Page Menu
Home
DevCentral
Search
Configure Global Search
Log In
Files
F4060904
D2310.id5893.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
13 KB
Referenced Files
None
Subscribers
None
D2310.id5893.diff
View Options
diff --git a/roles/core/userland-software/init.sls b/roles/core/userland-software/init.sls
--- a/roles/core/userland-software/init.sls
+++ b/roles/core/userland-software/init.sls
@@ -21,6 +21,20 @@
- source: salt://roles/core/userland-software/files/nasqueron.repo
{% endif %}
+{% if grains['os_family'] == 'Debian' %}
+apt-transport-https:
+ pkg.installed
+{% endif %}
+
+{% if grains['os'] == 'Debian' %}
+backports_repo:
+ pkgrepo.managed:
+ - humanname: Backports
+ - name: deb http://deb.debian.org/debian {{ grains['oscodename'] }}-backports main
+ - dist: {{ grains['oscodename'] }}-backports
+ - file: /etc/apt/sources.list.d/backports.list
+{% endif %}
+
{% if grains['kernel'] == 'Linux' %}
snapd:
pkg.installed
diff --git a/roles/paas-kubernetes/init.sls b/roles/paas-kubernetes/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/init.sls
@@ -0,0 +1,11 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-19
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .network
+ - .kubernetes
diff --git a/roles/paas-kubernetes/kubernetes/container-runtime.sls b/roles/paas-kubernetes/kubernetes/container-runtime.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/container-runtime.sls
@@ -0,0 +1,73 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% from "roles/paas-kubernetes/map.jinja" import k8s with context %}
+
+# -------------------------------------------------------------
+# Kernel configuration
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+overlay:
+ kmod.present:
+ - persist: True
+
+net.ipv4.ip_forward:
+ sysctl.present:
+ - value: 1
+ - config: /etc/sysctl.d/10-k8s-cri.conf
+
+# -------------------------------------------------------------
+# Repository
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+libcontainers_repo:
+ pkgrepo.managed:
+ - humanname: libcontainers
+ - name: deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/{{ k8s['os'] }} /
+ - file: /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
+ - dist: /
+ - key_url: salt://roles/paas-kubernetes/kubernetes/files/libcontainers-apt-key.gpg
+
+cri-o_repo:
+ pkgrepo.managed:
+ - humanname: CRI-O
+ - name: deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/{{ k8s['version'] }}/{{ k8s['os'] }} /
+ - file: /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:{{ k8s['version'] }}.list
+ - dist: /
+ - key_url: salt://roles/paas-kubernetes/kubernetes/files/cri-o-apt-key.gpg
+
+# -------------------------------------------------------------
+# CRI-O packages
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+libseccomp2:
+ pkg.latest:
+ - fromrepo: {{ grains['oscodename'] }}-backports
+
+cri-o_packages:
+ pkg.installed:
+ - pkgs:
+ - cri-o
+ - cri-o-runc
+ - hold: True
+
+/etc/crio/crio.conf.d:
+ file.recurse:
+ - source: salt://roles/paas-kubernetes/kubernetes/files/crio.conf.d
+ - include_empty: True
+
+# -------------------------------------------------------------
+# Service
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+cri-o_service:
+ service.running:
+ - name: crio
+ - enable: True
+ - onchanges:
+ - pkg: cri-o_packages
diff --git a/roles/paas-kubernetes/kubernetes/files/cri-o-apt-key.gpg b/roles/paas-kubernetes/kubernetes/files/cri-o-apt-key.gpg
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/files/cri-o-apt-key.gpg
@@ -0,0 +1,21 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.15 (GNU/Linux)
+
+mQENBFtkV0cBCADStSTCG5qgYtzmWfymHZqxxhfwfS6fdHJcbGUeXsI5dxjeCWhs
+XarZm6rWZOd5WfSmpXhbKOyM6Ll+6bpSl5ICHLa6fcpizYWEPa8fpg9EGl0cF12G
+GgVLnnOZ6NIbsoW0LHt2YN0jn8xKVwyPp7KLHB2paZh+KuURERG406GXY/DgCxUx
+Ffgdelym/gfmt3DSq6GAQRRGHyucMvPYm53r+jVcKsf2Bp6E1XAfqBrD5r0maaCU
+Wvd7bi0B2Q0hIX0rfDCBpl4rFqvyaMPgn+Bkl6IW37zCkWIXqf1E5eDm/XzP881s
++yAvi+JfDwt7AE+Hd2dSf273o3WUdYJGRwyZABEBAAG0OGRldmVsOmt1YmljIE9C
+UyBQcm9qZWN0IDxkZXZlbDprdWJpY0BidWlsZC5vcGVuc3VzZS5vcmc+iQE+BBMB
+CAAoBQJbZFdHAhsDBQkEHrAABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBN
+ZDkDdQYKpL0BCACEuegX4bxPkdnML70BbvBmDazyuWYZtSAOLoTosVwXBlTeAIoY
+xAw2Sdc895808blU964fuu8IDcR5KuvkTGSGIDBJ6fHZSFD8r68WSS0k1gOY7bUW
+8kkeThlvuMATgULJIYGQ3vYrEhn5e+Pe8fb3AJmQpQWzcjtPX+pk66sVUT6iNaSt
+QtBVGNTQvVDHekF1j/mYmVbIjIWL6whYkdtlu7KYzCx6KhY9u7i3THxY5ICsq64b
+rYcy5FHaVv5SHfTvtu1WtiSlACVfOgPGntpI+Xi4P2F4n4c5I5VKBxpHteW4LGz8
+YOISzS7ZZlbZ7qus353OU0v6UbA660ju5/gGiEYEExECAAYFAltkV0cACgkQOzAR
+t2udZSOoswCdF44NTN09DwhPFbNYhEMb9juP5ykAn0bcELvuKmgDwEwZMrPQkG8t
+Pu9n
+=CNmf
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/paas-kubernetes/kubernetes/files/crio.conf.d/runc.conf b/roles/paas-kubernetes/kubernetes/files/crio.conf.d/runc.conf
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/files/crio.conf.d/runc.conf
@@ -0,0 +1,19 @@
+# -------------------------------------------------------------
+# Kubernetes configuration - CRI-O
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# Source file: roles/paas-kubernetes/kubernetes/files/crio.conf.d/runc.conf
+# -------------------------------------------------------------
+#
+# <auto-generated>
+# This file is managed by our rOPS SaltStack repository.
+#
+# Changes to this file may cause incorrect behavior
+# and will be lost if the state is redeployed.
+# </auto-generated>
+
+[crio.runtime.runtimes.runc]
+runtime_path = "/usr/lib/cri-o-runc/sbin/runc"
+runtime_type = "oci"
+runtime_root = "/run/runc"
diff --git a/roles/paas-kubernetes/kubernetes/files/kubernetes-apt-key.gpg b/roles/paas-kubernetes/kubernetes/files/kubernetes-apt-key.gpg
new file mode 100644
index 0000000000000000000000000000000000000000..12e9f40fee769d77840d72838760203785b5469b
GIT binary patch
literal 653
zc$@)^0&@Mvz)b{N!D!n72mtFBUkVAk8J3O>j0@Fy#K8)BdRf3wCz=w6zl8V5*Y%9&
zP%6!?37!eSj8gQ&L_A+jpvlR$hq?#bYmMis85=f|c<qJkA+MM(r-T#Nrb=Wjj<l8{
zCO+AMSi->IvIis=cW$ai^w{S?LRfksvCpA!dLRGW)c6@<$|eWzIMsEvEh0~1RvRL<
zpTIZJzS#vpk94o2WSvydmYR@<k&88BSg8|h83X39AC0X>E0SGjQr$~LYrd=}xNRnq
znAY$p#0rrUgyKZv2fc$nPV*mv=F;jkU{O{ZimWh;suCzk|I&?L!I%cWty&C=qJrhI
z(zloH9ag7&aybbzQ854!0RREbKu2$HXKZC4Lu_w#WFSysV{2h&Wpf}wb#!lSVRUI@
zAX8~)ZfS03AWLO=AUtPdEp%mJZ9r#lZ)a>}E@N+PKEl9w1QP)Q04xOpTES@B2@q-n
z3n97(^!oxE4+RMYqndyQ3ke7Z0|EvW2m%QT3j`Jd0|5X4CcX#&&Sij|f=)!yyJ)cb
z(Qt3wFNm~yTSIjUB#%=FwSqAUGQMlksHO%kg<c`kxqi_iS5h}A<jR>Dtk5P*!#qh(
ztgbH6>%fIhl%N9jysBB{zi6<mKq+_iF~>OAYOeq_%2ojCL$G&)8G^zRWzL503z}+J
z;R=Dc;Edx*E=)9C=VQVoPMgtPZRa&Abf=1BBhWq@693xWVE=LuL7lT575!Ux3&>-?
zg)o9&1#5dh;ix*60w4Q?rH~LEeqYQ^<?j8Xp#fwfhmJUk0Di9VS`C6BVv7}oEKlG?
n0DNX-`lsmHV3^+xX|?V3GcT`H*B%j+l%&V4N&F(WbO7){44)t#
literal 0
Hc$@<O00001
diff --git a/roles/paas-kubernetes/kubernetes/files/libcontainers-apt-key.gpg b/roles/paas-kubernetes/kubernetes/files/libcontainers-apt-key.gpg
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/files/libcontainers-apt-key.gpg
@@ -0,0 +1,21 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v2.0.15 (GNU/Linux)
+
+mQENBFtkV0cBCADStSTCG5qgYtzmWfymHZqxxhfwfS6fdHJcbGUeXsI5dxjeCWhs
+XarZm6rWZOd5WfSmpXhbKOyM6Ll+6bpSl5ICHLa6fcpizYWEPa8fpg9EGl0cF12G
+GgVLnnOZ6NIbsoW0LHt2YN0jn8xKVwyPp7KLHB2paZh+KuURERG406GXY/DgCxUx
+Ffgdelym/gfmt3DSq6GAQRRGHyucMvPYm53r+jVcKsf2Bp6E1XAfqBrD5r0maaCU
+Wvd7bi0B2Q0hIX0rfDCBpl4rFqvyaMPgn+Bkl6IW37zCkWIXqf1E5eDm/XzP881s
++yAvi+JfDwt7AE+Hd2dSf273o3WUdYJGRwyZABEBAAG0OGRldmVsOmt1YmljIE9C
+UyBQcm9qZWN0IDxkZXZlbDprdWJpY0BidWlsZC5vcGVuc3VzZS5vcmc+iQE+BBMB
+CAAoBQJbZFdHAhsDBQkEHrAABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRBN
+ZDkDdQYKpL0BCACEuegX4bxPkdnML70BbvBmDazyuWYZtSAOLoTosVwXBlTeAIoY
+xAw2Sdc895808blU964fuu8IDcR5KuvkTGSGIDBJ6fHZSFD8r68WSS0k1gOY7bUW
+8kkeThlvuMATgULJIYGQ3vYrEhn5e+Pe8fb3AJmQpQWzcjtPX+pk66sVUT6iNaSt
+QtBVGNTQvVDHekF1j/mYmVbIjIWL6whYkdtlu7KYzCx6KhY9u7i3THxY5ICsq64b
+rYcy5FHaVv5SHfTvtu1WtiSlACVfOgPGntpI+Xi4P2F4n4c5I5VKBxpHteW4LGz8
+YOISzS7ZZlbZ7qus353OU0v6UbA660ju5/gGiEYEExECAAYFAltkV0cACgkQOzAR
+t2udZSOoswCdF44NTN09DwhPFbNYhEMb9juP5ykAn0bcELvuKmgDwEwZMrPQkG8t
+Pu9n
+=CNmf
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/roles/paas-kubernetes/kubernetes/init.sls b/roles/paas-kubernetes/kubernetes/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/init.sls
@@ -0,0 +1,12 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-19
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .swap
+ - .container-runtime
+ - .software
diff --git a/roles/paas-kubernetes/kubernetes/software.sls b/roles/paas-kubernetes/kubernetes/software.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/software.sls
@@ -0,0 +1,31 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Repository
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+kubernetes_repo:
+ pkgrepo.managed:
+ - humanname: Kubernetes
+ - name: deb https://apt.kubernetes.io/ kubernetes-xenial main
+ - dist: kubernetes-xenial
+ - file: /etc/apt/sources.list.d/kubernetes.list
+ - key_url: salt://roles/paas-kubernetes/kubernetes/files/kubernetes-apt-key.gpg
+
+# -------------------------------------------------------------
+# Kubernetes packages
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+kubernetes_packages:
+ pkg.installed:
+ - pkgs:
+ - kubelet
+ - kubeadm
+ - kubectl
+ - hold: True
diff --git a/roles/paas-kubernetes/kubernetes/swap.sls b/roles/paas-kubernetes/kubernetes/swap.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/kubernetes/swap.sls
@@ -0,0 +1,21 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-21
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# Kubelet requires swap to be disabled
+
+disable_swap_in_fstab:
+ mount.fstab_absent:
+ - name: swap
+ - fs_file: swap
+ - mount_by: uuid
+
+disable_swap_at_runtime:
+ cmd.run:
+ - name: swapoff -a
+ - onchanges:
+ - mount: disable_swap_in_fstab
diff --git a/roles/paas-kubernetes/map.jinja b/roles/paas-kubernetes/map.jinja
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/map.jinja
@@ -0,0 +1,13 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+{% set k8s = salt['grains.filter_by']({
+ 'Debian': {
+ 'os': 'Debian_Testing',
+ 'version': '1.19',
+ },
+}, default='Debian') %}
diff --git a/roles/paas-kubernetes/network/br_netfilter.sls b/roles/paas-kubernetes/network/br_netfilter.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/network/br_netfilter.sls
@@ -0,0 +1,25 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+# -------------------------------------------------------------
+# Let iptables see bridged traffic
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+br_netfilter:
+ kmod.present:
+ - persist: True
+
+net.bridge.bridge-nf-call-ip6tables:
+ sysctl.present:
+ - value: 1
+ - config: /etc/sysctl.d/10-k8s-br_netfilter.conf
+
+net.bridge.bridge-nf-call-iptables:
+ sysctl.present:
+ - value: 1
+ - config: /etc/sysctl.d/10-k8s-br_netfilter.conf
diff --git a/roles/paas-kubernetes/network/init.sls b/roles/paas-kubernetes/network/init.sls
new file mode 100644
--- /dev/null
+++ b/roles/paas-kubernetes/network/init.sls
@@ -0,0 +1,10 @@
+# -------------------------------------------------------------
+# Salt — Kubernetes
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+# Project: Nasqueron
+# Created: 2020-09-20
+# License: Trivial work, not eligible to copyright
+# -------------------------------------------------------------
+
+include:
+ - .br_netfilter
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Mon, Jan 27, 08:44 (3 h, 46 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2379919
Default Alt Text
D2310.id5893.diff (13 KB)
Attached To
Mode
D2310: Install Kubernetes
Attached
Detach File
Event Timeline
Log In to Comment