Add network attached instructions

README.md

@@ -31,7 +31,7 @@ Ansible RKE2 (RKE Government) Playbook
 ---------
 [![LINT](https://github.com/rancherfederal/rke2-ansible/actions/workflows/ci.yml/badge.svg)](https://github.com/rancherfederal/rke2-ansible/actions/workflows/ci.yml)
 
-RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution. This Ansible  playbook installs RKE2 for both the control plane and workers.
+RKE2, also known as RKE Government, is Rancher's next-generation Kubernetes distribution. This Ansible playbook installs RKE2 for both the control plane and workers.
 
 See the [docs](https://docs.rke2.io/) more information about [RKE Government](https://docs.rke2.io/).
 
@@ -49,20 +49,10 @@ Supported Operating Systems:
 
 System requirements
 -------------------
-
 Deployment environment must have Ansible 2.9.0+
 
-Server and agent nodes must have passwordless SSH access
-
 Usage
 -----
-
-This playbook requires ansible.utils to run properly. Please see https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-a-collection-from-galaxy for more information about how to install this.
-
-```
-ansible-galaxy collection install -r requirements.yml
-```
-
 Create a new directory based on the `sample` directory within the `inventory` directory:
 
 ```bash
@@ -94,32 +84,28 @@ Start provisioning of the cluster using the following command:
 
 ```bash
 ansible-playbook site.yml -i inventory/my-cluster/hosts.yml
-```
+```  
+
+More detailed information can be found [here](./docs/usage.md)
 
-Tarball Install/Air-Gap Install
--------------------------------
-Added the neeed files to the [tarball_install](tarball_install/) directory.
 
-Further info can be found [here](tarball_install/README.md)
+Tarball Install/Air-Gap Install  
+-------------------------------  
+Air-Gap/Tarball install information can be found [here](./docs/tarball_install.md)
 
 
 Kubeconfig
 ----------
+The root user will have the `kubeconfig` and `kubectl` made available, to access your cluster login into any server node and `kubectl` will be available for use immideatly. 
 
-To get access to your **Kubernetes** cluster just
-
-```bash
-ssh ec2-user@rke2_kubernetes_api_server_host "sudo /var/lib/rancher/rke2/bin/kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml get nodes"
-```
-
-Available configurations
-------------------------
 
+Available configurations  
+------------------------  
 Variables should be set in `inventory/cluster/group_vars/rke2_agents.yml` and `inventory/cluster/group_vars/rke2_servers.yml`. See sample variables in `inventory/sample/group_vars` for reference.
 
 
-Uninstall RKE2
----------------
+Uninstall RKE2  
+---------------  
     Note: Uninstalling RKE2 deletes the cluster data and all of the scripts.
 The offical documentation for fully uninstalling the RKE2 cluster can be found in the [RKE2 Documentation](https://docs.rke2.io/install/uninstall/).
 

docs/advanced_sample_inventory/group_vars/all.yaml

@@ -0,0 +1,3 @@
+rke2_install_version: v1.29.12+rke2r1 
+cluster_rke2_config:
+  selinux: true

docs/advanced_sample_inventory/group_vars/rke2_servers.yaml

@@ -0,0 +1,17 @@
+rke2_pod_security_admission_config_file_path: "{{ playbook_dir }}/docs/advanced_sample_inventory/files/pod-security-admission-config.yaml"
+rke2_audit_policy_config_file_path: "{{ playbook_dir }}/docs/advanced_sample_inventory/files/audit-policy.yaml"
+rke2_manifest_config_directory: "{{ playbook_dir }}/docs/advanced_sample_inventory/pre-deploy-manifests/"
+rke2_manifest_config_post_run_directory: "{{ playbook_dir }}/docs/advanced_sample_inventory/post-deploy-manifests/"
+
+group_rke2_config:
+  # Use Cilium as the CNI
+  cni:
+    - cilium
+  # Cilium will replace this
+  disable-kube-proxy: true
+  profile: cis 
+  pod-security-admission-config-file: /etc/rancher/rke2/pod-security-admission-config.yaml  
+  audit-policy-file: /etc/rancher/rke2/audit-policy.yaml
+  kube-apiserver-arg:
+    - audit-policy-file=/etc/rancher/rke2/audit-policy.yaml
+    - audit-log-path=/var/lib/rancher/rke2/server/logs/audit.log

docs/advanced_sample_inventory/hosts.yml

@@ -0,0 +1,9 @@
+---
+rke2_cluster:
+  children:
+    rke2_servers:
+      hosts:
+        server0.example.com:
+    rke2_agents:
+      hosts:
+        agent0.example.com:

docs/advanced_sample_inventory/post-deploy-manifests/cert-manager.yaml

@@ -0,0 +1,14 @@
+apiVersion: helm.cattle.io/v1
+kind: HelmChart
+metadata:
+  name: jetstack
+  namespace: kube-system
+spec:
+  repo: https://charts.jetstack.io
+  chart: cert-manager
+  version: v1.16.2
+  targetNamespace: cert-manager
+  createNamespace: true
+  valuesContent: |-
+    crds:
+      enabled: true

docs/advanced_sample_inventory/pre-deploy-manifests/cilium.yaml

@@ -0,0 +1,17 @@
+---
+apiVersion: helm.cattle.io/v1
+kind: HelmChartConfig
+metadata:
+  name: rke2-cilium
+  namespace: kube-system
+spec:
+  valuesContent: |-
+    kubeProxyReplacement: true
+    k8sServiceHost: 127.0.0.1
+    k8sServicePort: 6443
+    bpf:
+      masquerade: true
+      preallocateMaps: true
+      tproxy: true
+    bpfClockProbe: true
+

docs/basic_sample_inventorysample/hosts.yml

@@ -0,0 +1,9 @@
+---
+rke2_cluster:
+  children:
+    rke2_servers:
+      hosts:
+        server0.example.com:
+    rke2_agents:
+      hosts:
+        agent0.example.com:

docs/development.md

@@ -0,0 +1,5 @@
+This playbook requires ansible.utils to run properly. Please see https://docs.ansible.com/ansible/latest/galaxy/user_guide.html#installing-a-collection-from-galaxy for more information about how to install this.
+
+```
+ansible-galaxy collection install -r requirements.yml
+```