Update kustomize

1. Remove unused cdn and scheduler service in kustomize 2. Support containerd v1.5.0+ in kustomize Signed-off-by: Jim Ma <[email protected]>
dragonflyoss · Jun 28, 2023 · e54c244 · e54c244
1 parent f625d89
commit e54c244
Show file tree

Hide file tree

Showing 11 changed files with 33 additions and 98 deletions.
diff --git a/deploy/charts/dragonfly/values.yaml b/deploy/charts/dragonfly/values.yaml
@@ -127,6 +127,7 @@ dfdaemon:
   # https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/troubleshooting-kubeadm/#hostport-services-do-not-work
   # by default, dfdaemon injects the 65001 port to host network by sharing host network namespace,
   # if you want to use hostPort, please empty .config.proxy.tcpListen.namespace below, and keep .hostNetwork == false
+  # for performance, injecting the 65001 port to host network is better than hostPort
   hostPort: 65001
   # using hostNetwork when pod with host network can communicate with normal pods with cni network
   hostNetwork: false

diff --git a/deploy/kustomize/single-cluster-native/bases/cdn/service.yaml b/deploy/kustomize/single-cluster-native/bases/cdn/service.yaml
diff --git a/deploy/kustomize/single-cluster-native/bases/dfdaemon/daemonset.yaml b/deploy/kustomize/single-cluster-native/bases/dfdaemon/daemonset.yaml
@@ -25,22 +25,27 @@ spec:
       - name: dfdaemon
         image: dragonflyoss/dfget
         imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
         volumeMounts:
         - name: config
           mountPath: /etc/dragonfly
         - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
+          mountPath: /host/ns
         securityContext:
-          capabilities:
-            add:
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
       volumes:
       - name: config
         configMap:
           name: dfdaemon
       - name: netns
         hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
diff --git a/deploy/kustomize/single-cluster-native/bases/dfdaemon/dfget.yaml b/deploy/kustomize/single-cluster-native/bases/dfdaemon/dfget.yaml
@@ -16,11 +16,11 @@ scheduler:
   # below example is a stand address
   netAddrs:
   - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
   # schedule timeout
   scheduleTimeout: 10s
 

diff --git a/deploy/kustomize/single-cluster-native/bases/kustomization.yaml b/deploy/kustomize/single-cluster-native/bases/kustomization.yaml
@@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
-- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml

diff --git a/deploy/kustomize/single-cluster-native/bases/scheduler/service.yaml b/deploy/kustomize/single-cluster-native/bases/scheduler/service.yaml
@@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
----
-
 apiVersion: v1
 kind: Service
 metadata:

diff --git a/deploy/kustomize/single-cluster-openkruise/bases/cdn/service.yaml b/deploy/kustomize/single-cluster-openkruise/bases/cdn/service.yaml
diff --git a/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/daemonset.yaml b/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/daemonset.yaml
@@ -27,22 +27,27 @@ spec:
       - name: dfdaemon
         image: dragonflyoss/dfget
         imagePullPolicy: "Always"
+        ports: # 65001 is in host network, no need here
+        - containerPort: 65000
+        - containerPort: 65002
         volumeMounts:
         - name: config
           mountPath: /etc/dragonfly
         - name: netns # the mountPath is setting in proxy.tcpListen.namespace
-          mountPath: /host/ns/net
-        ports: # 65001 is in host network, no need here
-        - containerPort: 65000
-        - containerPort: 65002
+          mountPath: /host/ns
         securityContext:
-          capabilities:
-            add:
-            - SYS_ADMIN # setns need CAP_SYS_ADMIN capability
+          # FIXME dfget daemon only need /proc/1/ns/net and CAP_SYS_ADMIN
+          # but containerd resolves the symbolic of /proc/1/ns/net from v1.5.0
+          # due to /proc/1/ns/net is not a regular symbolic link, it always failed.
+          # https://github.com/containerd/containerd/blob/v1.5.0/pkg/cri/opts/spec_linux.go#L171
+          privileged: true
+          #capabilities:
+          #  add:
+          #  - SYS_ADMIN
       volumes:
       - name: config
         configMap:
           name: dfdaemon
       - name: netns
         hostPath:
-          path: /proc/1/ns/net # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
+          path: /proc/1/ns # bind mount host net ns to pod, dfdaemon can listen 65001 in host network
diff --git a/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/dfget.yaml b/deploy/kustomize/single-cluster-openkruise/bases/dfdaemon/dfget.yaml
@@ -16,11 +16,11 @@ scheduler:
   # below example is a stand address
   netAddrs:
   - type: tcp
-    addr: scheduler-0.dragonfly.svc:8002
+    addr: scheduler-0.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-1.dragonfly.svc:8002
+    addr: scheduler-1.dragonfly-system.svc:8002
   - type: tcp
-    addr: scheduler-2.dragonfly.svc:8002
+    addr: scheduler-2.dragonfly-system.svc:8002
   # schedule timeout
   scheduleTimeout: 10s
 

diff --git a/deploy/kustomize/single-cluster-openkruise/bases/kustomization.yaml b/deploy/kustomize/single-cluster-openkruise/bases/kustomization.yaml
@@ -2,7 +2,6 @@ namespace: dragonfly-system
 resources:
 - namespace.yaml
 - cdn/rabc.yaml
-- cdn/service.yaml
 - cdn/serviceaccount.yaml
 - cdn/statefulset.yaml
 - dfdaemon/seviceaccount.yaml

diff --git a/deploy/kustomize/single-cluster-openkruise/bases/scheduler/service.yaml b/deploy/kustomize/single-cluster-openkruise/bases/scheduler/service.yaml
@@ -1,21 +1,3 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: scheduler
-spec:
-  selector:
-    app: dragonfly
-    component: scheduler
-  type: ClusterIP
-  clusterIP: None
-  ports:
-  - name: grpc
-    port: 8002
-    protocol: TCP
-    targetPort: 8002
-
----
-
 apiVersion: v1
 kind: Service
 metadata: