Initialize Salt

Added some state files to test.

Signed-off-by: Pratyush Desai <pratyush.desai@liberta.casa>

README.md

@@ -0,0 +1,3 @@
+# GibCasa Salt
+
+To deploy a kubernetes cluster using kubeadm 

states/cilium/init.sls

@@ -0,0 +1,21 @@
+# Deploys Cilium CNI on the Kubernetes cluster.
+# This state should ONLY be applied to the control plane node after `kubeadm init`.
+
+cilium_manifest_download:
+  cmd.run:
+    - name: 'curl -L {{ pillar["cilium_manifest_url"] }} -o /tmp/cilium-install.yaml'
+    - creates: '/tmp/cilium-install.yaml'
+    - require:
+      - cmd: kubernetes.control_plane.kubeadm_init
+    - env:
+        KUBECONFIG: /root/.kube/config
+
+# Apply Cilium manifest
+cilium_apply_manifest:
+  cmd.run:
+    - name: 'kubectl apply -f /tmp/cilium-install.yaml'
+    - env:
+        KUBECONFIG: /root/.kube/config
+    - unless: 'kubectl get pods -n kube-system -l k8s-app=cilium --field-selector=status.phase=Running | grep -q cilium'
+      - cmd: cilium_manifest_download # Ensure manifest is downloaded
+      - file: kubernetes.control_plane.kubeconfig_file

states/common/init.sls

@@ -0,0 +1,152 @@
+# Common Setup procedures for all Kubernetes nodes
+
+kubernetes_swap_off:
+  cmd.run:
+    - name: swapoff -a
+    - unless: "grep -q '^[^#]* swap' /etc/fstab"
+    - stateful: False
+
+kubernetes_fstab+no_swap:
+  cmd.run:
+    - name: swapoff -a
+    - pat: '^(\S+\s+none\s+swap\s+sw\s+0\s+0)$'
+    - repl: '#\1'
+    - stateful: False
+
+
+#### Necessary Kernel Modules
+
+kubernetes_kmod_config_dir:
+  file.directory:
+    - name: /etc/modules-load.d
+    - mode: 755
+    - makedirs: True
+
+
+kubernetes_kmod_config_file:
+  file.managed:
+    - name: /etc/modules-load.d/k8s.conf
+    - contents: |
+        br_netfilter
+        overlay
+        ip_tables
+        iptable_filter
+        iptable_nat
+    - mode: 644
+
+kubernetes_modprobe_br_netfilter:
+  cmd.run:
+    - name: modprobe br_netfilter
+    - unless: "lsmod | grep -q br_netfilter"
+
+kubernetes_modprobe_overlay:
+  cmd.run:
+    - name: modprobe overlay
+    - unless: "lsmod | grep -q overlay"
+
+kubernetes_modprobe_ip_tables:
+  cmd.run:
+    - name: modprobe ip_tables
+    - unless: "lsmod | grep -q ip_tables"
+
+kubernetes_modprobe_iptable_filter:
+  cmd.run:
+    - name: modprobe iptable_filter
+    - unless: "lsmod | grep -q iptable_filter"
+
+kubernetes_modprobe_iptable_nat:
+  cmd.run:
+    - name: modprobe iptable_nat
+    - unless: "lsmod | grep -q iptable_nat"
+
+
+##### Port Forwarding
+
+
+kubernetes_sysctl_config_dir:
+  file.directory:
+    - name: /etc/sysctl.d
+    - mode: 755
+    - makedirs: True
+
+kubernetes_sysctl_file:
+  file.managed:
+    - name: /etc/sysctl.d/k8s.conf
+    - contents: |
+        net.ipv4.ip_forward = 1
+        net.bridge.bridge-nf-call-iptables = 1
+        net.bridge.bridge-nf-call-ip6tables = 1
+    - mode: 644
+
+kubernetes_sysctl_reload:
+  cmd.run:
+    - name: sysctl --system
+    - onchanges:
+      - file: kubernetes_sysctl_file
+
+##### Container Runtime
+
+containerd_pkg:
+  pkg.installed:
+    - name: containerd
+
+containerd_config_dir:
+  file.directory:
+    - name: /etc/containerd
+    - mode: 755
+    - makedirs: True
+    - require:
+      - pkg: containerd_pkg
+
+containerd_default_config:
+  cmd.run:
+    - name: containerd config default > /etc/containerd/config.toml
+    - unless: "test -f /etc/containerd/config.toml"
+    - require:
+      - file: containerd_config_dir
+
+containerd_systemdcgroup_true:
+  file.replace:
+    - name: /etc/containerd/config.toml
+    - pat: 'SystemdCgroup = false'
+    - repl: 'SystemdCgroup = true'
+    - require:
+      - cmd: containerd_default_config
+
+containerd_service:
+  service.running:
+    - name: containerd
+    - enable: True
+    - watch:
+      - file: containerd_systemdcgroup_true
+
+
+
+##### Kubernetes tooling
+
+kubernetes_repo:
+  pkg.repo_managed:
+    - name: isv_kubernetes_core_stable_v1_33_build
+    - humanname: "isv:kubernetes:core:stable:v1.33:build"
+    - baseurl: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/
+    - gpgcheck: 1
+    - gpgkey: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/repodata/repomd.xml.key
+    - enabled: 1
+    - priority: 90 # Lower priority than official repos, if any
+    - refresh: True
+
+kubernetes_tools_pkg:
+  pkg.installed:
+    - names:
+      - kubeadm
+      - kubelet
+      - kubectl
+    - require:
+      - pkg.repo: kubernetes_repo
+
+kubelet_service:
+  service.running:
+    - name: kubelet
+    - enable: True
+    - require:
+      - pkg: kubernetes_tools_pkg

states/kubernetes/control_plane.sls

@@ -0,0 +1,31 @@
+include:
+  - common.init
+  - cilium.init
+
+kubeadm_init:
+  cmd.run:
+    - name: 'kubeadm init --pod-network-cidr={{ pillar["pod_cidr"] }} --ignore-preflight-errors=NumCPU'
+    - unless: 'test -f /etc/kubernetes/admin.conf'
+    - require:
+      - service: kubelet_service
+      - service: containerd_service
+
+kubeconfig_dir:
+  file.directory:
+    - name: /root/.kube
+    - mode: 755
+    - makedirs: True
+    - require:
+      - cmd: kubeadm_init
+
+
+kubeconfig_file:
+  file.managed:
+    - name: /root/.kube/config
+    - source: file:///etc/kubernetes/admin.conf
+    - user: root
+    - group: root
+    - mode: 600
+    - require:
+      - cmd: kubeadm_init
+      - file: kubeconfig_dir

states/top.sls

@@ -0,0 +1,6 @@
+base:
+  '*':
+    - common.init
+
+  'kube01':
+    - kubernetes.control_plane