diff --git a/states/common/init.sls b/states/common/init.sls
index 5fc0ce0..53aca16 100644
--- a/states/common/init.sls
+++ b/states/common/init.sls
@@ -1,148 +1,9 @@
-# Common Setup procedures for all Kubernetes nodes
-#### Swap off
+# This state file serves as the main entry point for common Kubernetes node setup.
 
-kubernetes_swap_off:
-  cmd.run:
-    - name: swapoff -a
-    - unless: "grep -q '^[^#]* swap' /etc/fstab"
-    - stateful: False
-
-kubernetes_fstab+no_swap:
-  cmd.run:
-    - name: swapoff -a
-    - pat: '^(\S+\s+none\s+swap\s+sw\s+0\s+0)$'
-    - repl: '#\1'
-    - stateful: False
-
-#### Necessary Kernel Modules
-
-kubernetes_kmod_config_dir:
-  file.directory:
-    - name: /etc/modules-load.d
-    - mode: "0755"
-    - makedirs: True
-
-
-kubernetes_kmod_config_file:
-  file.managed:
-    - name: /etc/modules-load.d/k8s.conf
-    - contents: |
-        br_netfilter
-        overlay
-        ip_tables
-        iptable_filter
-        iptable_nat
-    - mode: '0644'
-
-kubernetes_modprobe_br_netfilter:
-  cmd.run:
-    - name: modprobe br_netfilter
-    - unless: "lsmod | grep -q br_netfilter"
-
-kubernetes_modprobe_overlay:
-  cmd.run:
-    - name: modprobe overlay
-    - unless: "lsmod | grep -q overlay"
-
-kubernetes_modprobe_ip_tables:
-  cmd.run:
-    - name: modprobe ip_tables
-    - unless: "lsmod | grep -q ip_tables"
-
-kubernetes_modprobe_iptable_filter:
-  cmd.run:
-    - name: modprobe iptable_filter
-    - unless: "lsmod | grep -q iptable_filter"
-
-kubernetes_modprobe_iptable_nat:
-  cmd.run:
-    - name: modprobe iptable_nat
-    - unless: "lsmod | grep -q iptable_nat"
-
-##### Port Forwarding
-
-kubernetes_sysctl_config_dir:
-  file.directory:
-    - name: /etc/sysctl.d
-    - mode: "0755"
-    - makedirs: True
-
-kubernetes_sysctl_file:
-  file.managed:
-    - name: /etc/sysctl.d/k8s.conf
-    - contents: |
-        net.ipv4.ip_forward = 1
-        net.bridge.bridge-nf-call-iptables = 1
-        net.bridge.bridge-nf-call-ip6tables = 1
-    - mode: "0644"
-
-kubernetes_sysctl_reload:
-  cmd.run:
-    - name: sysctl --system
-    - onchanges:
-      - file: kubernetes_sysctl_file
-
-##### Container Runtime
-
-containerd_pkg:
-  pkg.installed:
-    - name: containerd
-
-containerd_config_dir:
-  file.directory:
-    - name: /etc/containerd
-    - mode: "0755"
-    - makedirs: True
-    - require:
-      - pkg: containerd_pkg
-
-containerd_default_config:
-  cmd.run:
-    - name: containerd config default > /etc/containerd/config.toml
-    - unless: "test -f /etc/containerd/config.toml"
-    - require:
-      - file: containerd_config_dir
-
-containerd_systemdcgroup_true:
-  file.replace:
-    - name: /etc/containerd/config.toml
-    - pattern: 'SystemdCgroup = false'
-    - repl: 'SystemdCgroup = true'
-    - require:
-      - cmd: containerd_default_config
-
-containerd_service:
-  service.running:
-    - name: containerd
-    - enable: True
-    - watch:
-      - file: containerd_systemdcgroup_true
-
-##### Kubernetes tooling
-
-kubernetes_repo:
-  pkgrepo.managed:
-    - name: isv_kubernetes_core_stable_v1_33_build
-    - humanname: "isv:kubernetes:core:stable:v1.33:build"
-    - baseurl: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/
-    - gpgcheck: 1
-    - gpgkey: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/repodata/repomd.xml.key
-    - enabled: 1
-    - priority: 90
-    - refresh: True
-
-kubernetes_tools_pkg:
-  pkg.installed:
-    - names:
-      - kubeadm
-      - kubelet
-      - kubectl
-    - require:
-      - pkgrepo: kubernetes_repo
-
-kubelet_service:
-  service.running:
-    - name: kubelet
-    - enable: True
-    - require:
-      - pkg: kubernetes_tools_pkg
+include:
+  - kubernetes.common.swap
+  - kubernetes.common.kernel_modules
+  - kubernetes.common.sysctl
+  - kubernetes.common.firewall
+  - kubernetes.common.cri_o
+  - kubernetes.common.tools
diff --git a/states/kubernetes/common/cri_o.sls b/states/kubernetes/common/cri_o.sls
new file mode 100644
index 0000000..0aa88c5
--- /dev/null
+++ b/states/kubernetes/common/cri_o.sls
@@ -0,0 +1,35 @@
+# SaltStack state for installing and configuring CRI-O container runtime.
+
+# Install CRI-O package, which is the container runtime for Kubernetes.
+cri_o_pkg:
+  pkg.installed:
+    - name: cri-o
+
+# Create CRI-O configuration directory.
+cri_o_config_dir:
+  file.directory:
+    - name: /etc/crio
+    - mode: "0755"
+    - makedirs: True
+    - require:
+      - pkg: cri_o_pkg
+
+# Modify CRI-O configuration to use systemd cgroup driver.
+cri_o_systemdcgroup_true:
+  file.replace:
+    - name: /etc/crio/crio.conf
+    - pattern: '(?m)^cgroup_manager\s*=\s*".*"'
+    - repl: 'cgroup_manager = "systemd"'
+    - require:
+      - pkg: cri_o_pkg
+    - watch_in:
+      - service: crio_service
+
+# Ensure CRI-O service is running and enabled.
+crio_service:
+  service.running:
+    - name: crio
+    - enable: True
+    - watch:
+      - pkg: cri_o_pkg
+      - file: cri_o_systemdcgroup_true
diff --git a/states/kubernetes/common/firewall.sls b/states/kubernetes/common/firewall.sls
new file mode 100644
index 0000000..658842f
--- /dev/null
+++ b/states/kubernetes/common/firewall.sls
@@ -0,0 +1,75 @@
+# SaltStack state for managing firewall (firewalld removal, nftables installation and configuration).
+
+# Ensure firewalld is stopped and disabled if it's installed.
+firewalld_service_dead:
+  service.dead:
+    - name: firewalld
+    - enable: False
+    - onlyif: 'systemctl is-enabled firewalld.service || systemctl is-active firewalld.service'
+
+# Remove the firewalld package if it's installed.
+firewalld_pkg_removed:
+  pkg.removed:
+    - name: firewalld
+    - require:
+      - service: firewalld_service_dead
+    - onlyif: 'rpm -q firewalld || dpkg -s firewalld'
+
+# Install the nftables package.
+nftables_pkg:
+  pkg.installed:
+    - name: nftables
+
+# Manage the nftables configuration file.
+nftables_config_file:
+  file.managed:
+    - name: /etc/nftables.conf
+    - contents: |
+        #!/usr/sbin/nft -f
+
+        flush ruleset
+
+        table ip filter {
+          chain input {
+            type filter hook input priority 0; policy drop;
+
+            ct state {established, related} accept
+
+            iif "lo" accept
+
+            tcp dport 22 accept
+
+            tcp dport 10250 accept
+
+            tcp dport 30000-32767 accept
+
+            icmp type echo-request accept
+
+          }
+
+          chain forward {
+            type filter hook forward priority 0; policy drop;
+
+            ct state {established, related} accept
+
+          }
+
+          chain output {
+            type filter hook output priority 0; policy accept;
+          }
+        }
+
+        {{ pillar.get("node_nftables_extra_rules", "") }}
+    - mode: "0644"
+    - require:
+      - pkg: nftables_pkg
+
+# Ensure the nftables service is running and enabled on boot.
+nftables_service:
+  service.running:
+    - name: nftables
+    - enable: True
+    - watch:
+      - file: nftables_config_file
+    - require:
+      - pkg: nftables_pkg
diff --git a/states/kubernetes/common/kernel_modules.sls b/states/kubernetes/common/kernel_modules.sls
new file mode 100644
index 0000000..2eba054
--- /dev/null
+++ b/states/kubernetes/common/kernel_modules.sls
@@ -0,0 +1,55 @@
+#### Necessary Kernel Modules
+
+kubernetes_kmod_config_dir:
+  file.directory:
+    - name: /etc/modules-load.d
+    - mode: "0755"
+    - makedirs: True
+
+kubernetes_kmod_config_file:
+  file.managed:
+    - name: /etc/modules-load.d/k8s.conf
+    - contents: |
+        br_netfilter
+        overlay
+        ip_tables
+        iptable_filter
+        iptable_nat
+    - mode: '0644'
+    - require:
+      - file: kubernetes_kmod_config_dir
+
+kubernetes_modprobe_br_netfilter:
+  cmd.run:
+    - name: modprobe br_netfilter
+    - unless: "lsmod | grep -q br_netfilter"
+    - require:
+      - file: kubernetes_kmod_config_file
+
+kubernetes_modprobe_overlay:
+  cmd.run:
+    - name: modprobe overlay
+    - unless: "lsmod | grep -q overlay"
+    - require:
+      - file: kubernetes_kmod_config_file
+
+kubernetes_modprobe_ip_tables:
+  cmd.run:
+    - name: modprobe ip_tables
+    - unless: "lsmod | grep -q ip_tables"
+    - require:
+      - file: kubernetes_kmod_config_file
+
+kubernetes_modprobe_iptable_filter:
+  cmd.run:
+    - name: modprobe iptable_filter
+    - unless: "lsmod | grep -q iptable_filter"
+    - require:
+      - file: kubernetes_kmod_config_file
+
+kubernetes_modprobe_iptable_nat:
+  cmd.run:
+    - name: modprobe iptable_nat
+    - unless: "lsmod | grep -q iptable_nat"
+    - require:
+      - file: kubernetes_kmod_config_file
diff --git a/states/kubernetes/common/swap.sls b/states/kubernetes/common/swap.sls
new file mode 100644
index 0000000..332a9e6
--- /dev/null
+++ b/states/kubernetes/common/swap.sls
@@ -0,0 +1,15 @@
+# swap off for k8s
+kubernetes_swap_off:
+  cmd.run:
+    - name: swapoff -a
+    - unless: "grep -q '^[^#]* swap' /etc/fstab"
+    - stateful: False
+
+kubernetes_fstab+no_swap:
+  cmd.run:
+    - name: swapoff -a
+    - pat: '^(\S+\s+none\s+swap\s+sw\s+0\s+0)$'
+    - repl: '#\1'
+    - stateful: False
+    - require:
+      - cmd: kubernetes_swap_off
\ No newline at end of file
diff --git a/states/kubernetes/common/sysctl.sls b/states/kubernetes/common/sysctl.sls
new file mode 100644
index 0000000..fec3f12
--- /dev/null
+++ b/states/kubernetes/common/sysctl.sls
@@ -0,0 +1,24 @@
+##### Port Forwarding
+
+kubernetes_sysctl_config_dir:
+  file.directory:
+    - name: /etc/sysctl.d
+    - mode: "0755"
+    - makedirs: True
+
+kubernetes_sysctl_file:
+  file.managed:
+    - name: /etc/sysctl.d/k8s.conf
+    - contents: |
+        net.ipv4.ip_forward = 1
+        net.bridge.bridge-nf-call-iptables = 1
+        net.bridge.bridge-nf-call-ip6tables = 1
+    - mode: "0644"
+    - require:
+      - file: kubernetes_sysctl_config_dir
+
+kubernetes_sysctl_reload:
+  cmd.run:
+    - name: sysctl --system
+    - onchanges:
+      - file: kubernetes_sysctl_file
\ No newline at end of file
diff --git a/states/kubernetes/common/tools.sls b/states/kubernetes/common/tools.sls
new file mode 100644
index 0000000..803ddab
--- /dev/null
+++ b/states/kubernetes/common/tools.sls
@@ -0,0 +1,31 @@
+# SaltStack state for installing Kubernetes tooling (kubeadm, kubelet, kubectl).
+
+# Add Kubernetes package repository.
+kubernetes_repo:
+  pkgrepo.managed:
+    - name: isv_kubernetes_core_stable_v1_33_build
+    - humanname: "isv:kubernetes:core:stable:v1.33:build"
+    - baseurl: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/
+    - gpgcheck: 1
+    - gpgkey: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/repodata/repomd.xml.key
+    - enabled: 1
+    - priority: 90
+    - refresh: True
+
+# Install Kubernetes tools: kubeadm, kubelet, and kubectl.
+kubernetes_tools_pkg:
+  pkg.installed:
+    - names:
+      - kubeadm
+      - kubelet
+      - kubectl
+    - require:
+      - pkgrepo: kubernetes_repo
+
+# Ensure kubelet service is running and enabled.
+kubelet_service:
+  service.running:
+    - name: kubelet
+    - enable: True
+    - require:
+      - pkg: kubernetes_tools_pkg
\ No newline at end of file
diff --git a/states/kubernetes/control_plane.sls b/states/kubernetes/control_plane.sls
index 7b8f773..2cfb575 100644
--- a/states/kubernetes/control_plane.sls
+++ b/states/kubernetes/control_plane.sls
@@ -1,31 +1,35 @@
+# This state file contains configurations specific to a Kubernetes control plane node.
+
+
 include:
   - common.init
-  - cilium.init
 
+# Initialize the Kubernetes control plane using kubeadm.
+# --pod-network-cidr is required for CNI, but we stop before installing CNI.
+# --ignore-preflight-errors=NumCPU is added as per original request.
 kubeadm_init:
   cmd.run:
     - name: 'kubeadm init --pod-network-cidr={{ pillar["pod_cidr"] }} --ignore-preflight-errors=NumCPU'
     - unless: 'test -f /etc/kubernetes/admin.conf'
     - require:
       - service: kubelet_service
-      - service: containerd_service
+      - service: crio_service
 
 kubeconfig_dir:
   file.directory:
     - name: /root/.kube
-    - mode: 755
+    - mode: "0755"
     - makedirs: True
     - require:
       - cmd: kubeadm_init
 
-
 kubeconfig_file:
   file.managed:
     - name: /root/.kube/config
     - source: file:///etc/kubernetes/admin.conf
     - user: root
     - group: root
-    - mode: 600
+    - mode: "0600"
     - require:
       - cmd: kubeadm_init
-      - file: kubeconfig_dir
+      - file: kubeconfig_dir
\ No newline at end of file
diff --git a/states/kubernetes/worker_node.sls b/states/kubernetes/worker_node.sls
new file mode 100644
index 0000000..db04227
--- /dev/null
+++ b/states/kubernetes/worker_node.sls
@@ -0,0 +1,36 @@
+# This state file contains configurations specific to a Kubernetes worker node.
+
+include:
+  - common.init
+
+# Initialize the Kubernetes control plane using kubeadm.
+# --pod-network-cidr is required for CNI, but we stop before installing CNI.
+# --ignore-preflight-errors=NumCPU is added as per original request.
+kubeadm_init:
+  cmd.run:
+    - name: 'kubeadm init --pod-network-cidr={{ pillar["pod_cidr"] }} --ignore-preflight-errors=NumCPU'
+    - unless: 'test -f /etc/kubernetes/admin.conf'
+    - require:
+      - service: kubelet_service
+      - service: crio_service # Ensure CRI-O is running before kubeadm init
+
+# Create .kube directory for the root user.
+kubeconfig_dir:
+  file.directory:
+    - name: /root/.kube
+    - mode: 755
+    - makedirs: True
+    - require:
+      - cmd: kubeadm_init
+
+# Copy the kubeconfig file to the root user's home directory for kubectl access.
+kubeconfig_file:
+  file.managed:
+    - name: /root/.kube/config
+    - source: file:///etc/kubernetes/admin.conf
+    - user: root
+    - group: root
+    - mode: 600
+    - require:
+      - cmd: kubeadm_init
+      - file: kubeconfig_dir