---
# Common Ansible connection settings
ansible_user: server
ansible_become: true
ansible_become_method: sudo
 
rh_subscription_username: "changeme"
rh_subscription_password: "changeme"
# rh_subscription_org_id: ""
# rh_subscription_activation_key: ""
rh_subscription_usage: "Development"
rh_subscription_role: "Red Hat Server"
rh_subscription_sla: "Self-Support"

---
helm_enabled: true
metrics_server_enabled: true
metrics_server_kubelet_insecure_tls: true # homelab-only; use kubelet certs + set false in stricter setups
local_path_provisioner_enabled: false # install in Part 3 (set true if you want Kubespray to manage it)

---
# We set CNI to none during bootstrap because we will install and configure 
# Cilium manually in Part 2 to have full control over L2LB and Helm settings.
kube_network_plugin: none
 
# Cluster CIDRs (match with Cilium Helm install later)
kube_service_addresses: 10.233.0.0/18
kube_pods_subnet: 10.233.64.0/18
kube_network_node_prefix: 24
 
# Pin control plane to a version supported by your Kubespray branch (example below).
# Do not use an unsupported version (e.g., v1.34.x) unless your branch explicitly supports it.
kube_version: v1.29.7
kube_image_repo: registry.k8s.io
 
# Allow scheduling on control-plane nodes (homelab-only)
remove_master_taint: true
 
# Upstream DNS servers for CoreDNS/NodeLocalDNS.
upstream_dns_servers:
  - 1.1.1.1
  - 8.8.8.8
 
# Health probe compatibility (homelab-only)
kube_api_anonymous_auth: true

sudo dnf install -y git python3 python3-pip
python3 -m venv ~/kubespray-venv
source ~/kubespray-venv/bin/activate

git clone https://github.com/kubernetes-sigs/kubespray.git
cd kubespray
pip install -r requirements.txt

cp -rfp inventory/sample inventory/homelab
declare -a IPS=(10.10.0.11 10.10.0.12 10.10.0.13 10.10.0.21 10.10.0.22)
CONFIG_FILE=inventory/homelab/hosts.yaml \
  python3 contrib/inventory_builder/inventory.py ${IPS[@]}

all:
  hosts:
    m1: { ansible_host: 10.10.0.11, ip: 10.10.0.11, access_ip: 10.10.0.11 }
    m2: { ansible_host: 10.10.0.12, ip: 10.10.0.12, access_ip: 10.10.0.12 }
    m3: { ansible_host: 10.10.0.13, ip: 10.10.0.13, access_ip: 10.10.0.13 }
    w1: { ansible_host: 10.10.0.21, ip: 10.10.0.21, access_ip: 10.10.0.21 }
    w2: { ansible_host: 10.10.0.22, ip: 10.10.0.22, access_ip: 10.10.0.22 }
  children:
    kube_control_plane:
      hosts: { m1: {}, m2: {}, m3: {} }
    kube_node:
      hosts: { m1: {}, m2: {}, m3: {}, w1: {}, w2
    etcd:
      hosts: { m1: {}, m2: {}, m3: {} }

- name: Common Kubernetes node baseline (RHEL)
  hosts: k8s_cluster
  become: true
  tasks:
    - name: Disable swap
      command: swapoff -a
      when: ansible_swaptotal_mb | int > 0
 
    - name: Comment swap in fstab
      replace:
        path: /etc/fstab
        regexp: '^([^#].*\\sswap\\s)'
        replace: '# \\1'
 
    - name: Ensure kernel modules load
      copy:
        dest: /etc/modules-load.d/k8s.conf
        content: |
          overlay
          br_netfilter
 
    - name: Load kernel modules
      command: modprobe {{ item }}
      loop:
        - overlay
        - br_netfilter
 
    - name: Apply sysctl settings
      copy:
        dest: /etc/sysctl.d/k8s.conf
        content: |
          net.bridge.bridge-nf-call-iptables = 1
          net.bridge.bridge-nf-call-ip6tables = 1
          net.ipv4.ip_forward = 1
 
    - name: Reload sysctl
      command: sysctl --system

ansible-playbook -i inventory/homelab/hosts.yaml playbooks/common.yml --become

ansible-playbook -i inventory/homelab/hosts.yaml --become --become-user=root cluster.yml

mkdir -p ~/.kube
scp root@m1:/etc/kubernetes/admin.conf ~/.kube/config

kubectl get nodes -o wide
# Nodes will be in 'NotReady' status because CNI is not installed yet.
# This is expected and will be resolved in Part 2.