into the Kubernetes Deployment object
-
-Default value: `$k8s::server::resources::coredns_deployment_config`
-
-##### `dns_service_address`
-
-Data type: `K8s::IP_addresses`
-
-The address for the DNS service
-
-Default value: `$k8s::server::resources::dns_service_address`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-Whether the resource should be present or absent on the target system
-
-Default value: `$k8s::ensure`
-
-##### `hosts`
-
-Data type: `Array[String[1]]`
-
-Additional host-style entries for the CoreDNS deployment to serve
-
-Default value: `[]`
-
-##### `image`
-
-Data type: `String[1]`
-
-The CoreDNS image name to use
-
-Default value: `$k8s::server::resources::coredns_image`
-
-##### `image_pull_secrets`
-
-Data type: `Optional[Array]`
-
-the secrets to pull from private registries
-
-Default value: `$k8s::server::resources::image_pull_secrets`
-
-##### `image_tag`
-
-Data type: `String[1]`
-
-The CoreDNS image tag to use
-
-Default value: `$k8s::server::resources::coredns_tag`
-
-##### `kubeconfig`
-
-Data type: `Stdlib::Unixpath`
-
-The path to the kubeconfig to use for kubectl commands
-
-Default value: `$k8s::server::resources::kubeconfig`
-
-##### `registry`
-
-Data type: `String[1]`
-
-The CoreDNS image registry to use
-
-Default value: `$k8s::server::resources::coredns_registry`
-
-##### `template_path`
-
-Data type: `String[1]`
-
-The path to the template to use for the CoreDNS ConfigMap
-
-Default value: `'k8s/server/resources/coredns_corefile.epp'`
-
-##### `template_variables`
-
-Data type: `Hash[String, Any]`
-
-The variables to use for the CoreDNS ConfigMap template
-
-Default value: `{ cluster_domain => $cluster_domain }`
-
-### `k8s::server::resources::flannel`
-
-Generates and deploys the default CoreDNS DNS provider for Kubernetes
-
-#### Parameters
-
-The following parameters are available in the `k8s::server::resources::flannel` class:
-
-* [`cluster_cidr`](#-k8s--server--resources--flannel--cluster_cidr)
-* [`cni_image`](#-k8s--server--resources--flannel--cni_image)
-* [`cni_image_tag`](#-k8s--server--resources--flannel--cni_image_tag)
-* [`cni_registry`](#-k8s--server--resources--flannel--cni_registry)
-* [`daemonset_config`](#-k8s--server--resources--flannel--daemonset_config)
-* [`ensure`](#-k8s--server--resources--flannel--ensure)
-* [`image`](#-k8s--server--resources--flannel--image)
-* [`image_pull_secrets`](#-k8s--server--resources--flannel--image_pull_secrets)
-* [`image_tag`](#-k8s--server--resources--flannel--image_tag)
-* [`kubeconfig`](#-k8s--server--resources--flannel--kubeconfig)
-* [`net_config`](#-k8s--server--resources--flannel--net_config)
-* [`registry`](#-k8s--server--resources--flannel--registry)
-
-##### `cluster_cidr`
-
-Data type: `K8s::CIDR`
-
-The internal cluster CIDR to proxy for
-
-Default value: `$k8s::server::resources::cluster_cidr`
-
-##### `cni_image`
-
-Data type: `String[1]`
-
-The Flannel CNI plugin image name to use
-
-Default value: `$k8s::server::resources::flannel_cni_image`
-
-##### `cni_image_tag`
-
-Data type: `String[1]`
-
-The Flannel CNI plugin image tag to use
-
-Default value: `$k8s::server::resources::flannel_cni_tag`
-
-##### `cni_registry`
-
-Data type: `String[1]`
-
-The Flannel CNI plugin image registry to use
-
-Default value: `$k8s::server::resources::flannel_cni_registry`
-
-##### `daemonset_config`
-
-Data type: `Hash[String,Data]`
-
-Additional configuration to merge into the DaemonSet object
+whether to manage the ectd cluster member joining or not
-Default value: `$k8s::server::resources::flannel_daemonset_config`
+Default value: `false`
-##### `ensure`
+##### `manage_setup`
-Data type: `K8s::Ensure`
+Data type: `Boolean`
-Whether the resource should be present or absent on the system
+whether to manage the setup of etcd or not
-Default value: `$k8s::ensure`
+Default value: `true`
-##### `image`
+##### `peer_ca_cert`
-Data type: `String[1]`
+Data type: `Stdlib::Unixpath`
-The Flannel image name to use
+path to the peer ca cert
-Default value: `$k8s::server::resources::flannel_image`
+Default value: `"${cert_path}/peer-ca.pem"`
-##### `image_pull_secrets`
+##### `peer_ca_key`
-Data type: `Optional[Array]`
+Data type: `Stdlib::Unixpath`
-the secrets to pull from private registries
+path to the peer ca key
-Default value: `$k8s::server::resources::image_pull_secrets`
+Default value: `"${cert_path}/peer-ca.key"`
-##### `image_tag`
+##### `puppetdb_discovery_tag`
-Data type: `String[1]`
+Data type: `Optional[String[1]]`
-The Flannel image tag to use
+enable puppetdb resource searching
-Default value: `$k8s::server::resources::flannel_tag`
+Default value: `$cluster_name`
-##### `kubeconfig`
+##### `self_signed_tls`
-Data type: `Stdlib::Unixpath`
+Data type: `Boolean`
-The path to the kubeconfig file to use
+whether to use self signed tls or not
-Default value: `$k8s::server::resources::kubeconfig`
+Default value: `false`
-##### `net_config`
+##### `user`
-Data type: `Hash[String,Data]`
+Data type: `String[1]`
-Additional configuration to merge into net-conf.json for Flannel
+user to run etcd as
-Default value: `{}`
+Default value: `'etcd'`
-##### `registry`
+##### `version`
Data type: `String[1]`
-The Flannel image registry to use
+version of ectd to install, will use k8s::etcd_version unless otherwise specified
-Default value: `$k8s::server::resources::flannel_registry`
+Default value: `$k8s::etcd_version`
-### `k8s::server::resources::kube_proxy`
+### `k8s::server::etcd::setup`
-Generates and deploys the default kube-proxy service for Kubernetes
+Installs and configures an etcd instance
#### Parameters
-The following parameters are available in the `k8s::server::resources::kube_proxy` class:
+The following parameters are available in the `k8s::server::etcd::setup` class:
-* [`cluster_cidr`](#-k8s--server--resources--kube_proxy--cluster_cidr)
-* [`daemonset_config`](#-k8s--server--resources--kube_proxy--daemonset_config)
-* [`ensure`](#-k8s--server--resources--kube_proxy--ensure)
-* [`extra_args`](#-k8s--server--resources--kube_proxy--extra_args)
-* [`extra_config`](#-k8s--server--resources--kube_proxy--extra_config)
-* [`image`](#-k8s--server--resources--kube_proxy--image)
-* [`image_pull_secrets`](#-k8s--server--resources--kube_proxy--image_pull_secrets)
-* [`image_tag`](#-k8s--server--resources--kube_proxy--image_tag)
-* [`kubeconfig`](#-k8s--server--resources--kube_proxy--kubeconfig)
-* [`registry`](#-k8s--server--resources--kube_proxy--registry)
+* [`advertise_client_urls`](#-k8s--server--etcd--setup--advertise_client_urls)
+* [`archive_template`](#-k8s--server--etcd--setup--archive_template)
+* [`auto_compaction_retention`](#-k8s--server--etcd--setup--auto_compaction_retention)
+* [`auto_tls`](#-k8s--server--etcd--setup--auto_tls)
+* [`binary_path`](#-k8s--server--etcd--setup--binary_path)
+* [`cert_file`](#-k8s--server--etcd--setup--cert_file)
+* [`client_cert_auth`](#-k8s--server--etcd--setup--client_cert_auth)
+* [`data_dir`](#-k8s--server--etcd--setup--data_dir)
+* [`ensure`](#-k8s--server--etcd--setup--ensure)
+* [`etcd_name`](#-k8s--server--etcd--setup--etcd_name)
+* [`fqdn`](#-k8s--server--etcd--setup--fqdn)
+* [`gid`](#-k8s--server--etcd--setup--gid)
+* [`group`](#-k8s--server--etcd--setup--group)
+* [`initial_advertise_peer_urls`](#-k8s--server--etcd--setup--initial_advertise_peer_urls)
+* [`initial_cluster`](#-k8s--server--etcd--setup--initial_cluster)
+* [`initial_cluster_state`](#-k8s--server--etcd--setup--initial_cluster_state)
+* [`initial_cluster_token`](#-k8s--server--etcd--setup--initial_cluster_token)
+* [`install`](#-k8s--server--etcd--setup--install)
+* [`key_file`](#-k8s--server--etcd--setup--key_file)
+* [`listen_client_urls`](#-k8s--server--etcd--setup--listen_client_urls)
+* [`listen_peer_urls`](#-k8s--server--etcd--setup--listen_peer_urls)
+* [`package`](#-k8s--server--etcd--setup--package)
+* [`peer_auto_tls`](#-k8s--server--etcd--setup--peer_auto_tls)
+* [`peer_cert_file`](#-k8s--server--etcd--setup--peer_cert_file)
+* [`peer_client_cert_auth`](#-k8s--server--etcd--setup--peer_client_cert_auth)
+* [`peer_key_file`](#-k8s--server--etcd--setup--peer_key_file)
+* [`peer_trusted_ca_file`](#-k8s--server--etcd--setup--peer_trusted_ca_file)
+* [`proxy`](#-k8s--server--etcd--setup--proxy)
+* [`storage_path`](#-k8s--server--etcd--setup--storage_path)
+* [`trusted_ca_file`](#-k8s--server--etcd--setup--trusted_ca_file)
+* [`uid`](#-k8s--server--etcd--setup--uid)
+* [`user`](#-k8s--server--etcd--setup--user)
+* [`version`](#-k8s--server--etcd--setup--version)
-##### `cluster_cidr`
+##### `advertise_client_urls`
-Data type: `K8s::CIDR`
+Data type: `Array[Stdlib::HTTPUrl]`
-The internal cluster CIDR to proxy for
+The client urls to advertise
-Default value: `$k8s::server::resources::cluster_cidr`
+Default value: `["https://${fqdn}:2379"]`
-##### `daemonset_config`
+##### `archive_template`
-Data type: `Hash[String,Data]`
+Data type: `Stdlib::HTTPUrl`
-Additional configuration to merge into the DaemonSet object
+The download url template for the etc archive
-Default value: `{}`
+Default value: `'https://storage.googleapis.com/etcd/v%{version}/etcd-v%{version}-%{kernel}-%{arch}.%{kernel_ext}'`
-##### `ensure`
+##### `auto_compaction_retention`
-Data type: `K8s::Ensure`
+Data type: `Optional[Integer]`
-Whether the resource should be present or absent
+The auto compaction retention
-Default value: `$k8s::ensure`
+Default value: `undef`
-##### `extra_args`
+##### `auto_tls`
-Data type: `Hash[String,Data]`
+Data type: `Optional[Boolean]`
-Additional arguments to specify to the kube-proxy application
+Use auto tls
-Default value: `{}`
+Default value: `undef`
-##### `extra_config`
+##### `binary_path`
-Data type: `Hash[String,Data]`
+Data type: `Optional[Stdlib::Unixpath]`
-Additional configuration data to apply to the kube-proxy configuration file
+path to the etcd binary
-Default value: `{}`
+Default value: `undef`
-##### `image`
+##### `cert_file`
-Data type: `String[1]`
+Data type: `Optional[Stdlib::Unixpath]`
-The kube-proxy image name to use
+path to the cert file
-Default value: `$k8s::server::resources::kube_proxy_image`
+Default value: `undef`
-##### `image_pull_secrets`
+##### `client_cert_auth`
-Data type: `Optional[Array]`
+Data type: `Boolean`
-the secrets to pull from private registries
+Use client cert auth
-Default value: `$k8s::server::resources::image_pull_secrets`
+Default value: `false`
-##### `image_tag`
+##### `data_dir`
Data type: `String[1]`
-The kube-proxy image tag to use
+path to the data dir
-Default value: `$k8s::server::resources::kube_proxy_tag`
+Default value: `"${etcd_name}.etcd"`
-##### `kubeconfig`
+##### `ensure`
-Data type: `Stdlib::Unixpath`
+Data type: `K8s::Ensure`
-The path to the kubeconfig file to use
+set ensure for installation or deinstallation
-Default value: `$k8s::server::resources::kubeconfig`
+Default value: `'present'`
-##### `registry`
+##### `etcd_name`
Data type: `String[1]`
-The kube-proxy image registry to use
-
-Default value: `$k8s::server::resources::kube_proxy_registry`
-
-### `k8s::server::scheduler`
+The etcd instance name
-Installs and configures a Kubernetes scheduler
+Default value: `$facts['networking']['hostname']`
-#### Parameters
+##### `fqdn`
-The following parameters are available in the `k8s::server::scheduler` class:
+Data type: `String[1]`
-* [`ensure`](#-k8s--server--scheduler--ensure)
-* [`control_plane_url`](#-k8s--server--scheduler--control_plane_url)
-* [`arguments`](#-k8s--server--scheduler--arguments)
-* [`cert_path`](#-k8s--server--scheduler--cert_path)
-* [`ca_cert`](#-k8s--server--scheduler--ca_cert)
-* [`cert`](#-k8s--server--scheduler--cert)
-* [`key`](#-k8s--server--scheduler--key)
-* [`container_registry`](#-k8s--server--scheduler--container_registry)
-* [`container_image`](#-k8s--server--scheduler--container_image)
-* [`container_image_tag`](#-k8s--server--scheduler--container_image_tag)
+fully qualified domain name
-##### `ensure`
+Default value: `$facts['networking']['fqdn']`
-Data type: `K8s::Ensure`
+##### `gid`
-Whether the scheduler should be configured.
+Data type: `Optional[Integer[0, 65535]]`
-Default value: `$k8s::server::ensure`
+The group system id
-##### `control_plane_url`
+Default value: `undef`
-Data type: `Stdlib::HTTPUrl`
+##### `group`
-The URL of the Kubernetes API server.
+Data type: `String[1]`
-Default value: `$k8s::control_plane_url`
+etcd system user group
-##### `arguments`
+Default value: `'etcd'`
-Data type: `Hash[String, Data]`
+##### `initial_advertise_peer_urls`
-Additional arguments to pass to the scheduler.
+Data type: `Array[Stdlib::HTTPUrl]`
-Default value: `{}`
+The peer urls to advertise
-##### `cert_path`
+Default value: `["https://${fqdn}:2380"]`
-Data type: `Stdlib::Unixpath`
+##### `initial_cluster`
-The path to the directory containing the TLS certificates.
+Data type: `Array[String[1]]`
-Default value: `$k8s::server::tls::cert_path`
+The initial cluster
-##### `ca_cert`
+Default value: `[]`
-Data type: `Stdlib::Unixpath`
+##### `initial_cluster_state`
-The path to the CA certificate.
+Data type: `Optional[Enum['existing', 'new']]`
-Default value: `$k8s::server::tls::ca_cert`
+The initial cluster state
-##### `cert`
+Default value: `undef`
-Data type: `Stdlib::Unixpath`
+##### `initial_cluster_token`
-The path to the scheduler certificate.
+Data type: `Optional[String[1]]`
-Default value: `"${cert_path}/kube-scheduler.pem"`
+The initial cluster token
-##### `key`
+Default value: `undef`
-Data type: `Stdlib::Unixpath`
+##### `install`
-The path to the scheduler key.
+Data type: `Enum['archive','package']`
-Default value: `"${cert_path}/kube-scheduler.key"`
+etcd installation method
-##### `container_registry`
+Default value: `'archive'`
-Data type: `String[1]`
+##### `key_file`
-The container registry to pull images from.
+Data type: `Optional[Stdlib::Unixpath]`
-Default value: `$k8s::container_registry`
+path to the key file
-##### `container_image`
+Default value: `undef`
-Data type: `String[1]`
+##### `listen_client_urls`
-The container image to use for the scheduler.
+Data type: `Array[Stdlib::HTTPUrl]`
-Default value: `'kube-scheduler'`
+The client urls to listen on
-##### `container_image_tag`
+Default value: `['https://[::]:2379']`
-Data type: `Optional[String[1]]`
+##### `listen_peer_urls`
-The container image tag to use for the scheduler.
+Data type: `Array[Stdlib::HTTPUrl]`
-Default value: `$k8s::container_image_tag`
+The peer urls to listen on
-### `k8s::server::tls`
+Default value: `['https://[::]:2380']`
-Generates the necessary Kubernetes certificates for a server
+##### `package`
-#### Parameters
+Data type: `String[1]`
-The following parameters are available in the `k8s::server::tls` class:
+etcd package name
-* [`aggregator_ca_cert`](#-k8s--server--tls--aggregator_ca_cert)
-* [`aggregator_ca_key`](#-k8s--server--tls--aggregator_ca_key)
-* [`api_addn_names`](#-k8s--server--tls--api_addn_names)
-* [`api_service_address`](#-k8s--server--tls--api_service_address)
-* [`ca_cert`](#-k8s--server--tls--ca_cert)
-* [`ca_key`](#-k8s--server--tls--ca_key)
-* [`cert_path`](#-k8s--server--tls--cert_path)
-* [`cluster_domain`](#-k8s--server--tls--cluster_domain)
-* [`ensure`](#-k8s--server--tls--ensure)
-* [`generate_ca`](#-k8s--server--tls--generate_ca)
-* [`key_bits`](#-k8s--server--tls--key_bits)
-* [`manage_certs`](#-k8s--server--tls--manage_certs)
-* [`valid_days`](#-k8s--server--tls--valid_days)
+Default value: `'etcd'`
-##### `aggregator_ca_cert`
+##### `peer_auto_tls`
-Data type: `Stdlib::Unixpath`
+Data type: `Optional[Boolean]`
-The path to the aggregator CA certificate
+Use peer auto tls
-Default value: `$k8s::server::aggregator_ca_cert`
+Default value: `undef`
-##### `aggregator_ca_key`
+##### `peer_cert_file`
-Data type: `Stdlib::Unixpath`
+Data type: `Optional[Stdlib::Unixpath]`
-The path to the aggregator CA key
+path to the peer cert file
-Default value: `$k8s::server::aggregator_ca_key`
+Default value: `undef`
-##### `api_addn_names`
+##### `peer_client_cert_auth`
-Data type: `K8s::TLS_altnames`
+Data type: `Boolean`
-Additional names to add to the API server certificate
+Use peer client cert auth
-Default value: `[]`
+Default value: `false`
-##### `api_service_address`
+##### `peer_key_file`
-Data type: `Stdlib::IP::Address::Nosubnet`
+Data type: `Optional[Stdlib::Unixpath]`
-The API service address
+path to the peer key file
-Default value: `$k8s::api_service_address`
+Default value: `undef`
-##### `ca_cert`
+##### `peer_trusted_ca_file`
-Data type: `Stdlib::Unixpath`
+Data type: `Optional[Stdlib::Unixpath]`
-The path to the CA certificate
+path to the peer trusted ca file
-Default value: `$k8s::server::ca_cert`
+Default value: `undef`
-##### `ca_key`
+##### `proxy`
-Data type: `Stdlib::Unixpath`
+Data type: `Enum['on','off','readonly']`
-The path to the CA key
+The proxy mode
-Default value: `$k8s::server::ca_key`
+Default value: `'off'`
-##### `cert_path`
+##### `storage_path`
Data type: `Stdlib::Unixpath`
-The path to the certificates
-
-Default value: `$k8s::server::cert_path`
-
-##### `cluster_domain`
-
-Data type: `String[1]`
-
-The cluster domain
-
-Default value: `$k8s::cluster_domain`
-
-##### `ensure`
-
-Data type: `K8s::Ensure`
-
-Whether to generate the certificates or not
+path to the working dir of etcd
-Default value: `'present'`
+Default value: `'/var/lib/etcd'`
-##### `generate_ca`
+##### `trusted_ca_file`
-Data type: `Boolean`
+Data type: `Optional[Stdlib::Unixpath]`
-Whether to generate the CA or not
+path to the trusted ca file
-Default value: `$k8s::server::generate_ca`
+Default value: `undef`
-##### `key_bits`
+##### `uid`
-Data type: `Integer[512]`
+Data type: `Optional[Integer[0, 65535]]`
-The number of bits to use for the key
+The user system id
-Default value: `2048`
+Default value: `undef`
-##### `manage_certs`
+##### `user`
-Data type: `Boolean`
+Data type: `String[1]`
-Whether to manage the certificates or not
+etcd system user
-Default value: `$k8s::server::manage_certs`
+Default value: `'etcd'`
-##### `valid_days`
+##### `version`
-Data type: `Integer[1]`
+Data type: `String[1]`
-The number of days the certificate is valid for
+The ectd version to install
-Default value: `10000`
+Default value: `$k8s::etcd_version`
### `k8s::server::wait_online`
@@ -4178,6 +2645,14 @@ a type to describe node/kubelet authentication methods
Alias of `Enum['cert', 'token', 'bootstrap']`
+### `K8s::Node_role`
+
+a type to describe a type of Kubernetes node
+
+* **Note** server/control-plane are identical, one using the Puppet term, the other the Kubernetes term
+
+Alias of `Enum['node', 'server', 'control-plane', 'etcd-replica', 'none']`
+
### `K8s::PortRange`
This regexp matches port range values
diff --git a/manifests/common.pp b/manifests/common.pp
new file mode 100644
index 0000000..b077320
--- /dev/null
+++ b/manifests/common.pp
@@ -0,0 +1,74 @@
+# @summary Sets up common Kubernetes components - users/groups/folders/etc
+# @api private
+class k8s::common {
+ assert_private()
+
+ group { $k8s::group:
+ ensure => present,
+ system => true,
+ gid => $k8s::gid,
+ }
+
+ user { $k8s::user:
+ ensure => present,
+ comment => 'Kubernetes user',
+ gid => $k8s::group,
+ home => '/srv/kubernetes',
+ managehome => false,
+ shell => (fact('os.family') ? {
+ 'Debian' => '/usr/sbin/nologin',
+ default => '/sbin/nologin',
+ }),
+ system => true,
+ uid => $k8s::uid,
+ }
+
+ file {
+ default:
+ ensure => directory,
+ force => true,
+ purge => true,
+ recurse => true;
+
+ '/opt/k8s': ;
+ '/opt/k8s/bin': ;
+ }
+
+ file { '/var/run/kubernetes':
+ ensure => directory,
+ owner => $k8s::user,
+ group => $k8s::group,
+ }
+
+ file { "${k8s::sysconfig_path}/kube-common":
+ ensure => file,
+ content => epp('k8s/sysconfig.epp', {
+ comment => 'General Kubernetes Configuration',
+ environment_variables => {
+ 'KUBE_LOG_LEVEL' => '',
+ },
+ }),
+ }
+
+ file {
+ default:
+ ensure => directory;
+
+ '/etc/kubernetes': ;
+ '/etc/kubernetes/certs': ;
+ '/etc/kubernetes/manifests':
+ purge => $k8s::purge_manifests,
+ recurse => true;
+ '/root/.kube': ;
+ '/srv/kubernetes':
+ owner => $k8s::user,
+ group => $k8s::group;
+ '/usr/libexec/kubernetes': ;
+ '/var/lib/kubelet': ;
+ '/var/lib/kubelet/pki': ;
+
+ '/usr/share/containers/': ;
+ '/usr/share/containers/oci/': ;
+ '/usr/share/containers/oci/hooks.d': ;
+ }
+}
diff --git a/manifests/init.pp b/manifests/init.pp
index c5965be..0a47466 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -37,10 +37,10 @@
# @param puppetdb_discovery whether to use puppetdb for node discovery
# @param puppetdb_discovery_tag tag to use for puppetdb node discovery
# @param purge_manifests whether to purge manifests
-# @param role role of the node
+# @param role the role of the node
# @param runc_version version of runc to install
# @param service_cluster_cidr CIDR for the service network
-# @param sysconfig_path path to the sysconfig directory
+# @param sysconfig_path path to the sysconfig directory, per-OS values are configured in hiera
# @param tarball_url_template template for tarball packaging
# @param uid user id for kubernetes files and services
# @param user username for kubernetes files and services
@@ -82,7 +82,7 @@
String[1] $tarball_url_template = 'https://dl.k8s.io/release/v%{version}/kubernetes-%{component}-%{kernel}-%{arch}.tar.gz',
String[1] $package_template = 'kubernetes-%{component}',
String[1] $hyperkube_name = 'hyperkube',
- Optional[Stdlib::Unixpath] $sysconfig_path = undef,
+ Stdlib::Unixpath $sysconfig_path = '/etc/sysconfig',
K8s::Node_auth $node_auth = 'bootstrap',
@@ -95,7 +95,7 @@
Stdlib::Fqdn $cluster_domain = 'cluster.local',
String[1] $etcd_cluster_name = 'default',
- Enum['node','server','none'] $role = 'none',
+ Optional[K8s::Node_role] $role = undef,
Optional[K8s::Firewall] $firewall_type = undef,
String[1] $user = 'kube',
@@ -103,100 +103,11 @@
Integer[0, 65535] $uid = 888,
Integer[0, 65535] $gid = 888,
) {
- if $manage_container_manager {
- include k8s::install::container_runtime
- }
-
- group { $group:
- ensure => present,
- system => true,
- gid => $gid,
- }
-
- user { $user:
- ensure => present,
- comment => 'Kubernetes user',
- gid => $group,
- home => '/srv/kubernetes',
- managehome => false,
- shell => (fact('os.family') ? {
- 'Debian' => '/usr/sbin/nologin',
- default => '/sbin/nologin',
- }),
- system => true,
- uid => $uid,
- }
-
- file {
- default:
- ensure => directory,
- force => true,
- purge => true,
- recurse => true;
-
- '/opt/k8s': ;
- '/opt/k8s/bin': ;
- }
-
- file { '/var/run/kubernetes':
- ensure => directory,
- owner => $user,
- group => $group,
- }
-
- $_sysconfig_path = pick($sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-common":
- ensure => file,
- content => epp('k8s/sysconfig.epp', {
- comment => 'General Kubernetes Configuration',
- environment_variables => {
- 'KUBE_LOG_LEVEL' => '',
- },
- }),
- }
-
- file {
- default:
- ensure => directory;
-
- '/etc/kubernetes': ;
- '/etc/kubernetes/certs': ;
- '/etc/kubernetes/manifests':
- purge => $purge_manifests,
- recurse => true;
- '/root/.kube': ;
- '/srv/kubernetes':
- owner => $user,
- group => $group;
- '/usr/libexec/kubernetes': ;
- '/var/lib/kubelet': ;
- '/var/lib/kubelet/pki': ;
-
- '/usr/share/containers/': ;
- '/usr/share/containers/oci/': ;
- '/usr/share/containers/oci/hooks.d': ;
- }
-
- if $manage_repo {
- include k8s::repo
- }
-
- if $manage_packages {
- # Ensure conntrack is installed to properly handle networking cleanup
- if fact('os.family') == 'Debian' {
- $_conntrack = 'conntrack'
- } else {
- $_conntrack = 'conntrack-tools'
- }
-
- ensure_packages([$_conntrack,])
- }
-
- include k8s::install::cni_plugins
-
- if $role == 'server' {
- include k8s::server
+ if $role == 'server' or $role == 'control-plane' {
+ contain k8s::server
} elsif $role == 'node' {
- include k8s::node
+ contain k8s::node
+ } elsif $role == 'etcd-replica' {
+ contain k8s::server::etcd
}
}
diff --git a/manifests/install/container_runtime.pp b/manifests/install/container_runtime.pp
index ff28af1..e7a7e10 100644
--- a/manifests/install/container_runtime.pp
+++ b/manifests/install/container_runtime.pp
@@ -87,6 +87,6 @@
}
if $manage_repo {
- Class['k8s::repo'] -> Package['k8s container manager']
+ require k8s::repo
}
}
diff --git a/manifests/install/crictl.pp b/manifests/install/crictl.pp
index 9abd559..9fd4f93 100644
--- a/manifests/install/crictl.pp
+++ b/manifests/install/crictl.pp
@@ -21,8 +21,9 @@
Stdlib::HTTPUrl $download_url_template = 'https://github.com/kubernetes-sigs/cri-tools/releases/download/%{version}/crictl-%{version}-linux-%{arch}.tar.gz',
) {
if $manage_repo {
- $pkg = pick($crictl_package, 'cri-tools')
+ include k8s::repo
+ $pkg = pick($crictl_package, 'cri-tools')
package { $pkg:
ensure => stdlib::ensure($ensure, 'package'),
}
diff --git a/manifests/node.pp b/manifests/node.pp
index 001988e..117bbbd 100644
--- a/manifests/node.pp
+++ b/manifests/node.pp
@@ -54,6 +54,24 @@
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
) {
+ include k8s::common
+ include k8s::install::cni_plugins
+
+ if $k8s::manage_container_manager {
+ include k8s::install::container_runtime
+ }
+ if $k8s::manage_repo {
+ include k8s::repo
+ }
+ if $k8s::manage_packages {
+ # Ensure conntrack is installed to properly handle networking cleanup
+ $_conntrack = fact('os.family') ? {
+ 'Debian' => 'conntrack',
+ default => 'conntrack-tools',
+ }
+ ensure_packages([$_conntrack,])
+ }
+
if $manage_crictl {
include k8s::install::crictl
}
diff --git a/manifests/node/kube_proxy.pp b/manifests/node/kube_proxy.pp
index 0cc79b4..ac1c1b5 100644
--- a/manifests/node/kube_proxy.pp
+++ b/manifests/node/kube_proxy.pp
@@ -1,4 +1,5 @@
# @summary Sets up a on-node kube-proxy instance
+# @api private
#
# For most use-cases, running kube-proxy inside the cluster itself is recommended
#
@@ -100,8 +101,7 @@
if $k8s::packaging == 'container' {
} else {
- $_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-proxy":
+ file { "${k8s::sysconfig_path}/kube-proxy":
ensure => $_ensure,
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes kube-proxy configuration',
@@ -122,7 +122,7 @@
bin => 'kube-proxy',
}),
require => [
- File["${_sysconfig_path}/kube-proxy"],
+ File["${k8s::sysconfig_path}/kube-proxy"],
User[$k8s::user],
],
notify => Service['kube-proxy'],
diff --git a/manifests/node/kubelet.pp b/manifests/node/kubelet.pp
index 04dc3fa..706e567 100644
--- a/manifests/node/kubelet.pp
+++ b/manifests/node/kubelet.pp
@@ -1,4 +1,5 @@
# @summary Installs and configures kubelet
+# @api private
#
# @param arguments additional arguments to pass to kubelet
# @param auth type of node authentication
@@ -52,6 +53,8 @@
Optional[K8s::Firewall] $firewall_type = $k8s::node::firewall_type,
) {
+ assert_private()
+
k8s::binary { 'kubelet':
ensure => $ensure,
notify => Service['kubelet'],
@@ -231,8 +234,7 @@
node_ip => $_node_ip,
} + $arguments)
- $_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kubelet":
+ file { "${k8s::sysconfig_path}/kubelet":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes Kubelet configuration',
environment_variables => {
@@ -252,7 +254,7 @@
bin => 'kubelet',
}),
require => [
- File["${_sysconfig_path}/kubelet", '/etc/kubernetes/kubelet.conf'],
+ File["${k8s::sysconfig_path}/kubelet", '/etc/kubernetes/kubelet.conf'],
User[$k8s::user],
],
notify => Service['kubelet'],
diff --git a/manifests/server.pp b/manifests/server.pp
index 0d504a7..b9758b5 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -59,6 +59,8 @@
Optional[K8s::Firewall] $firewall_type = $k8s::firewall_type,
String[1] $etcd_cluster_name = $k8s::etcd_cluster_name,
) {
+ include k8s::common
+
if $manage_etcd {
class { 'k8s::server::etcd':
ensure => $ensure,
diff --git a/manifests/server/apiserver.pp b/manifests/server/apiserver.pp
index 920dd87..55c3beb 100644
--- a/manifests/server/apiserver.pp
+++ b/manifests/server/apiserver.pp
@@ -1,4 +1,5 @@
# @summary Installs and configures a Kubernetes apiserver
+# @api private
#
# @param advertise_address bind address of the apiserver
# @param aggregator_ca_cert path to the aggregator ca cert file
@@ -263,8 +264,7 @@
}
# TODO: Create a dummy kube-apiserver service that just requires kubelet
} else {
- $_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-apiserver":
+ file { "${k8s::sysconfig_path}/kube-apiserver":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes API Server configuration',
environment_variables => {
@@ -287,7 +287,7 @@
group => $k8s::group,
}),
require => [
- File["${_sysconfig_path}/kube-apiserver"],
+ File["${k8s::sysconfig_path}/kube-apiserver"],
User[$k8s::user],
],
notify => Service['kube-apiserver'],
diff --git a/manifests/server/controller_manager.pp b/manifests/server/controller_manager.pp
index 08860a4..afbe003 100644
--- a/manifests/server/controller_manager.pp
+++ b/manifests/server/controller_manager.pp
@@ -1,4 +1,5 @@
# @summary Installs and configures a Kubernetes controller manager
+# @api private
#
# @param arguments Additional arguments to pass to the controller manager.
# @param ca_cert The path to the CA certificate.
@@ -90,8 +91,7 @@
client_key => $key,
}
- $_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-controller-manager":
+ file { "${k8s::sysconfig_path}/kube-controller-manager":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes Controller Manager configuration',
environment_variables => {
@@ -115,7 +115,7 @@
group => $k8s::group,
}),
require => [
- File["${_sysconfig_path}/kube-controller-manager"],
+ File["${k8s::sysconfig_path}/kube-controller-manager"],
User[$k8s::user],
],
notify => Service['kube-controller-manager'],
diff --git a/manifests/server/etcd.pp b/manifests/server/etcd.pp
index 8dc4375..08f2a74 100644
--- a/manifests/server/etcd.pp
+++ b/manifests/server/etcd.pp
@@ -4,7 +4,7 @@
# @param cert_path path to cert files
# @param client_ca_cert path to the client ca cert
# @param client_ca_key path to the client ca key
-# @param cluster_name name of the etcd cluster for searching its nodes in the puppetdb
+# @param cluster_name name of the etcd cluster for searching its nodes in the puppetdb, will use k8s::etcd_cluster_name unless otherwise specified
# @param ensure set ensure for installation or deinstallation
# @param firewall_type define the type of firewall to use
# @param generate_ca whether to generate a own ca or not
@@ -18,17 +18,17 @@
# @param puppetdb_discovery_tag enable puppetdb resource searching
# @param self_signed_tls whether to use self signed tls or not
# @param user user to run etcd as
-# @param version version of ectd to install
+# @param version version of ectd to install, will use k8s::etcd_version unless otherwise specified
#
class k8s::server::etcd (
K8s::Ensure $ensure = 'present',
- String[1] $version = pick($k8s::etcd_version, '3.5.1'),
+ String[1] $version = $k8s::etcd_version,
- Boolean $manage_setup = true,
- Boolean $manage_firewall = false,
- Boolean $manage_members = false,
- String[1] $cluster_name = pick($k8s::server::etcd_cluster_name, 'default'),
- String[1] $puppetdb_discovery_tag = pick($k8s::server::puppetdb_discovery_tag, $cluster_name),
+ Boolean $manage_setup = true,
+ Boolean $manage_firewall = false,
+ Boolean $manage_members = false,
+ Optional[String[1]] $cluster_name = undef,
+ Optional[String[1]] $puppetdb_discovery_tag = $cluster_name,
Boolean $self_signed_tls = false,
Boolean $manage_certs = true,
@@ -42,7 +42,8 @@
Stdlib::Unixpath $client_ca_key = "${cert_path}/client-ca.key",
Stdlib::Unixpath $client_ca_cert = "${cert_path}/client-ca.pem",
- Optional[K8s::Firewall] $firewall_type = $k8s::server::firewall_type,
+ Optional[K8s::Firewall] $firewall_type = undef,
+
String[1] $user = 'etcd',
String[1] $group = 'etcd',
) {
@@ -117,11 +118,10 @@
}
}
- if $manage_setup and !$manage_members {
- include k8s::server::etcd::setup
- }
-
if $ensure == 'present' and $manage_members {
+ $_cluster_name = pick($cluster_name, $k8s::etcd_cluster_name, 'default')
+ $_puppetdb_discovery_tag = pick($puppetdb_discovery_tag, $cluster_name, $k8s::puppetdb_discovery_tag, 'default')
+
# Needs the PuppetDB terminus installed
$pql_query = [
'resources[certname,parameters] {',
@@ -131,8 +131,8 @@
' resources {',
' type = \'Class\' and',
' title = \'K8s::Server::Etcd\' and',
- " parameters.cluster_name = '${cluster_name}' and",
- " parameters.puppetdb_discovery_tag = '${puppetdb_discovery_tag}' and",
+ " parameters.cluster_name = '${_cluster_name}' and",
+ " parameters.puppetdb_discovery_tag = '${_puppetdb_discovery_tag}' and",
" certname != '${trusted[certname]}'",
' }',
' }',
@@ -140,16 +140,14 @@
].join(' ')
$cluster_nodes = puppetdb_query($pql_query)
- if $manage_setup {
- class { 'k8s::server::etcd::setup':
- initial_cluster => $cluster_nodes.map |$node| {
- "${node['parameters']['etcd_name']}=${node['parameters']['initial_advertise_peer_urls'][0]}"
- },
- initial_cluster_state => ($cluster_nodes.size() ? {
- 0 => 'new',
- default => 'existing',
- }),
- }
+ $_setup_splat = {
+ initial_cluster => $cluster_nodes.map |$node| {
+ "${node['parameters']['etcd_name']}=${node['parameters']['initial_advertise_peer_urls'][0]}"
+ },
+ initial_cluster_state => ($cluster_nodes.size() ? {
+ 0 => 'new',
+ default => 'existing',
+ }),
}
$cluster_nodes.each |$node| {
@@ -161,17 +159,31 @@
cluster_key => "${cert_path}/etcd-client.key",
}
}
+ } else {
+ $_setup_splat = {}
+ }
+
+ if $manage_setup {
+ class { 'k8s::server::etcd::setup':
+ ensure => $ensure,
+ version => $version,
+ user => $user,
+ group => $group,
+ * => $_setup_splat,
+ }
}
if $manage_firewall {
if $facts['firewalld_version'] {
- $_firewall_type = pick($firewall_type, 'firewalld')
+ $_firewall_type = pick($firewall_type, $k8s::firewall_type, 'firewalld')
} else {
- $_firewall_type = pick($firewall_type, 'iptables')
+ $_firewall_type = pick($firewall_type, $k8s::firewall_type, 'iptables')
}
case $_firewall_type {
'firewalld' : {
+ include firewalld
+
firewalld_service {
default:
ensure => $ensure,
diff --git a/manifests/server/etcd/setup.pp b/manifests/server/etcd/setup.pp
index da774e3..5e03b68 100644
--- a/manifests/server/etcd/setup.pp
+++ b/manifests/server/etcd/setup.pp
@@ -35,10 +35,10 @@
# @param version The ectd version to install
#
class k8s::server::etcd::setup (
- K8s::Ensure $ensure = $k8s::server::etcd::ensure,
+ K8s::Ensure $ensure = 'present',
Enum['archive','package'] $install = 'archive',
String[1] $package = 'etcd',
- String[1] $version = $k8s::server::etcd::version,
+ String[1] $version = $k8s::etcd_version,
String[1] $etcd_name = $facts['networking']['hostname'],
String[1] $fqdn = $facts['networking']['fqdn'],
@@ -56,14 +56,14 @@
Optional[Stdlib::Unixpath] $peer_cert_file = undef,
Optional[Stdlib::Unixpath] $peer_key_file = undef,
Optional[Stdlib::Unixpath] $peer_trusted_ca_file = undef,
+ Optional[Boolean] $peer_auto_tls = undef,
Boolean $peer_client_cert_auth = false,
- Boolean $peer_auto_tls = $k8s::server::etcd::self_signed_tls,
Optional[Stdlib::Unixpath] $cert_file = undef,
Optional[Stdlib::Unixpath] $key_file = undef,
Optional[Stdlib::Unixpath] $trusted_ca_file = undef,
+ Optional[Boolean] $auto_tls = undef,
Boolean $client_cert_auth = false,
- Boolean $auto_tls = $k8s::server::etcd::self_signed_tls,
Optional[Integer] $auto_compaction_retention = undef,
Optional[Enum['existing', 'new']] $initial_cluster_state = undef,
@@ -72,11 +72,21 @@
Optional[Stdlib::Unixpath] $binary_path = undef,
Stdlib::Unixpath $storage_path = '/var/lib/etcd',
- String[1] $user = $k8s::server::etcd::user,
- String[1] $group = $k8s::server::etcd::group,
+ String[1] $user = 'etcd',
+ String[1] $group = 'etcd',
Optional[Integer[0, 65535]] $uid = undef,
Optional[Integer[0, 65535]] $gid = undef,
) {
+ if defined(Class['k8s::server::etcd']) {
+ $_k8s_server_etcd_self_signed_tls = $k8s::server::etcd::self_signed_tls
+ $_k8s_server_etcd_manage_certs = $k8s::server::etcd::manage_certs
+ } else {
+ $_k8s_server_etcd_self_signed_tls = lookup('k8s::server::etcd::self_signed_tls', default_value => undef)
+ $_k8s_server_etcd_manage_certs = lookup('k8s::server::etcd::manage_certs', default_value => undef)
+ }
+ $_peer_auto_tls = pick($peer_auto_tls, $_k8s_server_etcd_self_signed_tls, false)
+ $_auto_tls = pick($auto_tls, $_k8s_server_etcd_self_signed_tls, false)
+
if $install == 'archive' {
$_url = k8s::format_url($archive_template, { version => $version, })
$_file = basename($_url)
@@ -134,7 +144,7 @@
}
# Use generated certs by default
- if !$k8s::server::etcd::self_signed_tls and $k8s::server::etcd::manage_certs {
+ if !$_k8s_server_etcd_self_signed_tls and $_k8s_server_etcd_manage_certs {
$_dir = "${storage_path}/certs"
$_cert_file = pick($cert_file, "${_dir}/etcd-server.pem")
$_key_file = pick($key_file, "${_dir}/etcd-server.key")
@@ -178,10 +188,12 @@
key_file => $_key_file,
trusted_ca_file => $_trusted_ca_file,
client_cert_auth => $_client_cert_auth,
+ auto_tls => $_auto_tls,
peer_cert_file => $_peer_cert_file,
peer_key_file => $_peer_key_file,
peer_trusted_ca_file => $_peer_trusted_ca_file,
peer_client_cert_auth => $_peer_client_cert_auth,
+ peer_auto_tls => $_peer_auto_tls,
auto_compaction_retention => $auto_compaction_retention,
initial_cluster_state => $initial_cluster_state,
initial_cluster_token => $initial_cluster_token,
diff --git a/manifests/server/resources.pp b/manifests/server/resources.pp
index cf9f28e..36e84b1 100644
--- a/manifests/server/resources.pp
+++ b/manifests/server/resources.pp
@@ -1,4 +1,5 @@
# @summary Generates and deploys standard Kubernetes in-cluster services
+# @api private
#
# @param ca_cert the path to the CA certificate to use for the cluster
# @param cluster_cidr the CIDR to use for the cluster
diff --git a/manifests/server/resources/bootstrap.pp b/manifests/server/resources/bootstrap.pp
index 2815581..8244db5 100644
--- a/manifests/server/resources/bootstrap.pp
+++ b/manifests/server/resources/bootstrap.pp
@@ -1,4 +1,5 @@
# @summary Generates and deploys the default Puppet boostrap configuration into the cluster
+# @api private
#
# @param control_plane_url The main API URL to encode in the bootstrap configuration
# @param ensure Whether the resources should be present or absent
diff --git a/manifests/server/resources/coredns.pp b/manifests/server/resources/coredns.pp
index 1c18b62..f0b8120 100644
--- a/manifests/server/resources/coredns.pp
+++ b/manifests/server/resources/coredns.pp
@@ -1,4 +1,5 @@
# @summary Generates and deploys the default CoreDNS DNS provider for Kubernetes
+# @api private
#
# @param cluster_domain The cluster domain to use for the CoreDNS ConfigMap
# @param corefile_content The content to use for the CoreDNS ConfigMap
diff --git a/manifests/server/resources/flannel.pp b/manifests/server/resources/flannel.pp
index 19a0d8b..22da3a9 100644
--- a/manifests/server/resources/flannel.pp
+++ b/manifests/server/resources/flannel.pp
@@ -1,4 +1,5 @@
# @summary Generates and deploys the default CoreDNS DNS provider for Kubernetes
+# @api private
#
# @param cluster_cidr The internal cluster CIDR to proxy for
# @param cni_image The Flannel CNI plugin image name to use
diff --git a/manifests/server/resources/kube_proxy.pp b/manifests/server/resources/kube_proxy.pp
index 81d935e..a161e65 100644
--- a/manifests/server/resources/kube_proxy.pp
+++ b/manifests/server/resources/kube_proxy.pp
@@ -1,4 +1,5 @@
# @summary Generates and deploys the default kube-proxy service for Kubernetes
+# @api private
#
# @param cluster_cidr The internal cluster CIDR to proxy for
# @param daemonset_config Additional configuration to merge into the DaemonSet object
diff --git a/manifests/server/scheduler.pp b/manifests/server/scheduler.pp
index ab96dff..6b8b640 100644
--- a/manifests/server/scheduler.pp
+++ b/manifests/server/scheduler.pp
@@ -1,4 +1,5 @@
# @summary Installs and configures a Kubernetes scheduler
+# @api private
#
# @param ensure Whether the scheduler should be configured.
# @param control_plane_url The URL of the Kubernetes API server.
@@ -68,8 +69,7 @@
client_cert => $cert,
client_key => $key,
}
- $_sysconfig_path = pick($k8s::sysconfig_path, '/etc/sysconfig')
- file { "${_sysconfig_path}/kube-scheduler":
+ file { "${k8s::sysconfig_path}/kube-scheduler":
content => epp('k8s/sysconfig.epp', {
comment => 'Kubernetes Scheduler configuration',
environment_variables => {
@@ -93,7 +93,7 @@
group => $k8s::group,
}),
require => [
- File["${_sysconfig_path}/kube-scheduler"],
+ File["${k8s::sysconfig_path}/kube-scheduler"],
User[$k8s::user],
],
notify => Service['kube-scheduler'],
diff --git a/manifests/server/tls.pp b/manifests/server/tls.pp
index a89c334..a27f374 100644
--- a/manifests/server/tls.pp
+++ b/manifests/server/tls.pp
@@ -1,4 +1,5 @@
# @summary Generates the necessary Kubernetes certificates for a server
+# @api private
#
# @param aggregator_ca_cert The path to the aggregator CA certificate
# @param aggregator_ca_key The path to the aggregator CA key
@@ -32,6 +33,7 @@
Stdlib::Unixpath $aggregator_ca_key = $k8s::server::aggregator_ca_key,
Stdlib::Unixpath $aggregator_ca_cert = $k8s::server::aggregator_ca_cert,
) {
+ assert_private()
if $manage_certs or $ensure == 'absent' {
if !defined(File[$cert_path]) {
file { $cert_path:
diff --git a/spec/classes/k8s_spec.rb b/spec/classes/k8s_spec.rb
index 1473ccb..bd1bf48 100644
--- a/spec/classes/k8s_spec.rb
+++ b/spec/classes/k8s_spec.rb
@@ -10,7 +10,7 @@
it { is_expected.to compile }
- %w[node server].each do |role|
+ %w[node server etcd-replica].each do |role|
context "with role #{role}" do
let(:params) do
{
diff --git a/spec/classes/node_spec.rb b/spec/classes/node_spec.rb
index aedb226..637d23c 100644
--- a/spec/classes/node_spec.rb
+++ b/spec/classes/node_spec.rb
@@ -14,6 +14,12 @@
let(:facts) { os_facts }
it { is_expected.to compile }
+
+ if os_facts.dig('os', 'family') == 'Debian'
+ it { is_expected.to contain_package 'conntrack' }
+ else
+ it { is_expected.to contain_package 'conntrack-tools' }
+ end
end
end
end
diff --git a/spec/classes/server/etcd_spec.rb b/spec/classes/server/etcd_spec.rb
index 888a7c1..780916f 100644
--- a/spec/classes/server/etcd_spec.rb
+++ b/spec/classes/server/etcd_spec.rb
@@ -10,51 +10,97 @@
manage_members: true
}
end
- let(:pre_condition) do
- <<~PUPPET
- function puppetdb_query(String[1] $data) {
- return [
- {
- certname => 'node.example.com',
- parameters => {
- etcd_name => 'node',
- initial_advertise_peer_urls => ['https://node.example.com:2380'],
+
+ context "with k8s included in server mode" do
+ let(:pre_condition) do
+ <<~PUPPET
+ function puppetdb_query(String[1] $data) {
+ return [
+ {
+ certname => 'node.example.com',
+ parameters => {
+ etcd_name => 'node',
+ initial_advertise_peer_urls => ['https://node.example.com:2380'],
+ }
}
- }
- ]
- }
-
- include ::k8s
- class { '::k8s::server':
- manage_etcd => false,
- manage_certs => false,
- manage_components => false,
- manage_resources => false,
- node_on_server => false,
- }
- PUPPET
- end
+ ]
+ }
- on_supported_os.each do |os, os_facts|
- context "on #{os}" do
- let(:facts) { os_facts }
+ include ::k8s
+ class { '::k8s::server':
+ manage_etcd => false,
+ manage_certs => false,
+ manage_components => false,
+ manage_resources => false,
+ node_on_server => false,
+ }
+ PUPPET
+ end
- it { is_expected.to compile }
+ on_supported_os.each do |os, os_facts|
+ context "on #{os}" do
+ let(:facts) { os_facts }
- it do
- %w[etcd-peer-ca etcd-client-ca].each do |ca|
- is_expected.to contain_k8s__server__tls__ca(ca)
+ it { is_expected.to compile }
+
+ it do
+ %w[etcd-peer-ca etcd-client-ca].each do |ca|
+ is_expected.to contain_k8s__server__tls__ca(ca)
+ end
end
- end
- it do
- %w[etcd-peer etcd-client].each do |cert|
- is_expected.to contain_k8s__server__tls__cert(cert)
+ it do
+ %w[etcd-peer etcd-client].each do |cert|
+ is_expected.to contain_k8s__server__tls__cert(cert)
+ end
end
+
+ it { is_expected.to contain_class('k8s::server::etcd::setup') }
+ it { is_expected.to contain_k8s__server__etcd__member('node').with_peer_urls(['https://node.example.com:2380']) }
end
+ end
+ end
+
+ context "with k8s included" do
+ let(:pre_condition) do
+ <<~PUPPET
+ function puppetdb_query(String[1] $data) {
+ return [
+ {
+ certname => 'node.example.com',
+ parameters => {
+ etcd_name => 'node',
+ initial_advertise_peer_urls => ['https://node.example.com:2380'],
+ }
+ }
+ ]
+ }
- it { is_expected.to contain_class('k8s::server::etcd::setup') }
- it { is_expected.to contain_k8s__server__etcd__member('node').with_peer_urls(['https://node.example.com:2380']) }
+ include ::k8s
+ PUPPET
+ end
+
+ on_supported_os.each do |os, os_facts|
+ context "on #{os}" do
+ let(:facts) { os_facts }
+
+ it { is_expected.to compile }
+
+ it do
+ %w[etcd-peer-ca etcd-client-ca].each do |ca|
+ is_expected.to contain_k8s__server__tls__ca(ca)
+ end
+ end
+
+ it do
+ %w[etcd-peer etcd-client].each do |cert|
+ is_expected.to contain_k8s__server__tls__cert(cert)
+ end
+ end
+
+ it { is_expected.to contain_class('k8s::server::etcd::setup') }
+ it { is_expected.to contain_k8s__server__etcd__member('node').with_peer_urls(['https://node.example.com:2380']) }
+ end
end
end
end
diff --git a/spec/classes/server/tls_spec.rb b/spec/classes/server/tls_spec.rb
index 42610da..e004ce0 100644
--- a/spec/classes/server/tls_spec.rb
+++ b/spec/classes/server/tls_spec.rb
@@ -11,6 +11,8 @@
end
let(:pre_condition) do
<<~PUPPET
+ function assert_private() {}
+
include ::k8s
class { '::k8s::server':
manage_etcd => false,
diff --git a/spec/type_aliases/node_role_spec.rb b/spec/type_aliases/node_role_spec.rb
new file mode 100644
index 0000000..1fa44de
--- /dev/null
+++ b/spec/type_aliases/node_role_spec.rb
@@ -0,0 +1,40 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+describe 'K8s::Node_role' do
+ describe 'valid node_role' do
+ %w[
+ node
+ server
+ control-plane
+ etcd-replica
+ none
+ ].each do |value|
+ describe value.inspect do
+ it { is_expected.to allow_value(value) }
+ end
+ end
+ end
+
+ describe 'invalid node_role' do
+ [
+ nil,
+ [nil],
+ [nil, nil],
+ { 'foo' => 'bar' },
+ {},
+ '',
+ 's',
+ 'mailto:',
+ 'blah',
+ '199',
+ 600,
+ 1_000,
+ ].each do |value|
+ describe value.inspect do
+ it { is_expected.not_to allow_value(value) }
+ end
+ end
+ end
+end
diff --git a/types/node_role.pp b/types/node_role.pp
new file mode 100644
index 0000000..bf656ad
--- /dev/null
+++ b/types/node_role.pp
@@ -0,0 +1,11 @@
+# @summary a type to describe a type of Kubernetes node
+#
+# @note server/control-plane are identical, one using the Puppet term, the other the Kubernetes term
+# @note none will install basic components, but not activate any services
+type K8s::Node_role = Enum[
+ 'node',
+ 'server',
+ 'control-plane',
+ 'etcd-replica',
+ 'none'
+]