8 files changed, 50 insertions, 28 deletions

diff --git a/ansible/infrastructure.yml b/ansible/infrastructure.yml
index ce4d4d72..7fdbd2e1 100644
--- a/ansible/infrastructure.yml
+++ b/ansible/infrastructure.yml
@@ -18,7 +18,7 @@
     - nexus
 
 - name: Setup base for Kubernetes nodes
-  hosts: kubernetes
+  hosts: kubernetes:!infrastructure
   roles:
     - chrony
     - package-repository-check
diff --git a/ansible/inventory/hosts.yml b/ansible/inventory/hosts.yml
index 37ae4e39..4a6b68cf 100644
--- a/ansible/inventory/hosts.yml
+++ b/ansible/inventory/hosts.yml
@@ -25,20 +25,29 @@ all:
 
     # This is group of hosts which are/will be part of Kubernetes cluster.
     kubernetes:
-      hosts:
-        kubernetes-node-1:
-          ansible_host: 10.8.8.19
-          #ip of the node that it uses for communication with k8s cluster.
-          cluster_ip: 10.8.8.19
+      children:
+        # This is a group of hosts containing kubernetes worker nodes.
+        kubernetes-node:
+          hosts:
+            kubernetes-node-1:
+              ansible_host: 10.8.8.19
+              #ip of the node that it uses for communication with k8s cluster.
+              cluster_ip: 10.8.8.19
 
-    # This is a group of hosts that are to be used as kubernetes control plane nodes.
-    # This means they host kubernetes api server, controller manager and scheduler.
-    # This example uses infra for this purpose, however note that any
-    # other host could be used including kubernetes nodes.
-    # cluster_ip needs to be set for hosts used as control planes.
-    kubernetes-control-plane:
-      hosts:
-        infrastructure-server
+        # Group of hosts containing etcd cluster nodes.
+        # Defaults to infra.
+        kubernetes-etcd:
+          hosts:
+            infrastructure-server
+
+        # This is a group of hosts that are to be used as kubernetes control plane nodes.
+        # This means they host kubernetes api server, controller manager and scheduler.
+        # This example uses infra for this purpose, however note that any
+        # other host could be used including kubernetes nodes.
+        # cluster_ip needs to be set for hosts used as control planes.
+        kubernetes-control-plane:
+          hosts:
+            infrastructure-server
 
     nfs-server:
       hosts:
diff --git a/ansible/rke.yml b/ansible/rke.yml
index e0d6dcf1..13e7bb5b 100644
--- a/ansible/rke.yml
+++ b/ansible/rke.yml
@@ -9,10 +9,8 @@
       vars:
         mode: config
 
-- name: Prepare kubernetes nodes (RKE)
-  hosts:
-  - kubernetes
-  - kubernetes-control-plane
+- name: Prepare kubernetes hosts (RKE)
+  hosts: kubernetes
   roles:
     - role: rke
       vars:
diff --git a/ansible/roles/rke/molecule/default/molecule.yml b/ansible/roles/rke/molecule/default/molecule.yml
index e8e5ad76..6ae613a9 100644
--- a/ansible/roles/rke/molecule/default/molecule.yml
+++ b/ansible/roles/rke/molecule/default/molecule.yml
@@ -19,7 +19,9 @@ platforms:
       container: docker
     groups:
       - infrastructure
+      - kubernetes-etcd
       - kubernetes-control-plane
+      - kubernetes
     networks:
       - name: rke
     purge_networks: true
@@ -37,6 +39,7 @@ platforms:
       - /var/lib/docker
     groups:
       - kubernetes
+      - kubernetes-node
     networks:
       - name: rke
     purge_networks: true
@@ -54,6 +57,7 @@ platforms:
       - /var/lib/docker
     groups:
       - kubernetes
+      - kubernetes-node
     networks:
       - name: rke
     purge_networks: true
diff --git a/ansible/roles/rke/molecule/default/playbook.yml b/ansible/roles/rke/molecule/default/playbook.yml
index 09dbfb8e..fab7a0d0 100644
--- a/ansible/roles/rke/molecule/default/playbook.yml
+++ b/ansible/roles/rke/molecule/default/playbook.yml
@@ -13,10 +13,8 @@
       vars:
         mode: config
 
-- name: Prepare kubernetes nodes (RKE)
-  hosts:
-    - kubernetes
-    - kubernetes-control-plane
+- name: Prepare kubernetes hosts (RKE)
+  hosts: kubernetes
   roles:
     - role: rke
       vars:
diff --git a/ansible/roles/rke/molecule/default/tests/test_kubernetes.py b/ansible/roles/rke/molecule/default/tests/test_etcd.py
index 887494fa..0f4b6f12 100644
--- a/ansible/roles/rke/molecule/default/tests/test_kubernetes.py
+++ b/ansible/roles/rke/molecule/default/tests/test_etcd.py
@@ -4,10 +4,10 @@ import pytest
 import testinfra.utils.ansible_runner
 
 testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
-    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes')
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes-etcd')
 
 
 @pytest.mark.parametrize('container_name', [
-  'etcd', 'kubelet', 'kube-proxy'])
+  'etcd'])
 def test_container_running(host, container_name):
     assert host.docker(container_name).is_running
diff --git a/ansible/roles/rke/molecule/default/tests/test_nodes.py b/ansible/roles/rke/molecule/default/tests/test_nodes.py
new file mode 100644
index 00000000..60413018
--- /dev/null
+++ b/ansible/roles/rke/molecule/default/tests/test_nodes.py
@@ -0,0 +1,13 @@
+import os
+import pytest
+
+import testinfra.utils.ansible_runner
+
+testinfra_hosts = testinfra.utils.ansible_runner.AnsibleRunner(
+    os.environ['MOLECULE_INVENTORY_FILE']).get_hosts('kubernetes-node')
+
+
+@pytest.mark.parametrize('container_name', [
+  'kubelet', 'kube-proxy'])
+def test_container_running(host, container_name):
+    assert host.docker(container_name).is_running
diff --git a/ansible/roles/rke/templates/cluster.yml.j2 b/ansible/roles/rke/templates/cluster.yml.j2
index 64508e6f..2012ab92 100644
--- a/ansible/roles/rke/templates/cluster.yml.j2
+++ b/ansible/roles/rke/templates/cluster.yml.j2
@@ -1,7 +1,5 @@
 nodes:
-{# Note that we iterate through all nodes in relevant groups.
-We check which groups they belong to exactly later to determine roles. #}
-{% for node in groups['kubernetes'] | union(groups['kubernetes-control-plane']) %}
+{% for node in groups['kubernetes'] %}
 - address: "{{ hostvars[node].cluster_ip }}"
   port: "22"
   internal_address: "{{ hostvars[node].cluster_ip }}"
@@ -9,8 +7,10 @@ We check which groups they belong to exactly later to determine roles. #}
 {% if node in groups['kubernetes-control-plane'] %}
   - controlplane
 {% endif %}
-{% if node in groups['kubernetes'] %}
+{% if node in groups['kubernetes-node'] %}
   - worker
+{% endif %}
+{% if node in groups['kubernetes-etcd'] %}
   - etcd
 {% endif %}
   hostname_override: ""