From e7ee4362d57e0407a8f9251fea2a125855c29982 Mon Sep 17 00:00:00 2001
From: Dov Benyomin Sohacheski <b@kloud.email>
Date: Tue, 25 Jun 2024 13:27:45 +0300
Subject: [PATCH] =?UTF-8?q?=F0=9F=8C=9F=20Complete?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 roles/k3s_agent/meta/main.yml                 |  1 +
 roles/k3s_server/meta/main.yml                |  1 +
 roles/k3s_server_post/defaults/main.yml       |  8 +++
 roles/k3s_server_post/meta/main.yml           | 51 +++++++++++++++++++
 roles/k3s_server_post/templates/calico.crs.j2 | 10 ++--
 roles/lxc/meta/main.yml                       |  7 +++
 roles/prereq/defaults/main.yml                |  4 +-
 roles/prereq/meta/main.yml                    |  7 +++
 roles/reset/meta/main.yml                     |  9 ++++
 9 files changed, 91 insertions(+), 7 deletions(-)
 create mode 100644 roles/lxc/meta/main.yml
 create mode 100644 roles/prereq/meta/main.yml
 create mode 100644 roles/reset/meta/main.yml

diff --git a/roles/k3s_agent/meta/main.yml b/roles/k3s_agent/meta/main.yml
index 04f856a..83b3c7e 100644
--- a/roles/k3s_agent/meta/main.yml
+++ b/roles/k3s_agent/meta/main.yml
@@ -32,3 +32,4 @@ argument_specs:
       systemd_dir:
         description: Path to systemd services
         default: /etc/systemd/system
+        required: true
diff --git a/roles/k3s_server/meta/main.yml b/roles/k3s_server/meta/main.yml
index ea5f151..777abbd 100644
--- a/roles/k3s_server/meta/main.yml
+++ b/roles/k3s_server/meta/main.yml
@@ -83,3 +83,4 @@ argument_specs:
       systemd_dir:
         description: Path to systemd services
         default: /etc/systemd/system
+        required: true
diff --git a/roles/k3s_server_post/defaults/main.yml b/roles/k3s_server_post/defaults/main.yml
index 982f605..10feb99 100644
--- a/roles/k3s_server_post/defaults/main.yml
+++ b/roles/k3s_server_post/defaults/main.yml
@@ -2,11 +2,18 @@
 bpf_lb_algorithm: maglev
 bpf_lb_mode: hybrid
 
+calico_blockSize: 26
 calico_ebpf: false
+calico_encapsulation: VXLANCrossSubnet
+calico_natOutgoing: Enabled
+calico_nodeSelector: all()
 calico_tag: v3.27.2
 
 cilium_bgp: false
 cilium_exportPodCIDR: true
+cilium_bgp_my_asn: 64513
+cilium_bgp_peer_asn: 64512
+cilium_bgp_lb_cidr: 192.168.31.0/24
 cilium_hubble: true
 cilium_mode: native
 
@@ -18,3 +25,4 @@ group_name_master: master
 metal_lb_mode: layer2
 metal_lb_available_timeout: 240s
 metal_lb_controller_tag_version: v0.14.3
+metal_lb_ip_range: 192.168.30.80-192.168.30.90
diff --git a/roles/k3s_server_post/meta/main.yml b/roles/k3s_server_post/meta/main.yml
index 67dd5db..58237f4 100644
--- a/roles/k3s_server_post/meta/main.yml
+++ b/roles/k3s_server_post/meta/main.yml
@@ -15,11 +15,28 @@ argument_specs:
         description: BPF lb mode
         default: hybrid
 
+      calico_blockSize:
+        description: IP pool block size
+        type: int
+        default: 26
+
       calico_ebpf:
         description: Use eBPF dataplane instead of iptables
         type: bool
         default: false
 
+      calico_encapsulation:
+        description: IP pool encapsulation
+        default: VXLANCrossSubnet
+
+      calico_natOutgoing:
+        description: IP pool NAT outgoing
+        default: Enabled
+
+      calico_nodeSelector:
+        description: IP pool node selector
+        default: all()
+
       calico_iface:
         description: The network interface used for when Calico is enabled
         default: ~
@@ -35,6 +52,24 @@ argument_specs:
         type: bool
         default: false
 
+      cilium_bgp_my_asn:
+        description: Local ASN for BGP peer
+        type: int
+        default: 64513
+
+      cilium_bgp_peer_asn:
+        description: BGP peer ASN
+        type: int
+        default: 64512
+
+      cilium_bgp_peer_address:
+        description: BGP peer address
+        default: ~
+
+      cilium_bgp_lb_cidr:
+        description: BGP load balancer IP range
+        default: 192.168.31.0/24
+
       cilium_exportPodCIDR:
         description: Export pod CIDR
         type: bool
@@ -82,6 +117,10 @@ argument_specs:
         description: Wait for MetalLB resources
         default: 240s
 
+      metal_lb_ip_range:
+        description: MetalLB ip range for load balancer
+        default: 192.168.30.80-192.168.30.90
+
       metal_lb_controller_tag_version:
         description: Image tag for MetalLB
         default: v0.14.3
@@ -92,3 +131,15 @@ argument_specs:
         choices:
           - bgp
           - layer2
+
+      metal_lb_bgp_my_asn:
+        description: BGP ASN configurations
+        default: ~
+
+      metal_lb_bgp_peer_asn:
+        description: BGP peer ASN configurations
+        default: ~
+
+      metal_lb_bgp_peer_address:
+        description: BGP peer address
+        default: ~
diff --git a/roles/k3s_server_post/templates/calico.crs.j2 b/roles/k3s_server_post/templates/calico.crs.j2
index 935c206..351b648 100644
--- a/roles/k3s_server_post/templates/calico.crs.j2
+++ b/roles/k3s_server_post/templates/calico.crs.j2
@@ -9,11 +9,11 @@ spec:
   calicoNetwork:
     # Note: The ipPools section cannot be modified post-install.
     ipPools:
-    - blockSize: {{ calico_blockSize | default('26') }}
-      cidr: {{ cluster_cidr | default('10.52.0.0/16') }}
-      encapsulation: {{ calico_encapsulation | default('VXLANCrossSubnet') }}
-      natOutgoing: {{ calico_natOutgoing | default('Enabled') }}
-      nodeSelector: {{ calico_nodeSelector | default('all()') }}
+    - blockSize: {{ calico_blockSize }}
+      cidr: {{ cluster_cidr }}
+      encapsulation: {{ calico_encapsulation }}
+      natOutgoing: {{ calico_natOutgoing }}
+      nodeSelector: {{ calico_nodeSelector }}
     nodeAddressAutodetectionV4:
       interface: {{ calico_iface  }}
     linuxDataplane: {{ 'BPF' if calico_ebpf else 'Iptables' }}
diff --git a/roles/lxc/meta/main.yml b/roles/lxc/meta/main.yml
new file mode 100644
index 0000000..497d61b
--- /dev/null
+++ b/roles/lxc/meta/main.yml
@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    short_description: Configure LXC
+    options:
+      custom_reboot_command:
+        default: ~
diff --git a/roles/prereq/defaults/main.yml b/roles/prereq/defaults/main.yml
index e469b0b..850cbbf 100644
--- a/roles/prereq/defaults/main.yml
+++ b/roles/prereq/defaults/main.yml
@@ -1,4 +1,4 @@
 ---
 secure_path:
-  RedHat: '/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin'
-  Suse: '/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin'
+  RedHat: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+  Suse: /usr/sbin:/usr/bin:/sbin:/bin:/usr/local/bin
diff --git a/roles/prereq/meta/main.yml b/roles/prereq/meta/main.yml
new file mode 100644
index 0000000..939124b
--- /dev/null
+++ b/roles/prereq/meta/main.yml
@@ -0,0 +1,7 @@
+---
+argument_specs:
+  main:
+    short_description: Prerequisites
+    options:
+      system_timezone:
+        description: Timezone to be set on all nodes
diff --git a/roles/reset/meta/main.yml b/roles/reset/meta/main.yml
new file mode 100644
index 0000000..5221b95
--- /dev/null
+++ b/roles/reset/meta/main.yml
@@ -0,0 +1,9 @@
+---
+argument_specs:
+  main:
+    short_description: Reset all nodes
+    options:
+      systemd_dir:
+        description: Path to systemd services
+        default: /etc/systemd/system
+        required: true