add yurtadm cloudimage

config/yurtadm/cloudimage/README.md

@@ -0,0 +1,13 @@
+# Build an OpenYurt CloudImage
+
+`yurtadm init` is implemented by sealer, you can modify the kubefile to make your own openyurt cloudimage.
+
+```bash
+cd openyurt-latest
+
+# build cloudimage
+sealer build -t registry-1.docker.io/openyurt/openyurt-cluster:latest-k8s-1198 -f Kubefile .
+
+# push to dockerhub
+sealer push registry-1.docker.io/openyurt/openyurt-cluster:latest-k8s-1198
+```

config/yurtadm/cloudimage/openyurt-latest/Kubefile

@@ -0,0 +1,16 @@
+FROM kubernetes:v1.19.8-alpine
+
+# flannel: https://github.com/sealerio/applications/tree/main/flannel
+COPY flannel/cni .
+COPY flannel/init-kube.sh /scripts/
+COPY flannel/kube-flannel.yml manifests/
+
+COPY shell-plugin.yaml plugins
+
+# openyurt
+COPY yamls/*.yaml manifests
+COPY install-openyurt.sh .
+RUN chmod 777 install-openyurt.sh
+
+CMD kubectl apply -f manifests/kube-flannel.yml
+CMD ./install-openyurt.sh

config/yurtadm/cloudimage/openyurt-latest/flannel/init-kube.sh

@@ -0,0 +1,177 @@
+#!/bin/bash
+
+# Copyright © 2021 Alibaba Group Holding Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Open ipvs
+modprobe -- ip_vs
+modprobe -- ip_vs_rr
+modprobe -- ip_vs_wrr
+modprobe -- ip_vs_sh
+modprobe -- br_netfilter
+## version_ge 4.19 4.19 true ;
+## version_ge 5.4 4.19 true ;
+## version_ge 3.10 4.19 false ;
+
+version_ge(){
+    test "$(echo "$@" | tr ' ' '\n' | sort -rV | head -n 1)" == "$1"
+}
+
+disable_selinux(){
+    if [ -s /etc/selinux/config ] && grep 'SELINUX=enforcing' /etc/selinux/config; then
+        sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
+        setenforce 0
+    fi
+}
+
+get_distribution() {
+	lsb_dist=""
+	# Every system that we officially support has /etc/os-release
+	if [ -r /etc/os-release ]; then
+		lsb_dist="$(. /etc/os-release && echo "$ID")"
+	fi
+	# Returning an empty string here should be alright since the
+	# case statements don't act unless you provide an actual value
+	echo "$lsb_dist"
+}
+
+disable_firewalld() {
+  lsb_dist=$( get_distribution )
+	lsb_dist="$(echo "$lsb_dist" | tr '[:upper:]' '[:lower:]')"
+	case "$lsb_dist" in
+		ubuntu|deepin|debian|raspbian)
+			command -v ufw &> /dev/null && ufw disable
+		;;
+		centos|rhel|ol|sles|kylin|neokylin)
+			systemctl stop firewalld && systemctl disable firewalld
+		;;
+		*)
+		 	systemctl stop firewalld && systemctl disable firewalld
+			echo "unknown system, use default to stop firewalld"
+		;;
+	esac
+}
+
+kernel_version=$(uname -r | cut -d- -f1)
+if version_ge "${kernel_version}" 4.19; then
+  modprobe -- nf_conntrack
+else
+  modprobe -- nf_conntrack_ipv4
+fi
+
+cat <<EOF >  /etc/sysctl.d/k8s.conf
+net.bridge.bridge-nf-call-ip6tables = 1
+net.bridge.bridge-nf-call-iptables = 1
+net.ipv4.conf.all.rp_filter=0
+EOF
+sysctl --system
+sysctl -w net.ipv4.ip_forward=1
+disable_firewalld
+swapoff -a || true
+disable_selinux
+
+chmod -R 755 ../bin/*
+chmod 644 ../bin
+cp ../bin/* /usr/bin
+cp ../scripts/kubelet-pre-start.sh /usr/bin
+#cni
+mkdir /opt/cni/bin -p
+chmod -R 755 ../cni/*
+chmod 644 ../cni
+cp ../cni/* /opt/cni/bin
+
+# Cgroup driver
+mkdir -p /etc/systemd/system
+cp ../etc/kubelet.service /etc/systemd/system/
+[ -d /etc/systemd/system/kubelet.service.d ] || mkdir /etc/systemd/system/kubelet.service.d
+cp ../etc/10-kubeadm.conf /etc/systemd/system/kubelet.service.d/
+
+[ -d /var/lib/kubelet ] || mkdir -p /var/lib/kubelet/
+
+cat <<EOF > /var/lib/kubelet/config.yaml
+address: 0.0.0.0
+apiVersion: kubelet.config.k8s.io/v1beta1
+authentication:
+  anonymous:
+    enabled: false
+  webhook:
+    cacheTTL: 2m0s
+    enabled: true
+  x509:
+    clientCAFile: /etc/kubernetes/pki/ca.crt
+authorization:
+  mode: Webhook
+  webhook:
+    cacheAuthorizedTTL: 5m0s
+    cacheUnauthorizedTTL: 30s
+cgroupDriver: ${criDriver}
+cgroupsPerQOS: true
+clusterDNS:
+- 10.96.0.10
+clusterDomain: cluster.local
+configMapAndSecretChangeDetectionStrategy: Watch
+containerLogMaxFiles: 5
+containerLogMaxSize: 10Mi
+contentType: application/vnd.kubernetes.protobuf
+cpuCFSQuota: true
+cpuCFSQuotaPeriod: 100ms
+cpuManagerPolicy: none
+cpuManagerReconcilePeriod: 10s
+enableControllerAttachDetach: true
+enableDebuggingHandlers: true
+enforceNodeAllocatable:
+- pods
+eventBurst: 10
+eventRecordQPS: 5
+evictionHard:
+  imagefs.available: 15%
+  memory.available: 100Mi
+  nodefs.available: 10%
+  nodefs.inodesFree: 5%
+evictionPressureTransitionPeriod: 5m0s
+failSwapOn: true
+fileCheckFrequency: 20s
+hairpinMode: promiscuous-bridge
+healthzBindAddress: 127.0.0.1
+healthzPort: 10248
+httpCheckFrequency: 20s
+imageGCHighThresholdPercent: 85
+imageGCLowThresholdPercent: 80
+imageMinimumGCAge: 2m0s
+iptablesDropBit: 15
+iptablesMasqueradeBit: 14
+kind: KubeletConfiguration
+kubeAPIBurst: 10
+kubeAPIQPS: 5
+makeIPTablesUtilChains: true
+maxOpenFiles: 1000000
+maxPods: 110
+nodeLeaseDurationSeconds: 40
+nodeStatusUpdateFrequency: 10s
+oomScoreAdj: -999
+podPidsLimit: -1
+port: 10250
+registryBurst: 10
+registryPullQPS: 5
+resolvConf: /etc/resolv.conf
+rotateCertificates: true
+runtimeRequestTimeout: 2m0s
+serializeImagePulls: true
+staticPodPath: /etc/kubernetes/manifests
+streamingConnectionIdleTimeout: 4h0m0s
+syncFrequency: 1m0s
+volumeStatsAggPeriod: 1m0s
+EOF
+
+systemctl enable kubelet