Update kustomize

1. Remove unused cdn and scheduler service in kustomize 2. Support containerd v1.5.0+ in kustomize Signed-off-by: Jim Ma <majinjing3@gmail.com>
2021-07-02 11:24:10 +08:00 · 2021-07-02 11:24:10 +08:00 · e54c2448cd
parent f625d89ca9
commit e54c2448cd
11 changed files with 33 additions and 98 deletions
--- a/deploy/charts/dragonfly/values.yaml
+++ b/deploy/charts/dragonfly/values.yaml
@ -127,6 +127,7 @@ dfdaemon:
  # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#hostport-services-do-not-work
  # by default, dfdaemon injects the 65001 port to host network by sharing host network namespace,
  # if you want to use hostPort, please empty .config.proxy.tcpListen.namespace below, and keep .hostNetwork == false
+  # for performance, injecting the 65001 port to host network is better than hostPort
  hostPort: 65001
  # using hostNetwork when pod with host network can communicate with normal pods with cni network
  hostNetwork: false
--- a/deploy/kustomize/single-cluster-native/bases/cdn/service.yaml
+++ b/deploy/kustomize/single-cluster-native/bases/cdn/service.yaml
@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn
-spec:
-  selector:
-    app: dragonfly
-    component: cdn
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8003
-    protocol: TCP
-    targetPort: 8003
-  - name: http
-    port: 8001
-    protocol: TCP
-    targetPort: 8001
--- a/deploy/kustomize/single-cluster-native/bases/dfdaemon/daemonset.yaml
+++ b/deploy/kustomize/single-cluster-native/bases/dfdaemon/daemonset.yaml
@ -25,22 +25,27 @@ spec:
      - name: dfdaemon
        image: dragonflyoss/dfget
        imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
        volumeMounts:
        - name: config
          mountPath: /etc/dragonfly
        - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
+          mountPath: /host/ns
        securityContext:
-          capabilities:
-            add:
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
      volumes:
      - name: config
        configMap:
          name: dfdaemon
      - name: netns
        hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
--- a/deploy/kustomize/single-cluster-native/bases/dfdaemon/dfget.yaml
+++ b/deploy/kustomize/single-cluster-native/bases/dfdaemon/dfget.yaml
@ -16,11 +16,11 @@ scheduler:
  # below example is a stand address
  netAddrs:
  - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
  - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
  - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
  # schedule timeout
  scheduleTimeout: 10s

--- a/deploy/kustomize/single-cluster-native/bases/kustomization.yaml
+++ b/deploy/kustomize/single-cluster-native/bases/kustomization.yaml
@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml
--- a/deploy/kustomize/single-cluster-native/bases/scheduler/service.yaml
+++ b/deploy/kustomize/single-cluster-native/bases/scheduler/service.yaml
@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
---
-
 apiVersion: v1
 kind: Service
 metadata:
--- a/deploy/kustomize/single-cluster-openkruise/bases/cdn/service.yaml
+++ b/deploy/kustomize/single-cluster-openkruise/bases/cdn/service.yaml
@ -1,19 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: cdn
-spec:
-  selector:
-    app: dragonfly
-    component: cdn
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8003
-    protocol: TCP
-    targetPort: 8003
-  - name: http
-    port: 8001
-    protocol: TCP
-    targetPort: 8001
--- a/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/daemonset.yaml
+++ b/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/daemonset.yaml
@ -27,22 +27,27 @@ spec:
      - name: dfdaemon
        image: dragonflyoss/dfget
        imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
        volumeMounts:
        - name: config
          mountPath: /etc/dragonfly
        - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
+          mountPath: /host/ns
        securityContext:
-          capabilities:
-            add:
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
      volumes:
      - name: config
        configMap:
          name: dfdaemon
      - name: netns
        hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
--- a/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/dfget.yaml
+++ b/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/dfget.yaml
@ -16,11 +16,11 @@ scheduler:
  # below example is a stand address
  netAddrs:
  - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
  - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
  - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
  # schedule timeout
  scheduleTimeout: 10s

--- a/deploy/kustomize/single-cluster-openkruise/bases/kustomization.yaml
+++ b/deploy/kustomize/single-cluster-openkruise/bases/kustomization.yaml
@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml
--- a/deploy/kustomize/single-cluster-openkruise/bases/scheduler/service.yaml
+++ b/deploy/kustomize/single-cluster-openkruise/bases/scheduler/service.yaml
@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
---
-
 apiVersion: v1
 kind: Service
 metadata: