commit 44e070e30cfb657f52fa7c1eb38d5014b5ba4dc6 Author: Pratyush Desai Date: Sun Jun 22 03:55:21 2025 +0530 Initialize Salt Added some state files to test. Signed-off-by: Pratyush Desai diff --git a/README.md b/README.md new file mode 100644 index 0000000..7cd7fbc --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# GibCasa Salt + +To deploy a kubernetes cluster using kubeadm diff --git a/states/cilium/init.sls b/states/cilium/init.sls new file mode 100644 index 0000000..d01fe54 --- /dev/null +++ b/states/cilium/init.sls @@ -0,0 +1,21 @@ +# Deploys Cilium CNI on the Kubernetes cluster. +# This state should ONLY be applied to the control plane node after `kubeadm init`. + +cilium_manifest_download: + cmd.run: + - name: 'curl -L {{ pillar["cilium_manifest_url"] }} -o /tmp/cilium-install.yaml' + - creates: '/tmp/cilium-install.yaml' + - require: + - cmd: kubernetes.control_plane.kubeadm_init + - env: + KUBECONFIG: /root/.kube/config + +# Apply Cilium manifest +cilium_apply_manifest: + cmd.run: + - name: 'kubectl apply -f /tmp/cilium-install.yaml' + - env: + KUBECONFIG: /root/.kube/config + - unless: 'kubectl get pods -n kube-system -l k8s-app=cilium --field-selector=status.phase=Running | grep -q cilium' + - cmd: cilium_manifest_download # Ensure manifest is downloaded + - file: kubernetes.control_plane.kubeconfig_file diff --git a/states/common/init.sls b/states/common/init.sls new file mode 100644 index 0000000..a9e06e8 --- /dev/null +++ b/states/common/init.sls @@ -0,0 +1,152 @@ +# Common Setup procedures for all Kubernetes nodes + +kubernetes_swap_off: + cmd.run: + - name: swapoff -a + - unless: "grep -q '^[^#]* swap' /etc/fstab" + - stateful: False + +kubernetes_fstab+no_swap: + cmd.run: + - name: swapoff -a + - pat: '^(\S+\s+none\s+swap\s+sw\s+0\s+0)$' + - repl: '#\1' + - stateful: False + + +#### Necessary Kernel Modules + +kubernetes_kmod_config_dir: + file.directory: + - name: /etc/modules-load.d + - mode: 755 + - makedirs: True + + +kubernetes_kmod_config_file: + file.managed: + - name: /etc/modules-load.d/k8s.conf + - contents: | + br_netfilter + overlay + ip_tables + iptable_filter + iptable_nat + - mode: 644 + +kubernetes_modprobe_br_netfilter: + cmd.run: + - name: modprobe br_netfilter + - unless: "lsmod | grep -q br_netfilter" + +kubernetes_modprobe_overlay: + cmd.run: + - name: modprobe overlay + - unless: "lsmod | grep -q overlay" + +kubernetes_modprobe_ip_tables: + cmd.run: + - name: modprobe ip_tables + - unless: "lsmod | grep -q ip_tables" + +kubernetes_modprobe_iptable_filter: + cmd.run: + - name: modprobe iptable_filter + - unless: "lsmod | grep -q iptable_filter" + +kubernetes_modprobe_iptable_nat: + cmd.run: + - name: modprobe iptable_nat + - unless: "lsmod | grep -q iptable_nat" + + +##### Port Forwarding + + +kubernetes_sysctl_config_dir: + file.directory: + - name: /etc/sysctl.d + - mode: 755 + - makedirs: True + +kubernetes_sysctl_file: + file.managed: + - name: /etc/sysctl.d/k8s.conf + - contents: | + net.ipv4.ip_forward = 1 + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-ip6tables = 1 + - mode: 644 + +kubernetes_sysctl_reload: + cmd.run: + - name: sysctl --system + - onchanges: + - file: kubernetes_sysctl_file + +##### Container Runtime + +containerd_pkg: + pkg.installed: + - name: containerd + +containerd_config_dir: + file.directory: + - name: /etc/containerd + - mode: 755 + - makedirs: True + - require: + - pkg: containerd_pkg + +containerd_default_config: + cmd.run: + - name: containerd config default > /etc/containerd/config.toml + - unless: "test -f /etc/containerd/config.toml" + - require: + - file: containerd_config_dir + +containerd_systemdcgroup_true: + file.replace: + - name: /etc/containerd/config.toml + - pat: 'SystemdCgroup = false' + - repl: 'SystemdCgroup = true' + - require: + - cmd: containerd_default_config + +containerd_service: + service.running: + - name: containerd + - enable: True + - watch: + - file: containerd_systemdcgroup_true + + + +##### Kubernetes tooling + +kubernetes_repo: + pkg.repo_managed: + - name: isv_kubernetes_core_stable_v1_33_build + - humanname: "isv:kubernetes:core:stable:v1.33:build" + - baseurl: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/ + - gpgcheck: 1 + - gpgkey: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/repodata/repomd.xml.key + - enabled: 1 + - priority: 90 # Lower priority than official repos, if any + - refresh: True + +kubernetes_tools_pkg: + pkg.installed: + - names: + - kubeadm + - kubelet + - kubectl + - require: + - pkg.repo: kubernetes_repo + +kubelet_service: + service.running: + - name: kubelet + - enable: True + - require: + - pkg: kubernetes_tools_pkg diff --git a/states/kubernetes/control_plane.sls b/states/kubernetes/control_plane.sls new file mode 100644 index 0000000..7b8f773 --- /dev/null +++ b/states/kubernetes/control_plane.sls @@ -0,0 +1,31 @@ +include: + - common.init + - cilium.init + +kubeadm_init: + cmd.run: + - name: 'kubeadm init --pod-network-cidr={{ pillar["pod_cidr"] }} --ignore-preflight-errors=NumCPU' + - unless: 'test -f /etc/kubernetes/admin.conf' + - require: + - service: kubelet_service + - service: containerd_service + +kubeconfig_dir: + file.directory: + - name: /root/.kube + - mode: 755 + - makedirs: True + - require: + - cmd: kubeadm_init + + +kubeconfig_file: + file.managed: + - name: /root/.kube/config + - source: file:///etc/kubernetes/admin.conf + - user: root + - group: root + - mode: 600 + - require: + - cmd: kubeadm_init + - file: kubeconfig_dir diff --git a/states/top.sls b/states/top.sls new file mode 100644 index 0000000..418d30c --- /dev/null +++ b/states/top.sls @@ -0,0 +1,6 @@ +base: + '*': + - common.init + + 'kube01': + - kubernetes.control_plane