Initial implementation using Spec Kit

.ansible-lint.yml

@@ -0,0 +1,43 @@
+---
+# .ansible-lint.yml
+# Purpose: Minimal ansible-lint configuration for baseline k3s playbooks
+# Reference: https://ansible-lint.readthedocs.io/
+
+# Exclude paths from linting
+exclude_paths:
+  - .git/
+  - .vscode/
+  - venv/
+  - .venv/
+  - __pycache__/
+  - '*.retry'
+  - tests/ansible/inventories/  # Test inventories may have intentional violations
+
+# Skip specific rules that are too strict for this baseline
+skip_list:
+  - 'yaml[line-length]'  # Allow longer YAML lines for readability
+  - 'name[casing]'       # Allow flexible task naming conventions
+  - 'fqcn[action-core]'  # Allow short-form module names (ansible.builtin.*)
+
+# Warn only for certain rules (don't fail CI)
+warn_list:
+  - 'experimental'       # Warn on experimental features
+  - 'role-name'          # Warn on role naming conventions
+
+# Enable offline mode (don't fetch galaxy roles)
+offline: false
+
+# Use default ansible-lint profile
+profile: null
+
+# Minimum ansible-lint version
+# min_ansible_version: "2.15"
+
+# Enable progressive mode (stricter over time)
+progressive: false
+
+# Write violations to file (optional)
+# write_list:
+#   - all
+
+# Ansible-lint will use ansible-playbook and ansible-galaxy from PATH

.devcontainer/devcontainer.json

@@ -2,12 +2,16 @@
     "name": "Spec Kit",
     "image": "mcr.microsoft.com/devcontainers/python:2-3.14-trixie",
     "features": {
-        "ghcr.io/devcontainers-extra/features/uv:1": {}
+        "ghcr.io/devcontainers-extra/features/uv:1": {},
+        "ghcr.io/devcontainers-extra/features/ansible:2": {},
+        "ghcr.io/hspaans/devcontainer-features/ansible-lint:2": {}
     },
     "customizations": {
         "vscode": {
             "extensions": [
-                "github.copilot-chat"
+                "github.copilot-chat",
+                "redhat.vscode-yaml",
+                "redhat.ansible"
             ]
          }
     },

.devcontainer/post-create.sh

@@ -5,6 +5,7 @@ set -euo pipefail
 echo "[post-create] Upgrading pip ..."
 python3 -m pip install --upgrade pip
 
+# Install Spec Kit CLI (specify)
 echo "[post-create] Installing specify CLI (spec-kit)"
 if command -v specify &>/dev/null; then
     echo "specify already installed — skipping"
@@ -16,3 +17,8 @@ else
     fi
     uv tool install specify-cli --from "git+https://github.com/github/spec-kit.git"
 fi
+
+# Install testConnection
+sudo curl https://raw.githubusercontent.com/bcgov/openshift-developer-tools/refs/heads/master/bin/testConnection -O
+sudo mv testConnection /usr/local/bin/
+sudo chmod +x /usr/local/bin/testConnection

.github/agents/copilot-instructions.md

@@ -0,0 +1,29 @@
+# ansible-k3s-cluster Development Guidelines
+
+Auto-generated from all feature plans. Last updated: 2026-02-16
+
+## Active Technologies
+
+- Ansible playbooks (YAML); minimum supported Ansible Core version 2.15+ + Ansible, k3s, k3s-io/k3s-ansible collection, cert-manager, multus CNI, Rancher and rancher-monitoring stack, Traefik ingress, kube-vip (or equivalent LB/VIP mechanism), optional Synology CSI driver (001-k3s-ansible-baseline)
+
+## Project Structure
+
+```text
+src/
+tests/
+```
+
+## Commands
+
+# Add commands for Ansible playbooks (YAML); minimum supported Ansible Core version 2.15+
+
+## Code Style
+
+Ansible playbooks (YAML); minimum supported Ansible Core version 2.15+: Follow standard conventions
+
+## Recent Changes
+
+- 001-k3s-ansible-baseline: Added Ansible playbooks (YAML); minimum supported Ansible Core version 2.15+ + Ansible, k3s, k3s-io/k3s-ansible collection, cert-manager, multus CNI, Rancher and rancher-monitoring stack, Traefik ingress, kube-vip (or equivalent LB/VIP mechanism), optional Synology CSI driver
+
+<!-- MANUAL ADDITIONS START -->
+<!-- MANUAL ADDITIONS END -->

.gitignore

@@ -0,0 +1,75 @@
+.ssh
+
+# Python
+__pycache__/
+*.py[cod]
+*$py.class
+*.so
+.Python
+build/
+develop-eggs/
+dist/
+downloads/
+eggs/
+.eggs/
+lib/
+lib64/
+parts/
+sdist/
+var/
+wheels/
+*.egg-info/
+.installed.cfg
+*.egg
+MANIFEST
+
+# Virtual environments
+.venv/
+venv/
+ENV/
+env/
+.env
+
+# Ansible
+*.retry
+.ansible/
+ansible.log
+*.vault_pass
+
+# Secrets and credentials
+*.key
+*.pem
+*.crt
+secrets/
+credentials/
+.vault_password
+
+# IDE and editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+log/
+logs/
+
+# Temporary files
+*.tmp
+*.temp
+.cache/
+
+# Test outputs
+.pytest_cache/
+.coverage
+htmlcov/
+*.cover
+.hypothesis/
+
+# OS specific
+.DS_Store
+Thumbs.db

.specify/memory/constitution.md

@@ -19,7 +19,7 @@ Default configuration must be secure by default: minimal open ports, TLS enabled
 
 ## Ansible & k3s Requirements
 
-- Playbooks must be organized with a clear entry point (e.g., site.yml or cluster.yml), roles for host preparation and k3s installation, and group/host variables for cluster configuration.
+- Playbooks must be organized with a clear entry point (e.g., site.yml or a dedicated core cluster playbook), roles for host preparation and k3s installation, and group/host variables for cluster configuration.
 - Supported environments (e.g., Debian/Ubuntu-like, systemd-based Linux on x86_64/arm64) must be explicitly documented, and tasks must fail fast with clear messages on unsupported platforms.
 - k3s installation must:
 	- Pin k3s version via a variable and avoid "latest" by default.