Remove rkt support (#4671)

.gitlab-ci/gce.yml

@@ -256,13 +256,6 @@ gce_coreos-kube-router:
   except: ['triggers']
   only: ['master', /^pr-.*$/]
 
-gce_ubuntu-rkt-sep:
-  stage: deploy-gce
-  <<: *gce
-  when: manual
-  except: ['triggers']
-  only: ['master', /^pr-.*$/]
-
 gce_ubuntu-kube-router-sep:
   stage: deploy-special
   <<: *gce

.gitlab-ci/packet.yml

@@ -115,13 +115,6 @@ packet_opensuse-canal:
   except: ['triggers']
   only: ['master', /^pr-.*$/]
 
-packet_ubuntu-rkt-sep:
-  stage: deploy-part2
-  <<: *packet
-  when: manual
-  except: ['triggers']
-  only: ['master', /^pr-.*$/]
-
 packet_ubuntu-kube-router-sep:
   stage: deploy-special
   <<: *packet

README.md

@@ -111,7 +111,6 @@ Supported Components
     -   [kubernetes](https://github.com/kubernetes/kubernetes) v1.14.1
     -   [etcd](https://github.com/coreos/etcd) v3.2.26
     -   [docker](https://www.docker.com/) v18.06 (see note)
-    -   [rkt](https://github.com/rkt/rkt) v1.21.0 (see Note 2)
     -   [cri-o](http://cri-o.io/) v1.11.5 (experimental: see [CRI-O Note](docs/cri-o.md). Only on centos based OS)
 -   Network Plugin
     -   [calico](https://github.com/projectcalico/calico) v3.4.0
@@ -131,11 +130,6 @@ Supported Components
 
 Note: The list of validated [docker versions](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG-1.13.md) was updated to 1.11.1, 1.12.1, 1.13.1, 17.03, 17.06, 17.09, 18.06. kubeadm now properly recognizes Docker 18.09.0 and newer, but still treats 18.06 as the default supported version. The kubelet might break on docker's non-standard version numbering (it no longer uses semantic versioning). To ensure auto-updates don't break your cluster look into e.g. yum versionlock plugin or apt pin).
 
-Note 2: rkt support as docker alternative is limited to control plane (etcd and
-kubelet). Docker is still used for Kubernetes cluster workloads and network
-plugins' related OS services. Also note, only one of the supported network
-plugins can be deployed for a given single cluster.
-
 Requirements
 ------------
 

contrib/vault/roles/vault/tasks/shared/check_vault.yml

 ---
 # Stop temporary Vault if it's running (can linger if playbook fails out)
 - name: stop vault-temp container
-  shell: docker stop {{ vault_temp_container_name }} || rkt stop {{ vault_temp_container_name }}
+  shell: docker stop {{ vault_temp_container_name }}
   failed_when: false
   register: vault_temp_stop
   changed_when: vault_temp_stop is succeeded

contrib/vault/roles/vault/templates/rkt.service.j2

-[Unit]
-Description=hashicorp vault on rkt
-Documentation=https://github.com/hashicorp/vault
-Wants=network.target
-
-[Service]
-User=root
-Restart=on-failure
-RestartSec=10s
-TimeoutStartSec=5
-LimitNOFILE=40000
-# Container has the following internal mount points:
-#   /vault/file/    # File backend storage location
-#   /vault/logs/    # Log files
-ExecStartPre=-/usr/bin/rkt rm --uuid-file=/var/run/vault.uuid
-
-ExecStart=/usr/bin/rkt run \
-        --insecure-options=image \
-        --volume hosts,kind=host,source=/etc/hosts,readOnly=true \
-        --mount volume=hosts,target=/etc/hosts \
-        --volume=volume-vault-file,kind=host,source=/var/lib/vault \
-        --volume=volume-vault-logs,kind=host,source={{ vault_log_dir }} \
-        --volume=vault-cert-dir,kind=host,source={{ vault_cert_dir }} \
-        --mount=volume=vault-cert-dir,target={{ vault_cert_dir }} \
-        --volume=vault-conf-dir,kind=host,source={{ vault_config_dir }} \
-        --mount=volume=vault-conf-dir,target={{ vault_config_dir }} \
-        --volume=vault-secrets-dir,kind=host,source={{ vault_secrets_dir }} \
-        --mount=volume=vault-secrets-dir,target={{ vault_secrets_dir }} \
-        --volume=vault-roles-dir,kind=host,source={{ vault_roles_dir }} \
-        --mount=volume=vault-roles-dir,target={{ vault_roles_dir }} \
-        --volume=etcd-cert-dir,kind=host,source={{ etcd_cert_dir }} \
-        --mount=volume=etcd-cert-dir,target={{ etcd_cert_dir }} \
-        docker://{{ vault_image_repo }}:{{ vault_image_tag }} \
-        --uuid-file-save=/var/run/vault.uuid \
-        --name={{ vault_container_name }} \
-        --net=host \
-        --caps-retain=CAP_IPC_LOCK \
-        --exec vault -- \
-                server \
-                --config={{ vault_config_dir }}/config.json
-
-ExecStop=-/usr/bin/rkt stop --uuid-file=/var/run/vault.uuid
-
-[Install]
-WantedBy=multi-user.target

contrib/vault/vault.md

@@ -93,6 +93,6 @@ Potential Work
 - Change the Vault role to not run certain tasks when ``root_token`` and
   ``unseal_keys`` are not present. Alternatively, allow user input for these
   values when missing.
-- Add the ability to start temp Vault with Host, Rkt, or Docker
+- Add the ability to start temp Vault with Host or Docker
 - Add a dynamic way to change out the backend role creation during Bootstrap,
   so other services can be used (such as Consul)

docs/ansible.md

@@ -70,7 +70,7 @@ The group variables to control main deployment options are located in the direct
 Optional variables are located in the `inventory/sample/group_vars/all.yml`.
 Mandatory variables that are common for at least one role (or a node group) can be found in the
 `inventory/sample/group_vars/k8s-cluster.yml`.
-There are also role vars for docker, rkt, kubernetes preinstall and master roles.
+There are also role vars for docker, kubernetes preinstall and master roles.
 According to the [ansible docs](http://docs.ansible.com/ansible/playbooks_variables.html#variable-precedence-where-should-i-put-a-variable),
 those cannot be overridden from the group vars. In order to override, one should use
 the `-e ` runtime flags (most simple way) or other layers described in the docs.

docs/roadmap.md

@@ -2,7 +2,7 @@ Kubespray's roadmap
 =================
 
 ### Self deployment (pull-mode) [#320](https://github.com/kubespray/kubespray/issues/320)
-- the playbook would install and configure docker/rkt and the etcd cluster
+- the playbook would install and configure docker and the etcd cluster
 - the following data would be inserted into etcd: certs,tokens,users,inventory,group_vars.
 - a "kubespray" container would be deployed (kubespray-cli, ansible-playbook)
 - to be discussed, a way to provide the inventory

docs/vars.md

@@ -102,7 +102,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
   proxy. Note that no_proxy defaults to all internal cluster IPs and hostnames
   that correspond to each node.
 * *kubelet_deployment_type* - Controls which platform to deploy kubelet on.
-  Available options are ``host``, ``rkt``, and ``docker``. ``docker`` mode
+  Available options are ``host`` and ``docker``. ``docker`` mode
   is unlikely to work on newer releases. Starting with Kubernetes v1.7
   series, this now defaults to ``host``. Before v1.7, the default was Docker.
   This is because of cgroup [issues](https://github.com/kubernetes/kubernetes/issues/43704).
@@ -113,7 +113,7 @@ Stack](https://github.com/kubernetes-sigs/kubespray/blob/master/docs/dns-stack.m
 * *kubelet_cgroup_driver* - Allows manual override of the
   cgroup-driver option for Kubelet. By default autodetection is used
   to match Docker configuration.
-* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates 
+* *kubelet_rotate_certificates* - Auto rotate the kubelet client certificates by requesting new certificates
   from the kube-apiserver when the certificate expiration approaches.
 * *node_labels* - Labels applied to nodes via kubelet --node-labels parameter.
   For example, labels can be set in the inventory as variables or more widely in group_vars.

roles/container-engine/meta/main.yml

@@ -7,17 +7,9 @@ dependencies:
       - container-engine
       - crio
 
-  - role: container-engine/rkt
-    when:
-      - container_manager == 'rkt'
-    tags:
-      - container-engine
-      - rkt
-
   - role: container-engine/docker
     when:
-      - container_manager == 'docker' or container_manager == "rkt"
+      - container_manager == 'docker'
     tags:
       - container-engine
       - docker
-      - rkt

roles/container-engine/rkt/defaults/main.yml

----
-
-rkt_version: 1.21.0
-rkt_pkg_version: "{{ rkt_version }}-1"
-rkt_download_src: https://github.com/coreos/rkt
-rkt_download_url: "{{ rkt_download_src }}/releases/download/v{{ rkt_version }}"

roles/container-engine/rkt/files/rkt-gc.sh

-#!/bin/bash
-rkt gc

roles/container-engine/rkt/tasks/install.yml

----
-- name: gather os specific variables for rkt
-  include_vars: "{{ item }}"
-  with_first_found:
-    - files:
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_release }}.yml"
-        - "{{ ansible_distribution|lower }}-{{ ansible_distribution_major_version|lower|replace('/', '_') }}.yml"
-        - "{{ ansible_distribution|lower }}.yml"
-        - "{{ ansible_os_family|lower }}.yml"
-        - defaults.yml
-      paths:
-        - ../vars
-      skip: true
-  tags:
-    - facts
-
-- name: install rkt pkg on ubuntu
-  apt:
-    deb: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
-    state: present
-  register: rkt_task_result
-  until: rkt_task_result is succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when: ansible_os_family == "Debian"
-
-- name: install rkt pkg on fedora
-  dnf:
-    name: rkt
-    state: present
-  when: ansible_distribution == "Fedora"
-
-- name: install rkt pkg on centos
-  yum:
-    pkg: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
-    state: present
-  register: rkt_task_result
-  until: rkt_task_result is succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when:
-    - ansible_os_family == "RedHat"
-    - ansible_distribution != "Fedora"
-
-- name: install rkt pkg on openSUSE
-  zypper:
-    name: "{{ rkt_download_url }}/{{ rkt_pkg_name }}"
-    state: present
-  register: rkt_task_result
-  until: rkt_task_result is succeeded
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  when: ansible_os_family == "Suse"

roles/container-engine/rkt/tasks/main.yml

----
-- name: Install rkt
-  import_tasks: install.yml
-  when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]
-
-- name: Set up cron job to do garbage cleanup
-  copy:
-    src: rkt-gc.sh
-    dest: /etc/cron.hourly/rkt-gc.sh
-    owner: root
-    group: root
-    mode: 0750
-  when: not ansible_os_family in ["CoreOS", "Container Linux by CoreOS"]

roles/container-engine/rkt/vars/debian.yml

----
-rkt_pkg_name: "rkt_{{ rkt_pkg_version }}_amd64.deb"

roles/container-engine/rkt/vars/fedora.yml

----
-rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

roles/container-engine/rkt/vars/redhat.yml

----
-rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

roles/container-engine/rkt/vars/suse.yml

----
-rkt_pkg_name: "rkt-{{ rkt_pkg_version }}.x86_64.rpm"

roles/download/templates/kubeadm-images.yaml.j2

@@ -8,8 +8,6 @@ kind: InitConfiguration
 nodeRegistration:
 {% if container_manager == 'crio' %}
   criSocket: /var/run/crio/crio.sock
-{% elif container_manager == 'rkt' %}
-  criSocket: /var/run/rkt.sock
 {% else %}
   criSocket: /var/run/dockershim.sock
 {% endif %}
@@ -41,8 +39,6 @@ etcd:
 nodeRegistration:
 {% if container_manager == 'crio' %}
   criSocket: /var/run/crio/crio.sock
-{% elif container_manager == 'rkt' %}
-  criSocket: /var/run/rkt.sock
 {% else %}
   criSocket: /var/run/dockershim.sock
 {% endif %}

roles/etcd/tasks/install_rkt.yml

----
-- name: Trust etcd container
-  command: >-
-    /usr/bin/rkt trust
-    --skip-fingerprint-review
-    --root
-    https://quay.io/aci-signing-key
-  register: etcd_rkt_trust_result
-  until: etcd_rkt_trust_result.rc == 0
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  changed_when: false
-  environment: "{{proxy_env}}"
-  when: etcd_cluster_setup
-
-- name: Install | Copy etcdctl binary from rkt container
-  command: >-
-    /usr/bin/rkt run
-    --volume=bin-dir,kind=host,source={{ bin_dir}},readOnly=false
-    --mount=volume=bin-dir,target=/host/bin
-    {{ etcd_image_repo }}:{{ etcd_image_tag }}
-    --name=etcdctl-binarycopy
-    --exec=/bin/cp -- /usr/local/bin/etcdctl /host/bin/etcdctl
-  register: etcd_task_result
-  until: etcd_task_result.rc == 0
-  retries: 4
-  delay: "{{ retry_stagger | random + 3 }}"
-  changed_when: false
-  environment: "{{proxy_env}}"
-  when: etcd_cluster_setup