C12s/c12s-kubespray
3
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Remove rkt support (#4671)

Browse source
This commit is contained in:
Andreas Krüger 2019-04-29 10:14:20 +02:00 committed by Kubernetes Prow Robot
parent 741de6051c
commit 38af93b60c
32 changed files with 7 additions and 302 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.gitlab-ci/gce.yml
View file

@ -256,13 +256,6 @@ gce_coreos-kube-router:
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-rkt-sep:
stage: deploy-gce
<<: *gce
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
gce_ubuntu-kube-router-sep:
stage: deploy-special
<<: *gce

7
.gitlab-ci/packet.yml
View file

@ -115,13 +115,6 @@ packet_opensuse-canal:
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu-rkt-sep:
stage: deploy-part2
<<: *packet
when: manual
except: ['triggers']
only: ['master', /^pr-.*$/]
packet_ubuntu-kube-router-sep:
stage: deploy-special
<<: *packet

6
README.md
View file

@ -111,7 +111,6 @@ Supported Components
- [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.1
- [etcd](https://github.com/coreos/etcd) v3.2.26
- [docker](https://www.docker.com/) v18.06 (see note)
- [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)
- [cri-o](http://cri-o.io/) v1.11.5 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
- Network Plugin
- [calico](https://github.com/projectcalico/calico) v3.4.0
@ -131,11 +130,6 @@ Supported Components
Note: The list of validated [docker versions](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md) was updated to 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06. kubeadm now properly recognizes Docker 18.09.0 and newer, but still treats 18.06 as the default supported version. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
Note 2: rkt support as docker alternative is limited to control plane (etcd and
kubelet). Docker is still used for Kubernetes cluster workloads and network
plugins' related OS services. Also note, only one of the supported network
plugins can be deployed for a given single cluster.
Requirements
------------

2
contrib/vault/roles/vault/tasks/shared/check_vault.yml
View file

@ -1,7 +1,7 @@
---
# Stop temporary Vault if it's running (can linger if playbook fails out)
- name: stop vault-temp container
shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
shell: docker stop {{ vault_temp_container_name }}
failed_when: false
register: vault_temp_stop
changed_when: vault_temp_stop is succeeded

45
contrib/vault/roles/vault/templates/rkt.service.j2
View file

@ -1,45 +0,0 @@
[Unit]
Description=hashicorp vault on rkt
Documentation=https://github.com/hashicorp/vault
Wants=network.target
[Service]
User=root
Restart=on-failure
RestartSec=10s
TimeoutStartSec=5
LimitNOFILE=40000
# Container has the following internal mount points:
# /vault/file/ # File backend storage location
# /vault/logs/ # Log files
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/vault.uuid
ExecStart=/usr/bin/rkt run \
--insecure-options=image \
--volume hosts,kind=host,source=/etc/hosts,readOnly=true \
--mount volume=hosts,target=/etc/hosts \
--volume=volume-vault-file,kind=host,source=/var/lib/vault \
--volume=volume-vault-logs,kind=host,source={{ vault_log_dir }} \
--volume=vault-cert-dir,kind=host,source={{ vault_cert_dir }} \
--mount=volume=vault-cert-dir,target={{ vault_cert_dir }} \
--volume=vault-conf-dir,kind=host,source={{ vault_config_dir }} \
--mount=volume=vault-conf-dir,target={{ vault_config_dir }} \
--volume=vault-secrets-dir,kind=host,source={{ vault_secrets_dir }} \
--mount=volume=vault-secrets-dir,target={{ vault_secrets_dir }} \
--volume=vault-roles-dir,kind=host,source={{ vault_roles_dir }} \
--mount=volume=vault-roles-dir,target={{ vault_roles_dir }} \
--volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }} \
--mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
docker://{{ vault_image_repo }}:{{ vault_image_tag }} \
--uuid-file-save=/var/run/vault.uuid \
--name={{ vault_container_name }} \
--net=host \
--caps-retain=CAP_IPC_LOCK \
--exec vault -- \
server \
--config={{ vault_config_dir }}/config.json
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/vault.uuid
[Install]
WantedBy=multi-user.target

2
contrib/vault/vault.md
View file

@ -93,6 +93,6 @@ Potential Work
- Change the Vault role to not run certain tasks when ``root_token`` and
``unseal_keys`` are not present. Alternatively, allow user input for these
values when missing.
- Add the ability to start temp Vault with Host, Rkt, or Docker
- Add the ability to start temp Vault with Host or Docker
- Add a dynamic way to change out the backend role creation during Bootstrap,
so other services can be used (such as Consul)

2
docs/ansible.md
View file

@ -70,7 +70,7 @@ The group variables to control main deployment options are located in the direct
Optional variables are located in the `inventory/sample/group_vars/all.yml`.
Mandatory variables that are common for at least one role (or a node group) can be found in the
`inventory/sample/group_vars/k8s-cluster.yml`.
There are also role vars for docker, rkt, kubernetes preinstall and master roles.
There are also role vars for docker, kubernetes preinstall and master roles.
According to the [ansible docs](http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable),
those cannot be overridden from the group vars. In order to override, one should use
the `-e ` runtime flags (most simple way) or other layers described in the docs.

2
docs/roadmap.md
View file

@ -2,7 +2,7 @@ Kubespray's roadmap
=================
### Self deployment (pull-mode) [#320](https://github.com/kubespray/kubespray/issues/320)
- the playbook would install and configure docker/rkt and the etcd cluster
- the playbook would install and configure docker and the etcd cluster
- the following data would be inserted into etcd: certs,tokens,users,inventory,group_vars.
- a "kubespray" container would be deployed (kubespray-cli, ansible-playbook)
- to be discussed, a way to provide the inventory

4
docs/vars.md
View file

@ -102,7 +102,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
that correspond to each node.
* *kubelet_deployment_type* - Controls which platform to deploy kubelet on.
Available options are ``host``, ``rkt``, and ``docker``. ``docker`` mode
Available options are ``host`` and ``docker``. ``docker`` mode
is unlikely to work on newer releases. Starting with Kubernetes v1.7
series, this now defaults to ``host``. Before v1.7, the default was Docker.
This is because of cgroup [issues](https://github.com/kubernetes/kubernetes/issues/43704).
@ -113,7 +113,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
* *kubelet_cgroup_driver* - Allows manual override of the
cgroup-driver option for Kubelet. By default autodetection is used
to match Docker configuration.
* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates
* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates
from the kube-apiserver when the certificate expiration approaches.
* *node_labels* - Labels applied to nodes via kubelet --node-labels parameter.
For example, labels can be set in the inventory as variables or more widely in group_vars.

10
roles/container-engine/meta/main.yml
View file

@ -7,17 +7,9 @@ dependencies:
- container-engine
- crio
- role: container-engine/rkt
when:
- container_manager == 'rkt'
tags:
- container-engine
- rkt
- role: container-engine/docker
when:
- container_manager == 'docker' or container_manager == "rkt"
- container_manager == 'docker'
tags:
- container-engine
- docker
- rkt

6
roles/container-engine/rkt/defaults/main.yml
View file

@ -1,6 +0,0 @@
---
rkt_version: 1.21.0
rkt_pkg_version: "{{ rkt_version }}-1"
rkt_download_src: https://github.com/coreos/rkt
rkt_download_url: "{{ rkt_download_src }}/releases/download/v{{ rkt_version }}"

2
roles/container-engine/rkt/files/rkt-gc.sh
View file

@ -1,2 +0,0 @@
#!/bin/bash
rkt gc

54
roles/container-engine/rkt/tasks/install.yml
View file

@ -1,54 +0,0 @@
---
- name: gather os specific variables for rkt
include_vars: "{{ item }}"
with_first_found:
- files:
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
- "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
- "{{ ansible_distribution|lower }}.yml"
- "{{ ansible_os_family|lower }}.yml"
- defaults.yml
paths:
- ../vars
skip: true
tags:
- facts
- name: install rkt pkg on ubuntu
apt:
deb: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when: ansible_os_family == "Debian"
- name: install rkt pkg on fedora
dnf:
name: rkt
state: present
when: ansible_distribution == "Fedora"
- name: install rkt pkg on centos
yum:
pkg: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when:
- ansible_os_family == "RedHat"
- ansible_distribution != "Fedora"
- name: install rkt pkg on openSUSE
zypper:
name: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
state: present
register: rkt_task_result
until: rkt_task_result is succeeded
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
when: ansible_os_family == "Suse"

13
roles/container-engine/rkt/tasks/main.yml
View file

@ -1,13 +0,0 @@
---
- name: Install rkt
import_tasks: install.yml
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
- name: Set up cron job to do garbage cleanup
copy:
src: rkt-gc.sh
dest: /etc/cron.hourly/rkt-gc.sh
owner: root
group: root
mode: 0750
when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]

2
roles/container-engine/rkt/vars/debian.yml
View file

@ -1,2 +0,0 @@
---
rkt_pkg_name: "rkt_{{ rkt_pkg_version }}_amd64.deb"

2
roles/container-engine/rkt/vars/fedora.yml
View file

@ -1,2 +0,0 @@
---
rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

2
roles/container-engine/rkt/vars/redhat.yml
View file

@ -1,2 +0,0 @@
---
rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

2
roles/container-engine/rkt/vars/suse.yml
View file

@ -1,2 +0,0 @@
---
rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

4
roles/download/templates/kubeadm-images.yaml.j2
View file

@ -8,8 +8,6 @@ kind: InitConfiguration
nodeRegistration:
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}
@ -41,8 +39,6 @@ etcd:
nodeRegistration:
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

30
roles/etcd/tasks/install_rkt.yml
View file

@ -1,30 +0,0 @@
---
- name: Trust etcd container
command: >-
/usr/bin/rkt trust
--skip-fingerprint-review
--root
https://quay.io/aci-signing-key
register: etcd_rkt_trust_result
until: etcd_rkt_trust_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
environment: "{{proxy_env}}"
when: etcd_cluster_setup
- name: Install | Copy etcdctl binary from rkt container
command: >-
/usr/bin/rkt run
--volume=bin-dir,kind=host,source={{ bin_dir}},readOnly=false
--mount=volume=bin-dir,target=/host/bin
{{ etcd_image_repo }}:{{ etcd_image_tag }}
--name=etcdctl-binarycopy
--exec=/bin/cp -- /usr/local/bin/etcdctl /host/bin/etcdctl
register: etcd_task_result
until: etcd_task_result.rc == 0
retries: 4
delay: "{{ retry_stagger | random + 3 }}"
changed_when: false
environment: "{{proxy_env}}"
when: etcd_cluster_setup

31
roles/etcd/templates/etcd-events-rkt.service.j2
View file

@ -1,31 +0,0 @@
[Unit]
Description=etcd events rkt wrapper
Documentation=https://github.com/coreos/etcd
Wants=network.target
[Service]
Restart=on-failure
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000
ExecStart=/usr/bin/rkt run \
--uuid-file-save=/var/run/etcd-events.uuid \
--volume hosts,kind=host,source=/etc/hosts,readOnly=true \
--mount volume=hosts,target=/etc/hosts \
--volume=etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
--mount=volume=etc-ssl-certs,target=/etc/ssl/certs \
--volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }},readOnly=true \
--mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
--volume=etcd-data-dir,kind=host,source={{ etcd_events_data_dir }},readOnly=false \
--mount=volume=etcd-data-dir,target={{ etcd_events_data_dir }} \
--set-env-file=/etc/etcd-events.env \
--stage1-from-dir=stage1-fly.aci \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
--name={{ etcd_member_name | default("etcd-events") }}
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/etcd-events.uuid
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/etcd-events.uuid
[Install]
WantedBy=multi-user.target

31
roles/etcd/templates/etcd-rkt.service.j2
View file

@ -1,31 +0,0 @@
[Unit]
Description=etcd rkt wrapper
Documentation=https://github.com/coreos/etcd
Wants=network.target
[Service]
Restart=on-failure
RestartSec=10s
TimeoutStartSec=0
LimitNOFILE=40000
ExecStart=/usr/bin/rkt run \
--uuid-file-save=/var/run/etcd.uuid \
--volume hosts,kind=host,source=/etc/hosts,readOnly=true \
--mount volume=hosts,target=/etc/hosts \
--volume=etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
--mount=volume=etc-ssl-certs,target=/etc/ssl/certs \
--volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }},readOnly=true \
--mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
--volume=etcd-data-dir,kind=host,source={{ etcd_data_dir }},readOnly=false \
--mount=volume=etcd-data-dir,target={{ etcd_data_dir }} \
--set-env-file=/etc/etcd.env \
--stage1-from-dir=stage1-fly.aci \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \
--name={{ etcd_member_name | default("etcd") }}
ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/etcd.uuid
ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/etcd.uuid
[Install]
WantedBy=multi-user.target

2
roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha2.j2
View file

@ -18,8 +18,6 @@ nodeRegistration:
name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1alpha3.j2
View file

@ -18,8 +18,6 @@ nodeRegistration:
name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/kubeadm/templates/kubeadm-client.conf.v1beta1.j2
View file

@ -16,8 +16,6 @@ nodeRegistration:
name: {{ kube_override_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/master/templates/kubeadm-config.v1alpha2.yaml.j2
View file

@ -230,8 +230,6 @@ nodeRegistration:
{% endif %}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/master/templates/kubeadm-config.v1alpha3.yaml.j2
View file

@ -16,8 +16,6 @@ nodeRegistration:
{% endif %}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/master/templates/kubeadm-config.v1beta1.yaml.j2
View file

@ -16,8 +16,6 @@ nodeRegistration:
{% endif %}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

2
roles/kubernetes/master/templates/kubeadm-controlplane.v1beta1.yaml.j2
View file

@ -19,8 +19,6 @@ nodeRegistration:
name: {{ inventory_hostname }}
{% if container_manager == 'crio' %}
criSocket: /var/run/crio/crio.sock
{% elif container_manager == 'rkt' %}
criSocket: /var/run/rkt.sock
{% else %}
criSocket: /var/run/dockershim.sock
{% endif %}

1
roles/reset/tasks/main.yml
View file

@ -215,7 +215,6 @@
- "{{ bin_dir }}/calicoctl"
- "{{ bin_dir }}/calico-upgrade"
- "{{ bin_dir }}/weave"
- /var/lib/rkt
- /var/lib/cni
- /etc/vault
- /etc/contiv

15
tests/files/gce_ubuntu-rkt-sep.yml
View file

@ -1,15 +0,0 @@
---
# Instance settings
cloud_image_family: ubuntu-1604-lts
cloud_region: us-central1-c
mode: separate
# Deployment settings
kube_network_plugin: flannel
etcd_deployment: rkt
kubelet_deployment: rkt
download_localhost: true
download_run_once: true
deploy_netchecker: true
dns_min_replicas: 1
cloud_provider: gce

13
tests/files/packet_ubuntu-rkt-sep.yml
View file

@ -1,13 +0,0 @@
---
# Instance settings
cloud_image: ubuntu-1604
mode: separate
# Kubespray settings
kube_network_plugin: flannel
etcd_deployment: rkt
kubelet_deployment: rkt
download_localhost: true
download_run_once: true
deploy_netchecker: true
dns_min_replicas: 1