Drop app-emulation/rkt and app-admin/kubelet-wrapper

The rkt container runtime is deprecated and not used anymore except for the kubelet-wrapper script. This script can't be ported to Docker because it is used by the user with rkt-specific arguments and it is only a wrapper around the deprecated hyperkube images (and has been broken for the last K8s releases). The recommended way is to run the kubelet binary directly on the host.
2025-10-02 19:11:20 +02:00 · 2021-04-21 18:03:11 +02:00 · 2021-04-21 18:03:11 +02:00 · 407c665d51
commit 407c665d51
parent d20a30d6c8
10 changed files with 0 additions and 300 deletions
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/files/kubelet-wrapper
@ -1,91 +0,0 @@
 #!/bin/bash
 # Wrapper for launching kubelet via rkt-fly.
 #
 # Make sure to set KUBELET_IMAGE_TAG to an image tag published here:
 # https://quay.io/repository/coreos/hyperkube?tab=tags Alternatively,
 # override KUBELET_IMAGE to a custom image.
 set -e
 function require_ev_all() {
 	for rev in $@ ; do
 		if [[ -z "${!rev}" ]]; then
 			echo "${rev}" is not set
 			exit 1
 		fi
 	done
 }
 function require_ev_one() {
 	for rev in $@ ; do
 		if [[ ! -z "${!rev}" ]]; then
 			return
 		fi
 	done
 	echo One of $@ must be set
 	exit 1
 }
 if [[ -n "${KUBELET_VERSION}" ]]; then
 	echo KUBELET_VERSION environment variable is deprecated, please use KUBELET_IMAGE_TAG instead
 fi
 if [[ -n "${KUBELET_ACI}" ]]; then
 	echo KUBELET_ACI environment variable is deprecated, please use the KUBELET_IMAGE_URL instead
 fi
 if [[ -n "${RKT_OPTS}" ]]; then
 	echo RKT_OPTS environment variable is deprecated, please use the RKT_RUN_ARGS instead
 fi
 KUBELET_IMAGE_TAG="${KUBELET_IMAGE_TAG:-${KUBELET_VERSION}}"
 require_ev_one KUBELET_IMAGE KUBELET_IMAGE_TAG
 KUBELET_IMAGE_URL="${KUBELET_IMAGE_URL:-${KUBELET_ACI:-docker://quay.io/coreos/hyperkube}}"
 KUBELET_IMAGE="${KUBELET_IMAGE:-${KUBELET_IMAGE_URL}:${KUBELET_IMAGE_TAG}}"
 RKT_RUN_ARGS="${RKT_RUN_ARGS} ${RKT_OPTS}"
 if [[ "${KUBELET_IMAGE%%/*}" == "quay.io" ]] && ! (echo "${RKT_RUN_ARGS}" | grep -q trust-keys-from-https); then
 	RKT_RUN_ARGS="${RKT_RUN_ARGS} --trust-keys-from-https"
 elif [[ "${KUBELET_IMAGE%%/*}" == "docker:" ]] && ! (echo "${RKT_RUN_ARGS}" | grep -q insecure-options); then
 	RKT_RUN_ARGS="${RKT_RUN_ARGS} --insecure-options=image"
 fi
 mkdir --parents /etc/kubernetes
 mkdir --parents /var/lib/docker
 mkdir --parents /var/lib/kubelet
 mkdir --parents /run/kubelet
 RKT="${RKT:-/usr/bin/rkt}"
 RKT_STAGE1_ARG="${RKT_STAGE1_ARG:---stage1-from-dir=stage1-fly.aci}"
 KUBELET_IMAGE_ARGS=${KUBELET_IMAGE_ARGS:---exec=/kubelet}
 set -x
 exec ${RKT} ${RKT_GLOBAL_ARGS} \
 	run ${RKT_RUN_ARGS} \
 	--volume coreos-etc-kubernetes,kind=host,source=/etc/kubernetes,readOnly=false \
 	--volume coreos-etc-ssl-certs,kind=host,source=/etc/ssl/certs,readOnly=true \
 	--volume coreos-usr-share-certs,kind=host,source=/usr/share/ca-certificates,readOnly=true \
 	--volume coreos-var-lib-docker,kind=host,source=/var/lib/docker,readOnly=false \
 	--volume coreos-var-lib-kubelet,kind=host,source=/var/lib/kubelet,readOnly=false,recursive=true \
 	--volume coreos-var-log,kind=host,source=/var/log,readOnly=false \
 	--volume coreos-os-release,kind=host,source=/usr/lib/os-release,readOnly=true \
 	--volume coreos-run,kind=host,source=/run,readOnly=false \
 	--volume coreos-lib-modules,kind=host,source=/lib/modules,readOnly=true \
 	--volume coreos-etc-machine-id,kind=host,source=/etc/machine-id,readOnly=true \
 	--mount volume=coreos-etc-kubernetes,target=/etc/kubernetes \
 	--mount volume=coreos-etc-ssl-certs,target=/etc/ssl/certs \
 	--mount volume=coreos-usr-share-certs,target=/usr/share/ca-certificates \
 	--mount volume=coreos-var-lib-docker,target=/var/lib/docker \
 	--mount volume=coreos-var-lib-kubelet,target=/var/lib/kubelet \
 	--mount volume=coreos-var-log,target=/var/log \
 	--mount volume=coreos-os-release,target=/etc/os-release \
 	--mount volume=coreos-run,target=/run \
 	--mount volume=coreos-lib-modules,target=/lib/modules \
 	--mount volume=coreos-etc-machine-id,target=/etc/machine-id \
 	--hosts-entry host \
 	${RKT_STAGE1_ARG} \
 	${KUBELET_IMAGE} \
 		${KUBELET_IMAGE_ARGS} \
 		-- "$@"
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/kubelet-wrapper-0.0.4-r1.ebuild
@ -1,25 +0,0 @@
 #
 # Copyright (c) 2015 CoreOS, Inc.. All rights reserved.
 # Distributed under the terms of the GNU General Public License v2
 # $Header:$
 #
 EAPI=6
 DESCRIPTION="Kubernetes Container Manager"
 HOMEPAGE="http://kubernetes.io/"
 KEYWORDS="amd64 arm64"
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE=""
 RDEPEND=">=app-emulation/rkt-1.9.1[rkt_stage1_fly]"
 # work around ${WORKDIR}/${P} not existing
 S=${WORKDIR}
 src_install() {
 	exeinto /usr/lib/flatcar
 	doexe "${FILESDIR}"/kubelet-wrapper
 }
--- a/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-admin/kubelet-wrapper/metadata.xml
@ -1,4 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 </pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/Manifest
@ -1,2 +0,0 @@
 DIST rkt-pxe-amd64-usr-1478.0.0.img 264382497 SHA256 9897f9e78e207da42a75d03f7ff74c4400dce15843b752adcb3182ebe66c9868 SHA512 5f462b6223a141d72a38857fff26f4f70c0a36f21d1cc69623d946ba42f8b15fa994f222b1934cd16cc5b4e306cf5a8850295492dfb637f2a8fee8b774d7c1e4 WHIRLPOOL 6eed288afed99f26c892af4fdfea23bde5cb617918d34ba7132765bf11bdfc478f364b123d4c505d474740b5381b7f149dba856288ea59dbb5171782975d821b
 DIST rkt-pxe-arm64-usr-1478.0.0.img 202610087 SHA256 30242967a3d86d0e0b4fc22017aea6a192b281dce97865f11e623ffca3363f11 SHA512 a91cb5fb40a522d8e624520aae9046ce5ac1756253191b704af52286af2ac29c10fa9053c4d115745125333a4b403aa792dfe16a3c3181e014505b8f8d10d147 WHIRLPOOL b2bf47ae2897c0b1e7070fa17c1dd8d4156ce0cae3136100f7efce6258f677f15470c191803ee7ee50eac53b74bfb9a5df4d1724684a12f40c47a6186520c744
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/files/sysusers.conf
@ -1,3 +0,0 @@
 g rkt-admin -   - -
 g rkt       251 - -
 m core      rkt - -
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/metadata.xml
@ -1,17 +0,0 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<longdescription lang="en">
 		rkt is a new container runtime, designed for composability, security,
 		and speed. Today we are releasing a prototype version on GitHub to begin
 		gathering feedback from our community and explain why we are building
 		rkt. 
 	</longdescription>
 	<use>
 		<flag name="actool">Install the actool for ACI manipulation</flag>
 		<flag name="rkt_stage1_coreos">Download and use a prebuilt stage1.aci from CoreOS</flag>
 		<flag name="rkt_stage1_fly">Build the experimental fly stage1 for chroot-only isolation</flag>
 		<flag name="rkt_stage1_src">Build the stage1.aci from source</flag>
 		<flag name="rkt_stage1_host">Assemble stage1.aci from host binaries</flag>
 	</use>
 </pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-1.30.0-r2.ebuild
@ -1 +0,0 @@
 rkt-9999.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/rkt/rkt-9999.ebuild
@ -1,151 +0,0 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 EAPI=7
 AUTOTOOLS_AUTORECONF=yes
 AUTOTOOLS_IN_SOURCE_BUILD=yes
 COREOS_GO_VERSION=go1.12
 inherit autotools flag-o-matic systemd toolchain-funcs multilib
 inherit cros-workon coreos-go-depend
 CROS_WORKON_PROJECT="rkt/rkt"
 CROS_WORKON_LOCALNAME="rkt"
 CROS_WORKON_REPO="git://github.com"
 if [[ "${PV}" == "9999" ]]; then
 	KEYWORDS="~amd64 ~arm64"
 else
 	KEYWORDS="amd64 arm64"
 	CROS_WORKON_COMMIT="e04dd994baa1051f1205578d12d69eec83dbb905" # v1.30.0
 fi
 PXE_VERSION="1478.0.0"
 PXE_SYSTEMD_VERSION="v233"
 PXE_FILE="${PN}-pxe-${ARCH}-usr-${PXE_VERSION}.img"
 PXE_URI_AMD64="https://alpha.release.core-os.net/amd64-usr/${PXE_VERSION}/coreos_production_pxe_image.cpio.gz"
 PXE_URI_ARM64="https://alpha.release.core-os.net/arm64-usr/${PXE_VERSION}/coreos_production_pxe_image.cpio.gz"
 PXE_FILE_AMD64="${PN}-pxe-amd64-usr-${PXE_VERSION}.img"
 PXE_FILE_ARM64="${PN}-pxe-arm64-usr-${PXE_VERSION}.img"
 SRC_URI="rkt_stage1_coreos? (
 	amd64? ( ${PXE_URI_AMD64} -> ${PXE_FILE_AMD64} )
 	arm64? ( ${PXE_URI_ARM64} -> ${PXE_FILE_ARM64} )
 )"
 DESCRIPTION="A CLI for running app containers, and an implementation of the App
 Container Spec."
 HOMEPAGE="https://github.com/rkt/rkt"
 LICENSE="Apache-2.0"
 SLOT="0"
 IUSE="doc examples +rkt_stage1_coreos +rkt_stage1_fly rkt_stage1_host rkt_stage1_src tpm"
 REQUIRED_USE="|| ( rkt_stage1_coreos rkt_stage1_fly rkt_stage1_host rkt_stage1_src )"
 COMMON_DEPEND="sys-apps/acl
 		tpm? ( app-crypt/trousers )"
 DEPEND="app-arch/cpio
 	sys-fs/squashfs-tools
 	rkt_stage1_src? (
 		>=sys-apps/systemd-222
 		app-shells/bash
 	)
 	${COMMON_DEPEND}"
 RDEPEND="!app-emulation/rocket
 	rkt_stage1_host? (
 		>=sys-apps/systemd-220
 		app-shells/bash
 	)
 	${COMMON_DEPEND}"
 BUILDDIR="build-${P}"
 STAGE1INSTALLDIR=""
 STAGE1FIRST=""
 STAGE1FLAVORS=""
 function add_stage1() {
 	if [[ ${STAGE1FIRST} == "" ]]; then
 		STAGE1FIRST=$1
 		STAGE1FLAVORS=$1
 	else
 		STAGE1FLAVORS="${STAGE1FLAVORS},$1"
 	fi
 }
 src_prepare() {
 	eapply_user
 	STAGE1INSTALLDIR="/usr/$(get_libdir)/rkt/stage1-images"
 	# ensure we use a CoreOS PXE image version that matches rkt's expectations.
 	local rkt_coreos_version=$(awk '/^CCN_IMG_RELEASE/ { print $3 }' stage1/usr_from_coreos/coreos-common.mk)
 	if [ "${rkt_coreos_version}" != "${PXE_VERSION}" ]; then
 		die "CoreOS versions in ebuild and rkt build scripts are mismatched, expecting ${rkt_coreos_version}!"
 	fi
 	eautoreconf
 }
 src_configure() {
 	local myeconfargs=()
 	if use rkt_stage1_coreos; then
 		add_stage1 "coreos"
 		myeconfargs+=( --with-coreos-local-pxe-image-path="${DISTDIR}/${PXE_FILE}" )
 		myeconfargs+=( --with-coreos-local-pxe-image-systemd-version="${PXE_SYSTEMD_VERSION}" )
 	fi
 	if use rkt_stage1_fly; then
 		add_stage1 "fly"
 	fi
 	if use rkt_stage1_host; then
 		add_stage1 "host"
 	fi
 	if use rkt_stage1_src; then
 		add_stage1 "src"
 	fi
 	myeconfargs+=( $(use_enable tpm) )
 	myeconfargs+=( --with-stage1-flavors="${STAGE1FLAVORS}" )
 	myeconfargs+=( --with-stage1-default-location="${STAGE1INSTALLDIR}/stage1-${STAGE1FIRST}.aci" )
 	go_export
 	export BUILDDIR
 	export V=1
 	econf "${myeconfargs[@]}"
 }
 src_install() {
 	dodoc README.md
 	use doc && dodoc -r Documentation
 	use examples && dodoc -r examples
 	dobin "${S}/${BUILDDIR}/target/bin"/rkt
 	einfo The following stage1 ACIs have been installed to ${STAGE1INSTALLDIR}:
 	insinto ${STAGE1INSTALLDIR}
 	for stage1aci in "${S}/${BUILDDIR}/target/bin"/stage1-*.aci; do
 		doins "${stage1aci}"
 		einfo $(basename "${stage1aci}")
 	done
 	# symlink old stage1 aci directory to the new install location
 	dosym ../$(get_libdir)/rkt/stage1-images /usr/share/rkt
 	systemd_dounit "${S}"/dist/init/systemd/${PN}-gc.service
 	systemd_dounit "${S}"/dist/init/systemd/${PN}-gc.timer
 	systemd_enable_service multi-user.target ${PN}-gc.timer
 	systemd_dounit "${S}"/dist/init/systemd/${PN}-metadata.service
 	systemd_dounit "${S}"/dist/init/systemd/${PN}-metadata.socket
 	systemd_enable_service sockets.target ${PN}-metadata.socket
 	systemd_dotmpfilesd "${S}"/dist/init/systemd/tmpfiles.d/${PN}.conf
 	insinto /usr/lib/sysusers.d/
 	newins "${FILESDIR}"/sysusers.conf ${PN}.conf
 }
--- a/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/coreos/coreos-0.0.1.ebuild
@ -89,7 +89,6 @@ RDEPEND="${RDEPEND}
 RDEPEND="${RDEPEND}
 	app-admin/etcd-wrapper
 	app-admin/flannel-wrapper
 	app-admin/kubelet-wrapper
 	app-admin/locksmith
 	app-admin/mayday
 	app-admin/sdnotify-proxy
@ -103,7 +102,6 @@ RDEPEND="${RDEPEND}
 	app-crypt/gnupg
 	app-crypt/tpmpolicy
 	app-editors/vim
 	app-emulation/rkt
 	app-emulation/actool
 	app-emulation/cri-tools
 	app-misc/ca-certificates
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.mask
@ -11,10 +11,6 @@
 # certificate store provided in NSS rather than the Gentoo/Debian package.
 >=app-misc/ca-certificates-20000000
 # mask an accidental rkt major version bump to ensure it's not chosen over more
 # recent releases
 =app-emulation/rkt-13.0
 # Since version 2, it tries to write liblto symlinks with absolute paths that
 # don't work when building for the board root directories.
 >=sys-devel/gcc-config-2
		`@ -1,2 +0,0 @@`
			`DIST rkt-pxe-amd64-usr-1478.0.0.img 264382497 SHA256 9897f9e78e207da42a75d03f7ff74c4400dce15843b752adcb3182ebe66c9868 SHA512 5f462b6223a141d72a38857fff26f4f70c0a36f21d1cc69623d946ba42f8b15fa994f222b1934cd16cc5b4e306cf5a8850295492dfb637f2a8fee8b774d7c1e4 WHIRLPOOL 6eed288afed99f26c892af4fdfea23bde5cb617918d34ba7132765bf11bdfc478f364b123d4c505d474740b5381b7f149dba856288ea59dbb5171782975d821b`
			`DIST rkt-pxe-arm64-usr-1478.0.0.img 202610087 SHA256 30242967a3d86d0e0b4fc22017aea6a192b281dce97865f11e623ffca3363f11 SHA512 a91cb5fb40a522d8e624520aae9046ce5ac1756253191b704af52286af2ac29c10fa9053c4d115745125333a4b403aa792dfe16a3c3181e014505b8f8d10d147 WHIRLPOOL b2bf47ae2897c0b1e7070fa17c1dd8d4156ce0cae3136100f7efce6258f677f15470c191803ee7ee50eac53b74bfb9a5df4d1724684a12f40c47a6186520c744`