rktenetes (wip)

fix rkt installation

inventory/group_vars/all.yml

@@ -36,6 +36,9 @@ cluster_name: cluster.local
 # Subdomains of DNS domain to be resolved via /etc/resolv.conf
 ndots: 5
 
+# Choose the container engine (docker, rkt)
+kube_container_engine: docker
+
 # For some environments, each node has a pubilcally accessible
 # address and an address it should bind services to.  These are
 # really inventory level variables, but described here for consistency.

roles/adduser/defaults/main.yml

@@ -14,6 +14,13 @@ addusers:
     system: yes
     group: "{{ kube_cert_group }}"
     createhome: no
+  rkt:
+    name: rkt
+    comment: "rkt user"
+    shell: /sbin/nologin
+    system: yes
+    group: rkt
+    createhome: no
 
 adduser:
   name: "{{ user.name }}"

roles/container_engine/docker/templates/systemd-docker.service.j2

@@ -0,0 +1,40 @@
+[Unit]
+Description=Docker Application Container Engine
+Documentation=http://docs.docker.com
+{% if ansible_os_family == "RedHat" %}
+After=network.target docker-storage-setup.service
+Wants=docker-storage-setup.service
+{% elif ansible_os_family == "Debian" %}
+After=network.target docker.socket
+Wants=docker.socket
+{% endif %}
+
+[Service]
+Type=notify
+{% if ansible_os_family == "RedHat" %}
+EnvironmentFile=-/etc/default/docker
+EnvironmentFile=-/etc/sysconfig/docker
+EnvironmentFile=-/etc/sysconfig/docker-network
+EnvironmentFile=-/etc/sysconfig/docker-storage
+{% elif ansible_os_family == "Debian" %}
+EnvironmentFile=-/etc/default/docker
+{% endif %}
+Environment=GOTRACEBACK=crash
+ExecReload=/bin/kill -s HUP $MAINPID
+Delegate=yes
+KillMode=process
+ExecStart=/usr/bin/docker daemon \
+          $OPTIONS \
+          $DOCKER_STORAGE_OPTIONS \
+          $DOCKER_NETWORK_OPTIONS \
+          $INSECURE_REGISTRY \
+          $DOCKER_OPTS
+TasksMax=infinity
+LimitNOFILE=1048576
+LimitNPROC=1048576
+LimitCORE=infinity
+TimeoutStartSec=1min
+Restart=on-abnormal
+
+[Install]
+WantedBy=multi-user.target

roles/container_engine/meta/main.yml

@@ -0,0 +1,6 @@
+---
+dependencies:
+ - role: container_engine/rkt
+   when: kube_container_engine == 'rkt'
+ - role: container_engine/docker
+   when: kube_container_engine == 'docker'

roles/container_engine/rkt/defaults/main.yml

@@ -0,0 +1,5 @@
+---
+rkt_version: v1.17.0
+rkt_bin_dir: "{{ local_release_dir }}/rkt/rkt-{{ rkt_version }}/"
+rkt_stage1_dir: "/usr/lib/rkt/stage1-images"
+rkt_netconfig_dir: "/etc/rkt/net.d"

roles/container_engine/rkt/meta/main.yml

@@ -0,0 +1,8 @@
+---
+dependencies:
+  - role: adduser
+    user: "{{ addusers.rkt }}"
+    when: ansible_os_family != 'CoreOS'
+
+  - role: download
+    file: "{{ downloads.rkt }}"

roles/container_engine/rkt/tasks/main.yml

@@ -0,0 +1,48 @@
+---
+- name: Copy rkt binary from downloaddir
+  command: rsync -piu "{{ rkt_bin_dir }}/rkt" "{{ bin_dir }}/rkt"
+  changed_when: false
+
+- name: Create rkt stage1 image directory
+  file:
+    path: "{{ rkt_stage1_dir }}"
+    state: directory
+    owner: rkt
+    recurse: yes
+
+- name: Copy rkt stage1 images from downloaddir
+  command: rsync -piu "{{ rkt_bin_dir }}/stage1-{{ item }}.aci" "{{ rkt_stage1_dir }}"
+  changed_when: false
+  with_items:
+    - coreos
+    - fly
+    - kvm
+
+- name: Copy rkt manpages from downloaddir
+  command: rsync -piu "{{ rkt_bin_dir }}/manpages" "/usr/share/man/man1"
+  changed_when: false
+
+- name: Copy systemd units from downloaddir
+  command: rsync -piu "{{ rkt_bin_dir }}/init/systemd/{{ item }}" "/usr/lib/systemd/system"
+  changed_when: false
+  with_items:
+    - rkt-gc.service
+    - rkt-gc.timer
+    - rkt-metadata.socket
+    - rkt-metadata.service
+
+- name: Create rkt network config directory
+  file:
+    path: "{{ rkt_netconfig_dir }}"
+    state: directory
+    owner: root
+    recurse: yes
+
+- name: Trust CoreOS images repository
+  command: rkt trust --prefix quay.io/coreos --skip-fingerprint-review
+  changed_when: false
+
+- name: Configure flannel network plugin for rkt
+  template:
+    src: flannel_cni.conf
+    dest: "{{ rkt_netconfig_dir }}"

roles/container_engine/rkt/templates/flannel_cni.conf

@@ -0,0 +1,7 @@
+{
+    "name": "rkt.kubernetes.io",
+    "type": "flannel",
+    "delegate": {
+        "isDefaultGateway": true
+    }
+}

roles/download/defaults/main.yml

@@ -16,8 +16,10 @@ weave_version: v1.6.1
 flannel_version: v0.6.2
 flannel_server_helper_version: 0.1
 pod_infra_version: 3.0
+rkt_version: v1.17.0
 
 # Download URL's
+rkt_download_url: "https://github.com/coreos/rkt/releases/download/{{rkt_version}}/rkt-{{rkt_version}}.tar.gz"
 etcd_download_url: "https://storage.googleapis.com/kargo/{{etcd_version}}_etcd"
 calico_cni_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin"
 calico_cni_ipam_download_url: "https://storage.googleapis.com/kargo/{{calico_cni_version}}_calico-cni-plugin-ipam"
@@ -31,7 +33,7 @@ etcd_checksum: "385afd518f93e3005510b7aaa04d38ee4a39f06f5152cd33bb86d4f0c94c7485
 
 # Containers
 # Possible values: host, docker
-etcd_deployment_type: "docker"
+etcd_deployment_type: "container"
 etcd_image_repo: "quay.io/coreos/etcd"
 etcd_image_tag: "{{ etcd_version }}"
 flannel_server_helper_image_repo: "gcr.io/google_containers/flannel-server-helper"
@@ -50,6 +52,7 @@ hyperkube_image_repo: "quay.io/coreos/hyperkube"
 hyperkube_image_tag: "{{ kube_version }}_coreos.0"
 pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
 pod_infra_image_tag: "{{ pod_infra_version }}"
+rkt_checksum: "285b4f18bf7ec3f80b42dd506a86fe367b6e7068d014d5187621c5c4ab168b89"
 
 downloads:
   calico_cni_plugin:
@@ -79,6 +82,15 @@ downloads:
     owner: "root"
     mode: "0755"
     enabled: "{{ kube_network_plugin == 'weave' }}"
+  rkt:
+    version: "{{rkt_version}}"
+    dest: "rkt/rkt-{{ rkt_version }}.tar.gz"
+    sha256: "{{ rkt_checksum }}"
+    source_url: "{{ rkt_download_url }}"
+    url: "{{ rkt_download_url }}"
+    unarchive: true
+    owner: "root"
+    mode: "0750"
   etcd:
     version: "{{etcd_version}}"
     dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
@@ -88,7 +100,7 @@ downloads:
     unarchive: true
     owner: "etcd"
     mode: "0755"
-    container: "{{ etcd_deployment_type == 'docker' }}"
+    container: "{{ etcd_deployment_type == 'container' }}"
     repo: "{{ etcd_image_repo }}"
     tag: "{{ etcd_image_tag }}"
   hyperkube:

roles/download/tasks/main.yml

@@ -54,7 +54,7 @@
   until: pull_task_result.rc == 0
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
-  when: "{{ download.enabled|bool and download.container|bool }}"
+  when: "{{ download.enabled|bool and download.container|bool and kube_container_engine == 'docker' }}"
   delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else inventory_hostname }}"
   run_once: "{{ download_run_once|bool }}"
 
@@ -68,7 +68,7 @@
 - name: "Update the 'container_changed' fact"
   set_fact:
     container_changed: "{{ not 'up to date' in pull_task_result.stdout }}"
-  when: "{{ download.enabled|bool and download.container|bool }}"
+  when: "{{ download.enabled|bool and download.container|bool and kube_container_engine == 'docker' }}"
   delegate_to: "{{ groups['kube-master'][0] if download_run_once|bool else inventory_hostname }}"
   run_once: "{{ download_run_once|bool }}"
 
@@ -76,7 +76,7 @@
   shell: docker save "{{ download.repo }}:{{ download.tag }}" > "{{ fname }}"
   delegate_to: "{{groups['kube-master'][0]}}"
   run_once: true
-  when: ansible_os_family != "CoreOS" and download_run_once|bool and download.enabled|bool and download.container|bool and container_changed|bool
+  when: ansible_os_family != "CoreOS" and download_run_once|bool and download.enabled|bool and download.container|bool and container_changed|bool and kube_container_engine == 'docker'
 
 - name: Download | get container images
   synchronize:
@@ -87,8 +87,12 @@
   until: get_task|success
   retries: 4
   delay: "{{ retry_stagger | random + 3 }}"
-  when: ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] and download_run_once|bool and download.enabled|bool and download.container|bool and container_changed|bool
+  when: ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] 
+    and download_run_once|bool and download.enabled|bool and download.container|bool
+    and container_changed|bool and kube_container_engine == 'docker'
 
 - name: Download | load container images
   shell: docker load < "{{ fname }}"
-  when: ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] and download_run_once|bool and download.enabled|bool and download.container|bool and container_changed|bool
+  when: ansible_os_family != "CoreOS" and inventory_hostname != groups['kube-master'][0] 
+    and download_run_once|bool and download.enabled|bool and download.container|bool
+    and container_changed|bool and kube_container_engine == 'docker'

roles/etcd/meta/main.yml

@@ -3,7 +3,12 @@ dependencies:
   - role: adduser
     user: "{{ addusers.etcd }}"
     when: ansible_os_family != 'CoreOS'
-  - role: docker
-    when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "docker" or inventory_hostname in groups['k8s-cluster'])
+    
+  - role: container_engine
+    when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "container" or inventory_hostname in groups['k8s-cluster'])
+
   - role: download
     file: "{{ downloads.etcd }}"
+    
+  - role: container_engine
+    when: (ansible_os_family != "CoreOS" and etcd_deployment_type == "container")

roles/etcd/tasks/configure.yml

@@ -6,6 +6,11 @@
   changed_when: false
   when: is_etcd_master
 
+- name: Configure | Set container engine deployment type
+  set_fact:
+    etcd_deployment_type: "{{ kube_container_engine }}"
+  when: etcd_deployment_type == "container"
+
 - name: Configure | Add member to the cluster if it is not there
   when: is_etcd_master and etcd_member_in_cluster.rc != 0 and etcd_cluster_is_healthy.rc == 0
   shell: "{{ bin_dir }}/etcdctl --peers={{ etcd_access_addresses }} member add {{ etcd_member_name }} {{ etcd_peer_url }}"

roles/etcd/tasks/install.yml

@@ -11,12 +11,24 @@
   changed_when: false
 
 #Plan A: no docker-py deps
-- name: Install | Copy etcdctl binary from container
+- name: Install | Copy etcdctl binary from docker container
   command: sh -c "/usr/bin/docker rm -f etcdctl-binarycopy;
            /usr/bin/docker create --name etcdctl-binarycopy {{ etcd_image_repo }}:{{ etcd_image_tag }} &&
-           /usr/bin/docker cp etcdctl-binarycopy:{{ etcd_container_bin_dir }}etcdctl {{ bin_dir }}/etcdctl &&
+           /usr/bin/docker cp etcdctl-binarycopy:{{ etcd_container_bin_dir }}/etcdctl {{ bin_dir }}/etcdctl &&
            /usr/bin/docker rm -f etcdctl-binarycopy"
-  when: etcd_deployment_type == "docker"
+  when: etcd_deployment_type == "container" and kube_container_engine == "docker"
+  register: etcd_task_result
+  until: etcd_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+
+- name: Install | Copy etcdctl binary from rkt container
+  command: sh -c "{{ bin_dir }}/rkt run {{ etcd_image_repo }}:{{ etcd_image_tag }}
+           --insecure-options=image --volume bindir,kind=host,source={{ bin_dir }} --mount volume=bindir,target=/etcd
+           --exec cp -- {{ etcd_container_bin_dir }}/etcdctl /etcd &&
+           {{ bin_dir }}/rkt gc --grace-period=0"
+  when: etcd_deployment_type == "container" and kube_container_engine == "rkt"
   register: etcd_task_result
   until: etcd_task_result.rc == 0
   retries: 4
@@ -29,15 +41,15 @@
 #    name: etcd-binarycopy
 #    state: present
 #    image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-#  when: etcd_deployment_type == "docker"
+#  when: etcd_deployment_type == "container"
 #
 #- name: Install | Copy etcdctl from etcd-binarycopy container
 #  command: /usr/bin/docker cp "etcd-binarycopy:{{ etcd_container_bin_dir }}etcdctl" "{{ bin_dir }}/etcdctl"
-#  when: etcd_deployment_type == "docker"
+#  when: etcd_deployment_type == "container"
 #
 #- name: Install | Clean up etcd-binarycopy container
 #  docker:
 #    name: etcd-binarycopy
 #    state: absent
 #    image: "{{ etcd_image_repo }}:{{ etcd_image_tag }}"
-#  when: etcd_deployment_type == "docker"
+#  when: etcd_deployment_type == "container"

roles/etcd/tasks/pre_upgrade.yml

@@ -1,12 +1,12 @@
 - name: "Pre-upgrade | check for etcd-proxy unit file"
   stat:
     path: /etc/systemd/system/etcd-proxy.service
-  register: kube_apiserver_service_file
+  register: etcd_proxy_service_file
 
 - name: "Pre-upgrade | check for etcd-proxy init script"
   stat:
     path: /etc/init.d/etcd-proxy
-  register: kube_apiserver_init_script
+  register: etcd_proxy_init_script
 
 - name: "Pre-upgrade | stop etcd-proxy if service defined"
   service:
@@ -23,12 +23,16 @@
     - /etc/systemd/system/etcd-proxy.service
     - /etc/init.d/etcd-proxy
 
-- name: "Pre-upgrade | find etcd-proxy container"
-  command: docker ps -aq --filter "name=etcd-proxy*"
-  register: etcd_proxy_container
+# TODO: Smana
+#- name: "Pre-upgrade | stop etcd-proxy service"
+#  systemd:
+#    name: etcd-proxy
+#    state: stopped
+#  register: etcd_proxy_status
+
+#- debug: msg={{etcd_proxy_status}}
+
+- name: "Pre-upgrade | remove etcd-proxy container if it exists"
+  command: docker rm -f etcd-proxy
   ignore_errors: true
-
-- name: "Pre-upgrade | remove etcd-proxy if it exists"
-  command: "docker rm -f {{item}}"
-  with_items: "{{etcd_proxy_container.stdout_lines}}"
-
+  when: "{{ kube_container_engine == 'docker' }}"

roles/etcd/templates/etcd-proxy-rkt.service.j2

@@ -0,0 +1,20 @@
+[Unit]
+Description=etcd-proxy rkt wrapper
+Documentation=http://kargo.kubespray.io
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart={{ bin_dir }}/rkt run {{ etcd_image_repo }}:{{ etcd_image_tag }} \
+--set-env-file=/etc/etcd-proxy.env \
+--net=host \
+--volume=certs,kind=host,source=/usr/share/ca-certificates/,readOnly=true \
+--mount=volume=certs,target=/etc/ssl/certs \
+--exec {{ etcd_container_bin_dir }}/etcd
+ExecStopPost={{ bin_dir }}/rkt gc --mark-only
+KillMode=mixed
+Restart=always
+RestartSec=15s
+
+[Install]
+WantedBy=multi-user.target

roles/etcd/templates/etcd-rkt.service.j2

@@ -0,0 +1,20 @@
+[Unit]
+Description=etcd rkt wrapper
+Documentation=http://kargo.kubespray.io
+Requires=network-online.target
+After=network-online.target
+
+[Service]
+ExecStart={{ bin_dir }}/rkt run {{ etcd_image_repo }}:{{ etcd_image_tag }} \
+--set-env-file=/etc/etcd.env \
+--net=host \
+--volume=certs,kind=host,source=/usr/share/ca-certificates/,readOnly=true \
+--mount=volume=certs,target=/etc/ssl/certs \
+--exec {{ etcd_container_bin_dir }}/etcd
+ExecStopPost={{ bin_dir }}/rkt gc --mark-only
+KillMode=mixed
+Restart=always
+RestartSec=15s
+
+[Install]
+WantedBy=multi-user.target

roles/kubernetes/master/tasks/main.yml

@@ -7,8 +7,21 @@
     dest: /etc/bash_completion.d/kubectl.sh
   when: ansible_os_family in ["Debian","RedHat"]
 
-- name: Copy kubectl from hyperkube container
+- name: Copy kubectl from hyperkube container (docker)
   command: "/usr/bin/docker run --rm -v {{ bin_dir }}:/systembindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /bin/cp /hyperkube /systembindir/kubectl"
+  when: kube_container_engine == "docker"
+  register: kube_task_result
+  until: kube_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+
+- name: Copy kubectl from hyperkube container (rkt)
+  command: sh -c "{{ bin_dir }}/rkt run --insecure-options=image {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+           --volume bindir,kind=host,source={{ bin_dir }} --mount volume=bindir,target=/systembindir
+           --exec cp -- /hyperkube /systembindir/kubectl &&
+           {{ bin_dir }}/rkt gc --grace-period=0"
+  when: kube_container_engine == "rkt"
   register: kube_task_result
   until: kube_task_result.rc == 0
   retries: 4

roles/kubernetes/node/templates/kubelet.j2

@@ -31,6 +31,9 @@ KUBELET_NETWORK_PLUGIN="--network-plugin=cni --network-plugin-dir=/etc/cni/net.d
 {% elif kube_network_plugin is defined and kube_network_plugin == "weave" %}
 DOCKER_SOCKET="--docker-endpoint=unix:/var/run/weave/weave.sock"
 {% endif %}
+{% if kube_container_engine == "rkt" %}
+RKT_OPTS="--container-runtime=rkt --rkt-path={{ bin_dir }}/rkt"
+{% endif %}
 # Should this cluster be allowed to run privileged docker containers
 KUBE_ALLOW_PRIV="--allow-privileged=true"
 {% if cloud_provider is defined and cloud_provider == "openstack" %}
@@ -42,6 +45,6 @@ KUBELET_CLOUDPROVIDER=""
 {% endif %}
 {% if ansible_service_mgr in ["sysvinit","upstart"] %}
 DAEMON_ARGS="$KUBE_LOGGING $KUBE_LOG_LEVEL $KUBE_ALLOW_PRIV $KUBELET_API_SERVER $KUBELET_ADDRESS \
-$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
+$KUBELET_HOSTNAME $KUBELET_REGISTER_NODE $KUBELET_ARGS $DOCKER_SOCKET $RKT_OPTS $KUBELET_ARGS $KUBELET_NETWORK_PLUGIN \
 $KUBELET_CLOUDPROVIDER"
 {% endif %}

roles/kubernetes/node/templates/kubelet.service.j2

@@ -20,6 +20,7 @@ ExecStart={{ bin_dir }}/kubelet \
 		$KUBELET_HOSTNAME \
 		$KUBE_ALLOW_PRIV \
 		$KUBELET_ARGS \
+		$RKT_OPTS \
 		$DOCKER_SOCKET \
 		$KUBELET_REGISTER_NODE \
 		$KUBELET_NETWORK_PLUGIN \

roles/network_plugin/calico/tasks/main.yml

@@ -40,8 +40,21 @@
   changed_when: false
   notify: restart calico-node
 
-- name: Calico | Copy cni plugins from hyperkube
+- name: Calico | Copy cni plugins from hyperkube (docker)
   command: "/usr/bin/docker run --rm -v /opt/cni/bin:/cnibindir {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }} /usr/bin/rsync -a /opt/cni/bin/ /cnibindir/"
+  when: kube_container_engine == "docker"
+  register: cni_task_result
+  until: cni_task_result.rc == 0
+  retries: 4
+  delay: "{{ retry_stagger | random + 3 }}"
+  changed_when: false
+
+- name: Calico | Copy cni plugins from hyperkube (rkt)
+  command: sh -c "{{ bin_dir }}/rkt run {{ hyperkube_image_repo }}:{{ hyperkube_image_tag }}
+           --volume cnibindir,kind=host,source={{ bin_dir }} --mount volume=cnibindir,target=/cnibindir
+           --exec /usr/bin/rsync -- -a /opt/cni/bin /cnibindir &&
+           {{ bin_dir }}/rkt gc --grace-period=0"
+  when: kube_container_engine == "rkt"
   register: cni_task_result
   until: cni_task_result.rc == 0
   retries: 4

roles/network_plugin/calico/templates/calico-node.service.j2

@@ -8,17 +8,33 @@ Wants=docker.socket
 User=root
 PermissionsStartOnly=true
 {% if legacy_calicoctl %}
-{% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
-ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --detach=false --node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
+  {%- if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
+ExecStart={{ bin_dir }}/calicoctl node \
+    {%- if kube_container_engine == 'rkt' %}
+--runtime=rkt \
+    {%- endif %}
+--ip={{ip | default(ansible_default_ipv4.address) }} \
+--as={{ local_as }} \
+--detach=false \
+--node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
   {% else %}
-ExecStart={{ bin_dir }}/calicoctl node --ip={{ip | default(ansible_default_ipv4.address) }} --detach=false --node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
-{% endif %}
-{% else %}
-{% if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
-ExecStart={{ bin_dir }}/calicoctl node run --ip={{ip | default(ansible_default_ipv4.address) }} --as={{ local_as }} --node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
+ExecStart={{ bin_dir }}/calicoctl node \
+    {%- if kube_container_engine == 'rkt' %}
+--runtime=rkt \
+    {%- endif %}
+--ip={{ip | default(ansible_default_ipv4.address) }} \
+--detach=false \
+--node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
+  {%- endif %}
 {% else %}
+  {%- if inventory_hostname in groups['kube-node'] and peer_with_router|default(false)%}
+ExecStart={{ bin_dir }}/calicoctl node run \
+--ip={{ip | default(ansible_default_ipv4.address) }} \
+--as={{ local_as }} \
+--node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
+  {%- else %}
 ExecStart={{ bin_dir }}/calicoctl node run --ip={{ip | default(ansible_default_ipv4.address) }} --node-image={{ calico_node_image_repo }}:{{ calico_node_image_tag }}
-{% endif %}
+  {%- endif %}
 {% endif %}
 Restart=always
 RestartSec=10s

roles/network_plugin/calico/templates/calicoctl-container.j2

@@ -1,4 +1,5 @@
 #!/bin/bash
+{% if kube_container_engine == "docker" %}
 /usr/bin/docker run -i --privileged --rm \
 --net=host --pid=host \
 -e ETCD_ENDPOINTS={{ etcd_access_endpoint }} \
@@ -11,3 +12,6 @@
 -v /etc/calico/certs:/etc/calico/certs:ro \
 {{ calicoctl_image_repo }}:{{ calicoctl_image_tag}} \
 $@
+{% elif kube_container_engine == "rkt" %}
+@TODO-RKT
+{% endif %}

roles/uploads/defaults/main.yml

@@ -8,18 +8,21 @@ etcd_version: v3.0.6
 calico_version: v0.23.0
 calico_cni_version: v1.4.2
 weave_version: v1.6.1
+rkt_version: v1.17.0
 
 # Download URL's
 etcd_download_url: "https://github.com/coreos/etcd/releases/download/{{ etcd_version }}/etcd-{{ etcd_version }}-linux-amd64.tar.gz"
 calico_cni_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico"
 calico_cni_ipam_download_url: "https://github.com/projectcalico/calico-cni/releases/download/{{calico_cni_version}}/calico-ipam"
 weave_download_url: "https://github.com/weaveworks/weave/releases/download/{{weave_version}}/weave"
+rkt_download_url: "https://github.com/coreos/rkt/releases/download/{{ rkt_version }}/rkt-{{ rkt_version }}.tar.gz"
 
 # Checksums
 calico_cni_checksum: "9cab29764681e9d80da826e4b2cd10841cc01a749e0018867d96dd76a4691548"
 calico_cni_ipam_checksum: "09d076b15b791956efee91646e47fdfdcf382db16082cef4f542a9fff7bae172"
 weave_checksum: "9bf9d6e5a839e7bcbb28cc00c7acae9d09284faa3e7a3720ca9c2b9e93c68580"
 etcd_checksum: "385afd518f93e3005510b7aaa04d38ee4a39f06f5152cd33bb86d4f0c94c7485"
+rkt_checksum: "285b4f18bf7ec3f80b42dd506a86fe367b6e7068d014d5187621c5c4ab168b89"
 
 downloads:
   - name: calico-cni-plugin
@@ -49,6 +52,16 @@ downloads:
     owner: "root"
     mode: "0755"
 
+  - name: rkt
+    version: "{{rkt_version}}"
+    dest: "rkt/rkt-{{ rkt_version }}.tar.gz"
+    sha256: "{{ rkt_checksum }}"
+    source_url: "{{ rkt_download_url }}"
+    url: "{{ rkt_download_url }}"
+    unarchive: true
+    owner: "root"
+    mode: "0750"
+
   - name: etcd
     version: "{{etcd_version}}"
     dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"