defaults/main.yml

@@ -1,10 +1,13 @@
 ---
 k3s_version: v1.25.0+k3s1
 
-k3s_packages_extra:
+k3s_packages:
+  - python3-kubernetes
   - container-selinux
   - selinux-policy-base
 
+k3s_packages_extra: []
+
 k3s_reset: False
 k3s_token: "secure-token"
 k3s_node_ip: "{{ ansible_default_ipv4.address }}"
@@ -40,3 +43,5 @@ k3s_server_admission_configuration:
         - type: User
           qps: 10
           burst: 50
+
+k3s_resource_patches: []

molecule/rocky9/converge.yml

@@ -4,8 +4,6 @@
   vars:
     k3s_reset: False
     k3s_packages_extra:
-      - container-selinux
-      - selinux-policy-base
       - https://github.com/k3s-io/k3s-selinux/releases/download/v1.2.stable.2/k3s-selinux-1.2-2.el8.noarch.rpm
     k3s_server_flannel_backend_enabled: False
     k3s_server_network_policy_enabled: False

tasks/prepare.yml

@@ -9,7 +9,7 @@
       package:
         name: "{{ item }}"
         state: present
-      loop: "{{ k3s_packages_extra }}"
+      loop: "{{ k3s_packages + k3s_packages_extra }}"
 
     - name: Check if cluster is installed
       stat:

tasks/setup.yml

@@ -38,6 +38,18 @@
       changed_when: False
       when: k3s_server | bool
 
+    - name: Patch existing resources
+      k8s:
+        kind: "{{ item.kind }}"
+        name: "{{ item.name }}"
+        kubeconfig: "{{ __k3s_config_dir }}/k3s.yaml"
+        state: patched
+        definition: "{{ item.definition }}"
+      loop: "{{ k3s_resource_patches }}"
+      loop_control:
+        label: "{{ item.kind }}/{{ item.name }}"
+      when: k3s_server | bool
+
     - name: Remove auto-deploying manifests
       file:
         path: "{{ __k3s_manifests_dir }}/{{ item.dest | default(item.url) | default(item) | basename | replace('.j2', '') }}"