149 lines
3.3 KiB
Plaintext
149 lines
3.3 KiB
Plaintext
# Common Setup procedures for all Kubernetes nodes
|
|
#### Swap off
|
|
|
|
kubernetes_swap_off:
|
|
cmd.run:
|
|
- name: swapoff -a
|
|
- unless: "grep -q '^[^#]* swap' /etc/fstab"
|
|
- stateful: False
|
|
|
|
kubernetes_fstab+no_swap:
|
|
cmd.run:
|
|
- name: swapoff -a
|
|
- pat: '^(\S+\s+none\s+swap\s+sw\s+0\s+0)$'
|
|
- repl: '#\1'
|
|
- stateful: False
|
|
|
|
#### Necessary Kernel Modules
|
|
|
|
kubernetes_kmod_config_dir:
|
|
file.directory:
|
|
- name: /etc/modules-load.d
|
|
- mode: 755
|
|
- makedirs: True
|
|
|
|
|
|
kubernetes_kmod_config_file:
|
|
file.managed:
|
|
- name: /etc/modules-load.d/k8s.conf
|
|
- contents: |
|
|
br_netfilter
|
|
overlay
|
|
ip_tables
|
|
iptable_filter
|
|
iptable_nat
|
|
- mode: 644
|
|
|
|
kubernetes_modprobe_br_netfilter:
|
|
cmd.run:
|
|
- name: modprobe br_netfilter
|
|
- unless: "lsmod | grep -q br_netfilter"
|
|
|
|
kubernetes_modprobe_overlay:
|
|
cmd.run:
|
|
- name: modprobe overlay
|
|
- unless: "lsmod | grep -q overlay"
|
|
|
|
kubernetes_modprobe_ip_tables:
|
|
cmd.run:
|
|
- name: modprobe ip_tables
|
|
- unless: "lsmod | grep -q ip_tables"
|
|
|
|
kubernetes_modprobe_iptable_filter:
|
|
cmd.run:
|
|
- name: modprobe iptable_filter
|
|
- unless: "lsmod | grep -q iptable_filter"
|
|
|
|
kubernetes_modprobe_iptable_nat:
|
|
cmd.run:
|
|
- name: modprobe iptable_nat
|
|
- unless: "lsmod | grep -q iptable_nat"
|
|
|
|
##### Port Forwarding
|
|
|
|
kubernetes_sysctl_config_dir:
|
|
file.directory:
|
|
- name: /etc/sysctl.d
|
|
- mode: 755
|
|
- makedirs: True
|
|
|
|
kubernetes_sysctl_file:
|
|
file.managed:
|
|
- name: /etc/sysctl.d/k8s.conf
|
|
- contents: |
|
|
net.ipv4.ip_forward = 1
|
|
net.bridge.bridge-nf-call-iptables = 1
|
|
net.bridge.bridge-nf-call-ip6tables = 1
|
|
- mode: 644
|
|
|
|
kubernetes_sysctl_reload:
|
|
cmd.run:
|
|
- name: sysctl --system
|
|
- onchanges:
|
|
- file: kubernetes_sysctl_file
|
|
|
|
##### Container Runtime
|
|
|
|
containerd_pkg:
|
|
pkg.installed:
|
|
- name: containerd
|
|
|
|
containerd_config_dir:
|
|
file.directory:
|
|
- name: /etc/containerd
|
|
- mode: 755
|
|
- makedirs: True
|
|
- require:
|
|
- pkg: containerd_pkg
|
|
|
|
containerd_default_config:
|
|
cmd.run:
|
|
- name: containerd config default > /etc/containerd/config.toml
|
|
- unless: "test -f /etc/containerd/config.toml"
|
|
- require:
|
|
- file: containerd_config_dir
|
|
|
|
containerd_systemdcgroup_true:
|
|
file.replace:
|
|
- name: /etc/containerd/config.toml
|
|
- pattern: 'SystemdCgroup = false'
|
|
- repl: 'SystemdCgroup = true'
|
|
- require:
|
|
- cmd: containerd_default_config
|
|
|
|
containerd_service:
|
|
service.running:
|
|
- name: containerd
|
|
- enable: True
|
|
- watch:
|
|
- file: containerd_systemdcgroup_true
|
|
|
|
##### Kubernetes tooling
|
|
|
|
kubernetes_repo:
|
|
pkgrepo.managed:
|
|
- name: isv_kubernetes_core_stable_v1_33_build
|
|
- humanname: "isv:kubernetes:core:stable:v1.33:build"
|
|
- baseurl: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/
|
|
- gpgcheck: 1
|
|
- gpgkey: https://download.opensuse.org/repositories/isv:/kubernetes:/core:/stable:/v1.33:/build/rpm/repodata/repomd.xml.key
|
|
- enabled: 1
|
|
- priority: 90
|
|
- refresh: True
|
|
|
|
kubernetes_tools_pkg:
|
|
pkg.installed:
|
|
- names:
|
|
- kubeadm
|
|
- kubelet
|
|
- kubectl
|
|
- require:
|
|
- pkgrepo: kubernetes_repo
|
|
|
|
kubelet_service:
|
|
service.running:
|
|
- name: kubelet
|
|
- enable: True
|
|
- require:
|
|
- pkg: kubernetes_tools_pkg
|