Merge branch 'openyurtio:master' into lilf-branch

openyurtio · Sep 7, 2023 · e825768 · e825768
2 parents 1bec42f + 8b8c6e1
commit e825768
Show file tree

Hide file tree

Showing 460 changed files with 53,075 additions and 7,618 deletions.
diff --git a/.github/workflows/back-port.yaml b/.github/workflows/back-port.yaml
@@ -30,7 +30,7 @@ jobs:
         with:
           fetch-depth: 0
       - name: Create Backport PR
-        uses: zeebe-io/backport-action@v1.2.0
+        uses: zeebe-io/backport-action@v1.3.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           github_workspace: ${{ github.workspace }}
diff --git a/.github/workflows/release.yaml → .github/workflows/registry.yaml b/.github/workflows/release.yaml → .github/workflows/registry.yaml
@@ -1,16 +1,17 @@
-name: Release
+name: Release Images
 
 on:
   push:
     tags:
       - "v*"
   schedule:
     # run at UTC 1:30 every day
-    - cron:  '30 1 * * *'
+    - cron: "30 1 * * *"
   workflow_dispatch: {}
 
 env:
   ALI_REGISTRY: registry.cn-hangzhou.aliyuncs.com/openyurt
+  GITHUB_REGISTRY: ghcr.io/openyurtio/openyurt
 
 jobs:
   docker-push:
@@ -65,4 +66,31 @@ jobs:
           username: ${{ secrets.ALI_REGISTRY_USERNAME }}
           password: ${{ secrets.ALI_REGISTRY_PASSWORD }}
       - name: Release
-        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.ALI_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}
+        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.ALI_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}
+  docker-push-github-registry:
+    if: github.repository == 'openyurtio/openyurt'
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          submodules: true
+      - name: Get the version
+        id: get_version
+        run: |
+          VERSION=${GITHUB_REF#refs/tags/}
+          if [[ ${GITHUB_REF} == "refs/heads/master" ]]; then
+            VERSION=latest
+          fi
+          echo ::set-output name=VERSION::${VERSION}
+      - name: Install Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          registry: ${{ env.GITHUB_REGISTRY }}
+          username: ${{ secrets.GH_REGISTRY_USERNAME }}
+          password: ${{ secrets.GH_REGISTRY_PASSWORD }}
+      - name: Release
+        run: make docker-push TARGET_PLATFORMS=linux/amd64,linux/arm64,linux/arm/v7 IMAGE_REPO=${{ env.GITHUB_REGISTRY }} IMAGE_TAG=${{ steps.get_version.outputs.VERSION }}
diff --git a/.github/workflows/release-assets.yaml b/.github/workflows/release-assets.yaml
@@ -0,0 +1,43 @@
+name: Release Assets
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch: {}
+
+permissions:
+  contents: read
+
+jobs:
+  goreleaser:
+    if: github.repository == 'openyurtio/openyurt'
+    permissions:
+      contents: write
+      actions: read
+      checks: write
+      issues: read
+      packages: write
+      pull-requests: read
+      repository-projects: read
+      statuses: read
+    runs-on: ubuntu-22.04
+    name: goreleaser
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: 1.18
+          cache: true
+      - name: Run GoReleaser
+        uses: goreleaser/goreleaser-action@v4
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
@@ -34,7 +34,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif

diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        target: [ yurthub,  node-servant, yurt-manager ]
+        target: [ yurthub,  node-servant, yurt-manager, yurt-iot-dock ]
     steps:
       - uses: actions/checkout@v3
         with:

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -0,0 +1,46 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+builds:
+  - id: yurtadm
+    binary: yurtadm
+    goos:
+      - linux
+      - darwin
+    goarch:
+      - amd64
+      - arm64
+    main: ./cmd/yurtadm/yurtadm.go
+    ldflags:
+      - -s -w -X github.com/openyurtio/openyurt/pkg/projectinfo.gitVersion={{ .Tag }} -X github.com/openyurtio/openyurt/pkg/projectinfo.gitCommit={{ .ShortCommit }} -X github.com/openyurtio/openyurt/pkg/projectinfo.buildDate={{ .Date }}
+    env:
+      - CGO_ENABLED=0
+
+archives:
+  - format: tar.gz
+    id: yurtadm-tgz
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    builds:
+      - yurtadm
+    name_template: '{{ .ArtifactName }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+  - format: zip
+    id: yurtadm-zip
+    builds:
+      - yurtadm
+    wrap_in_directory: '{{ .Os }}-{{ .Arch }}'
+    name_template: '{{ .ArtifactName }}-{{ .Tag }}-{{ .Os }}-{{ .Arch }}'
+    files: [ LICENSE, README.md ]
+
+checksum:
+  name_template: 'sha256sums.txt'
+changelog:
+  sort: asc
+  filters:
+    exclude:
+      - '^docs:'
+      - '^test:'
+
+# The lines beneath this are called `modelines`. See `:help modeline`
+# Feel free to remove those if you don't want/use them.
+# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
+# vim: set ts=2 sw=2 tw=0 fo=cnqoj
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -37,13 +37,13 @@ LoadBalancer service, thus getting the nodepool isolation capability of the Node
 - improve image build efficiency by @Congrool in https://github.com/openyurtio/openyurt/pull/1191
 - support filter chain for filtering response data by @rambohe-ch in https://github.com/openyurtio/openyurt/pull/1189
 - fix: re-list when target change by @LaurenceLiZhixin in https://github.com/openyurtio/openyurt/pull/1195
-- fix: pool-coordinator cannot be rescheduled when its node fails (#1212) by @AndyEWang in https://github.com/openyurtio/openyurt/pull/1218
+- fix: yurt-coordinator cannot be rescheduled when its node fails (#1212) by @AndyEWang in https://github.com/openyurtio/openyurt/pull/1218
 - feat: merge yurtctl to e2e by @YTGhost in https://github.com/openyurtio/openyurt/pull/1219
 - support pass bootstrap-file to yurthub by @rambohe-ch in https://github.com/openyurtio/openyurt/pull/1333
 - add system proxy for docker run by @gnunu in https://github.com/openyurtio/openyurt/pull/1335
 - feat: add yurtadm renew certificate command by @YTGhost in https://github.com/openyurtio/openyurt/pull/1314
 - add a new way to create webhook by @JameKeal in https://github.com/openyurtio/openyurt/pull/1359
-- feat: support pool-coordinator component work in specified namespace by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1355
+- feat: support yurt-coordinator component work in specified namespace by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1355
 - feat: add nodepool e2e by @huiwq1990 in https://github.com/openyurtio/openyurt/pull/1365
 - feat: support yurt-manager work in specified namespace by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1367
 - support yurthub component work in specified namespace by @huweihuang in https://github.com/openyurtio/openyurt/pull/1366
@@ -54,11 +54,11 @@ LoadBalancer service, thus getting the nodepool isolation capability of the Node
 
 ### Fixes
 
-- fix handle poolcoordinator certificates in case of restarting by @batthebee in https://github.com/openyurtio/openyurt/pull/1187
+- fix handle yurtcoordinator certificates in case of restarting by @batthebee in https://github.com/openyurtio/openyurt/pull/1187
 - make rename replace old dir by @LaurenceLiZhixin in https://github.com/openyurtio/openyurt/pull/1237
 - yurtadm minor version compatibility of kubelet and kubeadm by @YTGhost in https://github.com/openyurtio/openyurt/pull/1244
 - delete specific iptables while testing kube-proxy by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1268
-- fix yurthub dnsPolicy when using pool-coordinator by @JameKeal in https://github.com/openyurtio/openyurt/pull/1321
+- fix yurthub dnsPolicy when using yurt-coordinator by @JameKeal in https://github.com/openyurtio/openyurt/pull/1321
 - fix: yurt-controller-manager reboot cannot remove taint node.openyurt.io/unschedulable (#1233) by @AndyEWang in https://github.com/openyurtio/openyurt/pull/1337
 - fix daemonSet pod updater pointer error by @JameKeal in https://github.com/openyurtio/openyurt/pull/1340
 - bugfix for yurtappset by @theonefx in https://github.com/openyurtio/openyurt/pull/1391
@@ -104,7 +104,7 @@ giving feedback, helping users in community group, etc.
 The original edge autonomy feature can make the pods on nodes un-evicted even if node crashed by adding annotation to node,
 and this feature is recommended to use for scenarios that pods should bind to node without recreation.
 After improving edge autonomy capability, when the reason of node NotReady is cloud-edge network off, pods will not be evicted
-because leader yurthub will help these offline nodes to proxy their heartbeats to the cloud via pool-coordinator component,
+because leader yurthub will help these offline nodes to proxy their heartbeats to the cloud via yurt-coordinator component,
 and pods will be evicted and recreated on other ready node if node crashed.
 
 By the way, the original edge autonomy capability by annotating node (with node.beta.openyurt.io/autonomy) will be kept as it is,
@@ -113,9 +113,9 @@ enable the original edge autonomy capability for specified pod.
 
 **Reduce the control-plane traffic between cloud and edge**
 
-Based on the Pool-Coordinator in the nodePool, A leader Yurthub will be elected in the nodePool. Leader Yurthub will
-list/watch pool-scope data(like endpoints/endpointslices) from cloud and write into pool-coordinator. then all components(like kube-proxy/coredns)
-in the nodePool will get pool-scope data from pool-coordinator instead of cloud kube-apiserver, so large volume control-plane traffic
+Based on the Yurt-Coordinator in the nodePool, A leader Yurthub will be elected in the nodePool. Leader Yurthub will
+list/watch pool-scope data(like endpoints/endpointslices) from cloud and write into yurt-coordinator. then all components(like kube-proxy/coredns)
+in the nodePool will get pool-scope data from yurt-coordinator instead of cloud kube-apiserver, so large volume control-plane traffic
 will be reduced.
 
 **Use raven component to replace yurt-tunnel component**

diff --git a/Makefile b/Makefile
@@ -62,6 +62,9 @@ KUSTOMIZE ?= $(LOCALBIN)/kustomize
 KUBECTL_VERSION ?= v1.22.3
 KUBECTL ?= $(LOCALBIN)/kubectl
 
+YQ_VERSION := 4.13.2
+YQ := $(shell command -v $(LOCALBIN)/yq 2> /dev/null)
+
 .PHONY: clean all build test
 
 all: test build
@@ -72,8 +75,8 @@ build:
 
 # Run test
 test:
-	go test -v -short ./pkg/... ./cmd/... -coverprofile cover.out
-	go test -v  -coverpkg=./pkg/yurttunnel/...  -coverprofile=yurttunnel-cover.out ./test/integration/yurttunnel_test.go
+	go test -v ./pkg/... ./cmd/... -coverprofile cover.out
+	go test -v -coverpkg=./pkg/yurttunnel/...  -coverprofile=yurttunnel-cover.out ./test/integration/yurttunnel_test.go
 
 clean:
 	-rm -Rf _output
@@ -144,7 +147,7 @@ docker-build:
 
 
 # Build and Push the docker images with multi-arch
-docker-push: docker-push-yurthub docker-push-node-servant docker-push-yurt-manager
+docker-push: docker-push-yurthub docker-push-node-servant docker-push-yurt-manager docker-push-yurt-tunnel-server docker-push-yurt-tunnel-agent
 
 
 docker-buildx-builder:
@@ -165,11 +168,20 @@ docker-push-node-servant: docker-buildx-builder
 docker-push-yurt-manager: manifests docker-buildx-builder
 	docker buildx build --no-cache --push ${DOCKER_BUILD_ARGS}  --platform ${TARGET_PLATFORMS} -f hack/dockerfiles/release/Dockerfile.yurt-manager . -t ${IMAGE_REPO}/yurt-manager:${GIT_VERSION}
 
+docker-push-yurt-tunnel-server: docker-buildx-builder
+	docker buildx build --no-cache --push ${DOCKER_BUILD_ARGS}  --platform ${TARGET_PLATFORMS} -f hack/dockerfiles/release/Dockerfile.yurt-tunnel-server . -t ${IMAGE_REPO}/yurt-tunnel-server:${GIT_VERSION}
+
+docker-push-yurt-tunnel-agent: docker-buildx-builder
+	docker buildx build --no-cache --push ${DOCKER_BUILD_ARGS}  --platform ${TARGET_PLATFORMS} -f hack/dockerfiles/release/Dockerfile.yurt-tunnel-agent . -t ${IMAGE_REPO}/yurt-tunnel-agent:${GIT_VERSION}
+
+docker-push-yurt-iot-dock: docker-buildx-builder
+	docker buildx build --no-cache --push ${DOCKER_BUILD_ARGS}  --platform ${TARGET_PLATFORMS} -f hack/dockerfiles/release/Dockerfile.yurt-iot-dock . -t ${IMAGE_REPO}/yurt-iot-dock:${GIT_VERSION}
+
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
 #	hack/make-rule/generate_openapi.sh // TODO by kadisi
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./pkg/apis/..."
 
-manifests: kustomize kubectl generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+manifests: kustomize kubectl yq generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	rm -rf $(BUILD_KUSTOMIZE)
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=role webhook paths="./pkg/..." output:crd:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/crd output:rbac:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/rbac output:webhook:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/webhook
 	hack/make-rules/kustomize_to_chart.sh --crd $(BUILD_KUSTOMIZE)/auto_generate/crd  --webhook $(BUILD_KUSTOMIZE)/auto_generate/webhook --rbac $(BUILD_KUSTOMIZE)/auto_generate/rbac --output $(BUILD_KUSTOMIZE)/kustomize --chartDir charts/yurt-manager
@@ -210,6 +222,16 @@ $(KUSTOMIZE): $(LOCALBIN)
 	fi
 	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
 
+.PHONY: yq
+yq:
+ifndef YQ
+	@echo "Installing yq..."
+	test -s $(LOCALBIN)/yq || curl -k -L https://github.com/mikefarah/yq/releases/download/v${YQ_VERSION}/yq_$(shell go env GOOS)_$(shell go env GOARCH) -o $(LOCALBIN)/yq
+	chmod +x $(LOCALBIN)/yq
+else
+	@echo "yq is already installed"
+endif
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool
@@ -224,7 +246,6 @@ rm -rf $$TMP_DIR ;\
 }
 endef
 
-
 fmt:
 	go fmt ./...
 	find . -name '*.go' | grep -Ev 'vendor|thrift_gen' | xargs goimports -w

diff --git a/README.md b/README.md
@@ -30,7 +30,7 @@ English | [简体中文](./README.zh.md)
 OpenYurt has been designed to meet various DevOps requirements against typical edge infrastructures.
 It provides consistent user experience for managing the edge applications as if they were running in the cloud infrastructure.
 It addresses specific challenges for cloud-edge orchestration in Kubernetes such as unreliable or disconnected cloud-edge networking,
-edge autonomy, edge device management, region-aware deployment and so on. OpenYurt preserves intact Kubernetes API compatibility,
+edge autonomy, edge device management, region-aware deployment, and so on. OpenYurt preserves intact Kubernetes API compatibility,
 is vendor agnostic, and more importantly, is **SIMPLE** to use.
 
 ## Architecture
@@ -47,10 +47,10 @@ multiple physical regions, which are referred to as `Pools` in OpenYurt.
 
 The above figure demonstrates the core OpenYurt architecture. The major components consist of:
 
-- **[YurtHub](https://openyurt.io/docs/next/core-concepts/yurthub)**: YurtHub runs on worker nodes as static pod and serve as a node sidecar to handle requests that comes from components(like Kubelet, Kubeproxy, etc.) on worker nodes to kube-apiserver.
+- **[YurtHub](https://openyurt.io/docs/next/core-concepts/yurthub)**: YurtHub runs on worker nodes as static pod and serves as a node sidecar to handle requests that comes from components (like Kubelet, Kubeproxy, etc.) on worker nodes to kube-apiserver.
 - **[Yurt-Manager](https://github.com/openyurtio/openyurt/tree/master/cmd/yurt-manager)**: include all controllers and webhooks for edge.
 - **[Raven-Agent](https://openyurt.io/docs/next/core-concepts/raven)**: It is focused on edge-edge and edge-cloud communication in OpenYurt, and provides layer 3 network connectivity among pods in different physical regions, as there are in one vanilla Kubernetes cluster.
-- **Pool-Coordinator**: One instance of Pool-Coordinator is deployed in every edge NodePool, and in conjunction with YurtHub to provide heartbeat delegation, cloud-edge traffic multiplexing abilities, etc.
+- **Yurt-Coordinator**: One instance of Yurt-Coordinator is deployed in every edge NodePool, and in conjunction with YurtHub to provide heartbeat delegation, cloud-edge traffic multiplexing abilities, etc.
 
 In addition, OpenYurt also includes auxiliary controllers for integration and customization purposes.
 

diff --git a/README.zh.md b/README.zh.md
@@ -48,7 +48,7 @@ OpenYurt 遵循经典的云边一体化架构。
 - **[YurtHub](https://openyurt.io/zh/docs/next/core-concepts/yurthub/)**：YurtHub 以静态 pod 模式在工作节点上运行，它作为节点的 Sidecar 处理所有来自工作节点上的组件(如 Kubelet, Kubeproxy 等)到 kube-apiserver 的请求。
 - **[Yurt-Manager](https://github.com/openyurtio/openyurt/tree/master/cmd/yurt-manager)**：包括所有云边协同场景下的Controllers和Webhooks。
 - **[Raven-Agent](https://openyurt.io/docs/next/core-concepts/raven)**: 它用于处理 OpenYurt 中的云边，边边间的跨公网通信。 主要在不同物理区域的 pod 之间提供第 3 层网络连接，就像在一个 vanilla Kubernetes 集群中一样。
-- **Pool-Coordinator**：每个边缘 NodePool 中会自动部署一个 Pool-Coordinator 实例，它联合 YurtHub 为节点池提供心跳代理、云边缘流量复用等能力。
+- **Yurt-Coordinator**：每个边缘 NodePool 中会自动部署一个 Yurt-Coordinator 实例，它联合 YurtHub 为节点池提供心跳代理、云边缘流量复用等能力。
 
 此外，OpenYurt 还包括用于集成和定制的辅助控制器。
 

diff --git a/charts/README.md b/charts/README.md
@@ -1,4 +1,4 @@
 OpenYurt Charts contains three OpenYurt components:
 - yurt-manager
 - yurthub
-- pool-coordinator
+- yurt-coordinator
diff --git a/charts/pool-coordinator/.helmignore → charts/yurt-coordinator/.helmignore b/charts/pool-coordinator/.helmignore → charts/yurt-coordinator/.helmignore
diff --git a/charts/pool-coordinator/Chart.yaml → charts/yurt-coordinator/Chart.yaml b/charts/pool-coordinator/Chart.yaml → charts/yurt-coordinator/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
-name: pool-coordinator
-description: A Helm chart for OpenYurt pool-coordinator component
+name: yurt-coordinator
+description: A Helm chart for OpenYurt yurt-coordinator component
 
 # A chart can be either an 'application' or a 'library' chart.
 #
@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.3.0
+version: 1.3.4
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "1.3.0"
+appVersion: "1.3.4"