From 3ece592b51003ce4dafa6ac8345c208043c884cd Mon Sep 17 00:00:00 2001
From: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Date: Sat, 2 Aug 2025 02:03:16 +0800
Subject: [PATCH 1/4] Refactor: add common_crds role & migrate gateway_api

Adding commonly used CRDs can be expanded

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---
 playbooks/cluster.yml                                       | 6 +-----
 .../{ => common_crds}/gateway_api/defaults/main.yml         | 0
 .../{ => common_crds}/gateway_api/tasks/main.yml            | 2 +-
 roles/kubernetes-apps/common_crds/meta/main.yml             | 6 ++++++
 4 files changed, 8 insertions(+), 6 deletions(-)
 rename roles/kubernetes-apps/{ => common_crds}/gateway_api/defaults/main.yml (100%)
 rename roles/kubernetes-apps/{ => common_crds}/gateway_api/tasks/main.yml (94%)
 create mode 100644 roles/kubernetes-apps/common_crds/meta/main.yml

diff --git a/playbooks/cluster.yml b/playbooks/cluster.yml
index 85829ca44..71cef8483 100644
--- a/playbooks/cluster.yml
+++ b/playbooks/cluster.yml
@@ -52,11 +52,7 @@
     - { role: kubernetes/kubeadm, tags: kubeadm}
     - { role: kubernetes/node-label, tags: node-label }
     - { role: kubernetes/node-taint, tags: node-taint }
-    - role: kubernetes-apps/gateway_api
-      when: gateway_api_enabled
-      tags: gateway_api
-      delegate_to: "{{ groups['kube_control_plane'][0] }}"
-      run_once: true
+    - { role: kubernetes-apps/common_crds }
     - { role: network_plugin, tags: network }
 
 - name: Install Calico Route Reflector
diff --git a/roles/kubernetes-apps/gateway_api/defaults/main.yml b/roles/kubernetes-apps/common_crds/gateway_api/defaults/main.yml
similarity index 100%
rename from roles/kubernetes-apps/gateway_api/defaults/main.yml
rename to roles/kubernetes-apps/common_crds/gateway_api/defaults/main.yml
diff --git a/roles/kubernetes-apps/gateway_api/tasks/main.yml b/roles/kubernetes-apps/common_crds/gateway_api/tasks/main.yml
similarity index 94%
rename from roles/kubernetes-apps/gateway_api/tasks/main.yml
rename to roles/kubernetes-apps/common_crds/gateway_api/tasks/main.yml
index 7134fe2d8..8d792c3ed 100644
--- a/roles/kubernetes-apps/gateway_api/tasks/main.yml
+++ b/roles/kubernetes-apps/common_crds/gateway_api/tasks/main.yml
@@ -1,6 +1,6 @@
 ---
 - name: Gateway API | Download YAML
-  include_tasks: "../../../download/tasks/download_file.yml"
+  include_tasks: "../../../../download/tasks/download_file.yml"
   vars:
     download: "{{ download_defaults | combine(downloads.gateway_api_crds) }}"
 
diff --git a/roles/kubernetes-apps/common_crds/meta/main.yml b/roles/kubernetes-apps/common_crds/meta/main.yml
new file mode 100644
index 000000000..27dba36e5
--- /dev/null
+++ b/roles/kubernetes-apps/common_crds/meta/main.yml
@@ -0,0 +1,6 @@
+---
+dependencies:
+  - role: kubernetes-apps/common_crds/gateway_api
+    when: gateway_api_enabled
+    tags:
+      - gateway_api

From 1e327b47475832bd8f419a7de251c33953e0a827 Mon Sep 17 00:00:00 2001
From: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Date: Sat, 2 Aug 2025 02:05:22 +0800
Subject: [PATCH 2/4] Feat: add prometheus_operator_crds download item

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---
 .../kubespray_defaults/defaults/main/download.yml | 15 +++++++++++++++
 roles/kubespray_defaults/defaults/main/main.yml   |  1 +
 roles/kubespray_defaults/vars/main/checksums.yml  |  3 +++
 3 files changed, 19 insertions(+)

diff --git a/roles/kubespray_defaults/defaults/main/download.yml b/roles/kubespray_defaults/defaults/main/download.yml
index 87da1e136..d11c2ba88 100644
--- a/roles/kubespray_defaults/defaults/main/download.yml
+++ b/roles/kubespray_defaults/defaults/main/download.yml
@@ -143,6 +143,8 @@ yq_version: "{{ (yq_checksums['amd64'] | dict2items)[0].key }}"
 gateway_api_version: "1.2.1"
 gateway_api_channel: "standard"
 
+prometheus_operator_crds_version: "{{ (prometheus_operator_crds_checksums.no_arch | dict2items)[0].key }}"
+
 github_url: https://github.com
 dl_k8s_io_url: https://dl.k8s.io
 storage_googleapis_url: https://storage.googleapis.com
@@ -174,6 +176,7 @@ skopeo_download_url: "{{ github_url }}/lework/skopeo-binary/releases/download/v{
 yq_download_url: "{{ github_url }}/mikefarah/yq/releases/download/v{{ yq_version }}/yq_linux_{{ image_arch }}"
 argocd_install_url: "https://raw.githubusercontent.com/argoproj/argo-cd/v{{ argocd_version }}/manifests/install.yaml"
 gateway_api_crds_download_url: "{{ github_url }}/kubernetes-sigs/gateway-api/releases/download/v{{ gateway_api_version }}/{{ gateway_api_channel }}-install.yaml"
+prometheus_operator_crds_download_url: "{{ github_url }}/prometheus-operator/prometheus-operator/releases/download/v{{ prometheus_operator_crds_version }}/stripped-down-crds.yaml"
 
 etcd_binary_checksum: "{{ etcd_binary_checksums[image_arch][etcd_version] }}"
 cni_binary_checksum: "{{ cni_binary_checksums[image_arch][cni_version] }}"
@@ -975,6 +978,18 @@ downloads:
     groups:
       - kube_control_plane
 
+  prometheus_operator_crds:
+    enabled: "{{ prometheus_operator_crds_enabled }}"
+    file: true
+    version: "{{ prometheus_operator_crds_version }}"
+    dest: "{{ local_release_dir }}/prometheus-operator-crds.yaml"
+    checksum: "{{ prometheus_operator_crds_checksums.no_arch[prometheus_operator_crds_version] }}"
+    url: "{{ prometheus_operator_crds_download_url }}"
+    owner: "root"
+    mode: "0755"
+    groups:
+      - kube_control_plane
+
   csi_attacher:
     enabled: "{{ cinder_csi_enabled or aws_ebs_csi_enabled }}"
     container: true
diff --git a/roles/kubespray_defaults/defaults/main/main.yml b/roles/kubespray_defaults/defaults/main/main.yml
index 1ecbcc5ae..b6795ff40 100644
--- a/roles/kubespray_defaults/defaults/main/main.yml
+++ b/roles/kubespray_defaults/defaults/main/main.yml
@@ -463,6 +463,7 @@ metallb_enabled: false
 metallb_speaker_enabled: "{{ metallb_enabled }}"
 argocd_enabled: false
 gateway_api_enabled: false
+prometheus_operator_crds_enabled: false
 
 ## When OpenStack is used, Cinder version can be explicitly specified if autodetection fails (Fixed in 1.9: https://github.com/kubernetes/kubernetes/issues/50461)
 # openstack_blockstorage_version: "v1/v2/auto (default)"
diff --git a/roles/kubespray_defaults/vars/main/checksums.yml b/roles/kubespray_defaults/vars/main/checksums.yml
index 241d8848c..2aaf0c4c6 100644
--- a/roles/kubespray_defaults/vars/main/checksums.yml
+++ b/roles/kubespray_defaults/vars/main/checksums.yml
@@ -1528,6 +1528,9 @@ gateway_api_experimental_crds_checksums:
     1.2.0: sha256:4369188e63b9ab5a35b5a83032c94d871159dece086b908b6ea18ea321ca06a9
     1.1.0: sha256:10f322744a005d4e73e2b067e95fecd4cfec619dc7564930b488c296bfa3bec1
     1.0.0: sha256:6c601dced7872a940d76fa667ae126ba718cb4c6db970d0bab49128ecc1192a3
+prometheus_operator_crds_checksums:
+  no_arch:
+    0.84.0: sha256:8990f6837ccff4461df9abe19d31d532fef11386d85d861b392249fff2502255
 argocd_install_checksums:
   no_arch:
     2.14.15: sha256:0368b8a0adbb673408f2cc2367302ad1068d12cd9ab17cf6680bcb5fdba7c381

From 9dca520b337a1eb0146e62329800ca8fd89b7a82 Mon Sep 17 00:00:00 2001
From: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Date: Mon, 18 Aug 2025 21:14:49 +0800
Subject: [PATCH 3/4] Feat: add prometheus_operator_crds in common_crds

The Prometheus Operator CRDs are commonly used for monitoring and are
used by some CNIs (such as Cilium). Kubespray can be installed first,
and the subsequent installation of the operator can be handled by the
user (or later extensions).

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---
 roles/kubernetes-apps/common_crds/meta/main.yml       |  5 +++++
 .../prometheus_operator_crds/tasks/main.yml           | 11 +++++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 roles/kubernetes-apps/common_crds/prometheus_operator_crds/tasks/main.yml

diff --git a/roles/kubernetes-apps/common_crds/meta/main.yml b/roles/kubernetes-apps/common_crds/meta/main.yml
index 27dba36e5..f17a61c29 100644
--- a/roles/kubernetes-apps/common_crds/meta/main.yml
+++ b/roles/kubernetes-apps/common_crds/meta/main.yml
@@ -4,3 +4,8 @@ dependencies:
     when: gateway_api_enabled
     tags:
       - gateway_api
+
+  - role: kubernetes-apps/common_crds/prometheus_operator_crds
+    when: prometheus_operator_crds_enabled
+    tags:
+      - prometheus_operator_crds
diff --git a/roles/kubernetes-apps/common_crds/prometheus_operator_crds/tasks/main.yml b/roles/kubernetes-apps/common_crds/prometheus_operator_crds/tasks/main.yml
new file mode 100644
index 000000000..258238699
--- /dev/null
+++ b/roles/kubernetes-apps/common_crds/prometheus_operator_crds/tasks/main.yml
@@ -0,0 +1,11 @@
+---
+- name: Prometheus Operator CRDs | Download YAML
+  include_tasks: "../../../../download/tasks/download_file.yml"
+  vars:
+    download: "{{ download_defaults | combine(downloads.prometheus_operator_crds) }}"
+
+- name: Prometheus Operator CRDs | Install
+  command:
+    cmd: "{{ bin_dir }}/kubectl apply -f {{ local_release_dir }}/prometheus-operator-crds.yaml"
+  when:
+    - "inventory_hostname == groups['kube_control_plane'][0]"

From 44f511814bb5155392e400ff1d610238ad3f3fe4 Mon Sep 17 00:00:00 2001
From: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
Date: Tue, 19 Aug 2025 18:45:33 +0800
Subject: [PATCH 4/4] Test: add prometheus operator crds install

Signed-off-by: ChengHao Yang <17496418+tico88612@users.noreply.github.com>
---
 tests/files/debian13-cilium.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tests/files/debian13-cilium.yml b/tests/files/debian13-cilium.yml
index 65f685881..edb85820b 100644
--- a/tests/files/debian13-cilium.yml
+++ b/tests/files/debian13-cilium.yml
@@ -6,3 +6,5 @@ cloud_image: debian-13
 kube_network_plugin: cilium
 
 kube_owner: root
+
+prometheus_operator_crds_enabled: true