feat: add Lima VM configurations and tests for k3s and Debian VPS

- Introduced new BATS tests in tests/bats/lima.bats to validate Lima VM configurations and Kubernetes resources.
- Created k3s-master.yaml and debian-vps.yaml for k3s master node and Debian VPS setups, respectively.
- Added smoke-test.yaml and smoke-monitoring.yaml to test TLS pipelines for whoami and Grafana applications.
- Implemented grafana-cert.yaml for self-signed TLS certificate generation for Grafana.
- Added verification scripts for k3s and VPS setups to ensure proper installation and configuration.
- Updated scripts.bats to check for existence of new setup scripts.

Author: KevinDeBenedetti

Makefile

@@ -35,17 +35,6 @@ include makefiles/40-kubeconfig.mk
 include makefiles/50-deploy.mk
 include makefiles/60-status.mk
 include makefiles/70-ssh.mk
-
-# ── Testing ──────────────────────────────────────────────────────────────────
-
-.PHONY: test
-
-test: ## Run BATS unit tests (offline — no cluster needed)
-	@bats tests/bats/
-
-# ── Hooks ────────────────────────────────────────────────────────────────────
-
-.PHONY: hooks-update
-
-hooks-update: ## Update prek hook revisions to latest (prek autoupdate)
-	@prek autoupdate
+include makefiles/80-dev.mk
+include makefiles/90-provision.mk
+include makefiles/99-lima.mk

makefiles/00-lib.mk

@@ -11,14 +11,14 @@
 # Macros (use with $(call ...)):
 #   run-remote-script(rel-path, host, env-prefix)
 #     Run a script on a remote SSH host.
-#     rel-path   — path relative to k3s-lab root, e.g. k3s/install-master.sh
-#     host       — target hostname/IP
-#     env-prefix — space-separated VAR=value pairs prepended to the command
 #
 #   run-local-script(rel-path, args...)
 #     Run a script on the local machine.
-#     rel-path — path relative to k3s-lab root, e.g. scripts/get-kubeconfig.sh
-#     args     — positional arguments forwarded to the script
+#
+#   lima-run-script(rel-path)
+#     Run a script inside a Lima VM (path relative to k3s-lab root).
+#     Local: Lima mounts $HOME, so direct path access works.
+#     Remote: curl the script from GitHub inside the VM.
 # ──────────────────────────────────────────────────────────────────────────────
 
 ifdef K3S_LAB
@@ -40,6 +40,11 @@ SSH_KEY=$(SSH_KEY) SSH_PORT=$(SSH_PORT) \
 bash $(K3S_LAB)/$(1) $(2)
 endef
 
+# Run a script path inside a Lima VM (Lima mounts $HOME by default).
+define lima-run-script
+bash '$(K3S_LAB)/$(1)'
+endef
+
 else
 
 # ── Remote mode: K3S_LAB is empty — fetch scripts via curl ───────────────────
@@ -58,4 +63,18 @@ SSH_KEY=$(SSH_KEY) SSH_PORT=$(SSH_PORT) \
 bash <(curl -fsSL $(K3S_LAB_RAW)/$(1)) $(2)
 endef
 
+# Run a script inside a Lima VM by curling from GitHub.
+define lima-run-script
+bash <(curl -fsSL '$(K3S_LAB_RAW)/$(1)')
+endef
+
+endif
+
+# ── Lima test config path ─────────────────────────────────────────────────────
+# Local mode: use filesystem path.  Remote mode: use raw GitHub URL.
+# Both limactl start and kubectl apply -f support URLs natively.
+ifdef K3S_LAB
+  LIMA_TESTS_DIR := $(K3S_LAB)/tests/lima
+else
+  LIMA_TESTS_DIR := $(K3S_LAB_RAW)/tests/lima
 endif

makefiles/50-deploy.mk

@@ -4,7 +4,7 @@
 # Uses run-local-script from 00-lib.mk (local bash or remote curl, transparent).
 # ──────────────────────────────────────────────────────────────────────────────
 
-.PHONY: deploy deploy-dashboard-secret deploy-monitoring deploy-grafana-secret deploy-logging
+.PHONY: deploy deploy-dashboard-secret deploy-monitoring deploy-grafana-secret
 
 deploy: ## Deploy base stack (Traefik, cert-manager, ClusterIssuers)
 	@echo "$(YELLOW)→ Deploying base stack on $(shell kubectl config current-context 2>/dev/null)...$(RESET)"
@@ -30,20 +30,16 @@ deploy-monitoring: ## Deploy observability stack (Prometheus + Grafana + Loki +
 		-- grafana-cli admin reset-admin-password "$(GRAFANA_PASSWORD)"
 	@echo "$(GREEN)✅ Observability stack deployed$(RESET)"
 
-deploy-logging: ## Deploy centralized logs stack (Loki + Promtail + Grafana dashboard)
-	@echo "$(YELLOW)→ Deploying centralized logging stack...$(RESET)"
-	@$(call run-local-script,scripts/deploy-monitoring.sh)
-	@echo "$(GREEN)✅ Centralized logging deployed$(RESET)"
-
 deploy-grafana-secret: ## Create Grafana admin secret (requires GRAFANA_PASSWORD)
 	@[ -n "$(GRAFANA_PASSWORD)" ] || (echo "$(RED)❌ GRAFANA_PASSWORD is not set$(RESET)"; exit 1)
 	@kubectl --context $(KUBECONFIG_CONTEXT) cluster-info --request-timeout=5s >/dev/null 2>&1 || \
 		(echo "$(RED)❌ Cannot reach cluster $(KUBECONFIG_CONTEXT) — is k3s running? Try: ssh kevin@<VPS> 'sudo systemctl restart k3s'$(RESET)"; exit 1)
 	@echo "$(YELLOW)→ Creating monitoring namespace + Grafana admin secret...$(RESET)"
-	@kubectl --context $(KUBECONFIG_CONTEXT) create namespace monitoring --dry-run=client -o yaml | kubectl --context $(KUBECONFIG_CONTEXT) apply --validate=false -f -
+	@kubectl --context $(KUBECONFIG_CONTEXT) create namespace monitoring --dry-run=client -o yaml \
+		| kubectl --context $(KUBECONFIG_CONTEXT) apply -f -
 	@kubectl --context $(KUBECONFIG_CONTEXT) create secret generic grafana-admin-secret \
 		--from-literal=username=admin \
 		--from-literal=password="$(GRAFANA_PASSWORD)" \
 		-n monitoring \
-		--dry-run=client -o yaml | kubectl --context $(KUBECONFIG_CONTEXT) apply --validate=false -f -
+		--dry-run=client -o yaml | kubectl --context $(KUBECONFIG_CONTEXT) apply -f -
 	@echo "$(GREEN)✅ Grafana admin secret created$(RESET)"

makefiles/80-dev.mk

@@ -0,0 +1,24 @@
+# Module: makefiles/80-dev.mk
+# ──────────────────────────────────────────────────────────────────────────────
+# Developer workflow
+# Requires: brew install bats-core prek
+# ──────────────────────────────────────────────────────────────────────────────
+
+.PHONY: test test-watch lint lint-install hooks-update
+
+test: ## Run BATS unit tests (offline — no cluster needed)
+	@bats tests/bats/
+
+test-watch: ## Re-run BATS tests on every file change (requires: brew install entr)
+	@find tests/bats -name '*.bats' -o -name '*.bash' | entr bats tests/bats/
+
+lint: ## Run all linters (shellcheck + kubeconform + yaml) via prek
+	@prek run --all-files
+	@echo "$(GREEN)✅ All lint checks passed$(RESET)"
+
+lint-install: ## Install prek git hooks (run once after cloning)
+	@prek install
+	@echo "$(GREEN)✅ prek hooks installed$(RESET)"
+
+hooks-update: ## Update prek hook revisions to latest
+	@prek autoupdate

makefiles/90-provision.mk

@@ -0,0 +1,12 @@
+# Module: makefiles/90-provision.mk
+# ──────────────────────────────────────────────────────────────────────────────
+# Full provisioning workflow
+# ──────────────────────────────────────────────────────────────────────────────
+
+.PHONY: provision
+
+provision: setup-all k3s-master k3s-worker kubeconfig deploy deploy-dashboard-secret deploy-grafana-secret deploy-monitoring ## Full provision: setup VPS → k3s → kubeconfig → deploy stack → secrets → monitoring
+	@echo ""
+	@echo "$(GREEN)🎉 Cluster ready!$(RESET)"
+	@echo "  kubectl config use-context $(KUBECONFIG_CONTEXT)"
+	@echo "  make nodes"