switch to cri-o for kubernetes

modules/ocf/manifests/packages/kube/apt_first_stage.pp

@@ -17,4 +17,30 @@
       # pull.
       release  => 'kubernetes-xenial',
   }
+
+  apt::key { 'crio repo key':
+    id     => '2472D6D0D2F66AF87ABA8DA34D64390375060AA4',
+    # the key is the same for both
+    source => "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${::operatingsystemmajrelease}/Release.key";
+  }
+
+  $is_dev = $::hostname in lookup('kube_dev::controller_nodes')
+  $kube_prefix = if $is_dev { 'kube_dev' } else { 'kube' }
+  $kube_version = lookup("${kube_prefix}::kubernetes_version")
+  $split_version = split($kube_version, '.')
+  $crio_version = "${split_version[0]}.${split_version[1]}"
+
+  # for packages: cri-o cri-o-runc
+  apt::source { 'crio':
+      architecture => 'amd64',
+      location     => "http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/${crio_version}/Debian_${::operatingsystemmajrelease}/",
+      repos        => '/',
+      require      => Apt::Key['crio repo key'],
+  }
+  apt::source { 'libcontainers':
+      architecture => 'amd64',
+      location     => "https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_${::operatingsystemmajrelease}/",
+      repos        => '/',
+      require      => Apt::Key['crio repo key'],
+  }
 }

modules/ocf_kube/files/crio.conf

@@ -0,0 +1,5 @@
+[crio.metrics]
+enable_metrics = true
+metrics_port = 9090
+
+# TODO: crio.telemetry

modules/ocf_kube/manifests/controller.pp

@@ -1,4 +1,4 @@
-# Each kubernetes controller installs and runs kubelet and containerd.
+# Each kubernetes controller installs and runs kubelet and CRI-O.
 # Kubelet is kubernetes' service that has to run on every node. It is in charge
 # of figuring out what containers it has to run, and running them. It can do this
 # in two ways: the API server tells it to run something, or we can configure it
@@ -16,10 +16,10 @@
 # After kubelet starts and runs the containers, we should have a working
 # kubernetes cluster.
 
-# We use containerd over docker because docker is de-facto getting deprecated
+# We use CRI-O over docker because docker is de-facto getting deprecated
 # in kubernetes 1.20: https://github.com/kubernetes/kubernetes/pull/94624
 
-# This purpose of this puppet class is to install kubelet and containerd, and
+# This purpose of this puppet class is to install kubelet and CRI-O, and
 # configure the four containers.
 
 class ocf_kube::controller {
@@ -69,14 +69,11 @@
   }
 
   # We find containerd located in the docker debian repository
-  class { 'ocf::packages::docker::apt':
-    stage => first,
+  package { ['cri-o', 'cri-o-runc']: }
+  -> file { '/etc/crio/crio.conf':
+    source  => 'puppet:///modules/ocf_kube/crio.conf',
   }
-  package { 'containerd.io': }
-  -> file { '/etc/containerd/config.toml':
-    source  => 'puppet:///modules/ocf_kube/containerd.toml',
-  }
-  ~> service { 'containerd': }
+  ~> service { 'crio': }
 
   # Ensure /var/lib/etcd has mode 700
   file { '/var/lib/etcd':

modules/ocf_kube/templates/kubelet.service

@@ -7,7 +7,7 @@ After=network-online.target
 [Service]
 ExecStart=/usr/bin/kubelet --config /etc/kubernetes/kubelet.yaml \
                            --container-runtime=remote \
-                           --container-runtime-endpoint=unix:///var/run/containerd/containerd.sock \
+                           --container-runtime-endpoint=unix:///var/run/crio/crio.sock \
                            --register-node=true \
                            --kubeconfig=/etc/kubernetes/kubelet.conf
 Restart=always