Update kustomize

1. Remove unused cdn and scheduler service in kustomize
2. Support containerd v1.5.0+ in kustomize

Signed-off-by: Jim Ma <majinjing3@gmail.com>

deploy/charts/dragonfly/values.yaml

@@ -127,6 +127,7 @@ dfdaemon:
   # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#hostport-services-do-not-work
   # by default, dfdaemon injects the 65001 port to host network by sharing host network namespace,
   # if you want to use hostPort, please empty .config.proxy.tcpListen.namespace below, and keep .hostNetwork == false
+  # for performance, injecting the 65001 port to host network is better than hostPort
   hostPort: 65001
   # using hostNetwork when pod with host network can communicate with normal pods with cni network
   hostNetwork: false

deploy/kustomize/single-cluster-native/bases/cdn/service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn
-spec:
-  selector:
-    app: dragonfly
-    component: cdn
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8003
-    protocol: TCP
-    targetPort: 8003
-  - name: http
-    port: 8001
-    protocol: TCP
-    targetPort: 8001

deploy/kustomize/single-cluster-native/bases/dfdaemon/daemonset.yaml

@@ -25,22 +25,27 @@ spec:
       - name: dfdaemon
         image: dragonflyoss/dfget
         imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
         volumeMounts:
         - name: config
           mountPath: /etc/dragonfly
         - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
+          mountPath: /host/ns
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
         securityContext:
-          capabilities:
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
-            add:
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
       volumes:
       - name: config
         configMap:
           name: dfdaemon
       - name: netns
         hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network

deploy/kustomize/single-cluster-native/bases/dfdaemon/dfget.yaml

@@ -16,11 +16,11 @@ scheduler:
   # below example is a stand address
   netAddrs:
   - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
   # schedule timeout
   scheduleTimeout: 10s
 

deploy/kustomize/single-cluster-native/bases/kustomization.yaml

@@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
-- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml

deploy/kustomize/single-cluster-native/bases/scheduler/service.yaml

@@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
----
-
 apiVersion: v1
 kind: Service
 metadata:

deploy/kustomize/single-cluster-openkruise/bases/cdn/service.yaml

@@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn
-spec:
-  selector:
-    app: dragonfly
-    component: cdn
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8003
-    protocol: TCP
-    targetPort: 8003
-  - name: http
-    port: 8001
-    protocol: TCP
-    targetPort: 8001

deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/daemonset.yaml

@@ -27,22 +27,27 @@ spec:
       - name: dfdaemon
         image: dragonflyoss/dfget
         imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
         volumeMounts:
         - name: config
           mountPath: /etc/dragonfly
         - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
+          mountPath: /host/ns
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
         securityContext:
-          capabilities:
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
-            add:
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
       volumes:
       - name: config
         configMap:
           name: dfdaemon
       - name: netns
         hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network

deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/dfget.yaml

@@ -16,11 +16,11 @@ scheduler:
   # below example is a stand address
   netAddrs:
   - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
   # schedule timeout
   scheduleTimeout: 10s
 

deploy/kustomize/single-cluster-openkruise/bases/kustomization.yaml

@@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
-- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml

deploy/kustomize/single-cluster-openkruise/bases/scheduler/service.yaml

@@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
----
-
 apiVersion: v1
 kind: Service
 metadata: