refactor yurtadm init/join and support to create high-availability OpenYurt cluster

[windydayc]

What type of PR is this?

/kind feature
/kind enhancement

What this PR does / why we need it:

At present, the installation of OpenYurt cluster is still a little complicated, there is a lack of a unified installation way that can simply and automatically install OpenYurt cluster.

In addition, currently the yurtadm command cannot cope with scenarios that requiring high availability. Therefore, it is necessary to provide a way to create high availability OpenYurt cluster.

Special notes for your reviewer:

/assign @rambohe-ch @Peeknut

[openyurt-bot]

@windydayc: GitHub didn't allow me to assign the following users: Peeknut.

Note that only openyurtio members, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time.
For more information please see the contributor guide

In response to this:

What type of PR is this?

/kind feature
/kind enhancement

What this PR does / why we need it:

At present, the installation of OpenYurt cluster is still a little complicated, there is a lack of a unified installation way that can simply and automatically install OpenYurt cluster.

In addition, currently the yurtadm command cannot cope with scenarios that requiring high availability. Therefore, it is necessary to provide a way to create high availability OpenYurt cluster.

Related issue: #856 #902

Special notes for your reviewer:

/assign @rambohe-ch @Peeknut

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openyurt-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: windydayc
To complete the pull request process, please assign rambohe-ch
You can assign the PR to them by writing /assign @rambohe-ch in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Merging #926 (e93fbf7) into master (482fc1d) will increase coverage by 8.36%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #926      +/-   ##
==========================================
+ Coverage   35.30%   43.66%   +8.36%     
==========================================
  Files          76       83       +7     
  Lines        9913    11260    +1347     
==========================================
+ Hits         3500     4917    +1417     
+ Misses       6146     5908     -238     
- Partials      267      435     +168     

Flag	Coverage Δ
unittests	43.66% <ø> (+8.36%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/yurthub/server/nonresource.go	31.08% <0.00%> (ø)
pkg/controller/kubernetes/util/node/node.go	82.35% <0.00%> (ø)
pkg/yurthub/server/certificate.go	0.00% <0.00%> (ø)
pkg/controller/nodelifecycle/metrics.go	100.00% <0.00%> (ø)
pkg/controller/kubernetes/util/taints/taints.go	82.08% <0.00%> (ø)
pkg/yurthub/server/server.go	0.00% <0.00%> (ø)
...troller/nodelifecycle/node_lifecycle_controller.go	56.15% <0.00%> (ø)
pkg/yurthub/cachemanager/cache_manager.go	68.22% <0.00%> (+0.07%)	⬆️
pkg/yurthub/util/util.go	21.37% <0.00%> (+0.86%)	⬆️
pkg/yurtadm/util/edgenode/util.go	9.02% <0.00%> (+7.35%)	⬆️
... and 10 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[rambohe-ch]

openyurt cloudimage --> openyurt cluster image

[windydayc]

ok, solved.

[rambohe-ch]

i think that common end user can not push openyurt-cluster image into OpenYurt dockerhub, because they can not get the password.

[windydayc]

OK. It is just an example.

Solved.

[rambohe-ch]

what's the mean of the address 192.168.152.131 and passwd 1234? where do end users can find these kind of information?

[windydayc]

It is just an example. This is the IP address and SSH password of the node the user needs to init. Users can use yurtadm init -h to see the effect of these parameters.

[rambohe-ch]

i think we should make clear introduction in the tutorial for concrete ip address and password, if not, end user will not understand the meaning.

[rambohe-ch]

I think we need to a image for explaining which kind of nodes and components are installed by yurtadm init and yurtadm join

[windydayc]

docker is installed by sealer apply, so before yurtadm init, you don't need to install docker.
While sealer is not involved in yurtadm join, so before yurtadm join, you should install docker.

[rambohe-ch]

how about use yaml file in openyurtio/openyurt/config/setup directory? so we don't need to manage yaml file of openyurt here.

[windydayc]

@rambohe-ch
At present, some parameters in yaml are not fixed, but are rendered by env in clusterfile, that is, the suffix .yaml.tmpl file. Later, if you need to add user-defined parameters in env, .yaml.tmpl files also need to be changed, so the file here (.yaml.tmpl ) may be somewhat different from that in the openyurtio/openyurt/config/setup directory.

see: Using Clusterfile to init a cluster - Env render support | sealer

[rambohe-ch]

init-kube.sh is used for initializing system for kubernetes, so it's not reasonable to put this file under flannel directory.

[windydayc]

ok, solved.

[rambohe-ch]

this network should be configured by end user

[windydayc]

ok, solved.

[rambohe-ch]

we need to use the optimized flannel image, mentioned here: https://openyurt.io/docs/user-manuals/network/edge-pod-network/

btw: cni plugin host-local should use the optimized plugin, please pay attentation.

[windydayc]

ok, solved.

[rambohe-ch]

cluster role should be suitable for the optimized flannel image.

[windydayc]

ok, solved.

[rambohe-ch]

maybe it's more reasonable to scale deployment/coredns before applying daemonset/coredns.

[windydayc]

ok, solved.

[rambohe-ch]

why not put kubectl apply -f manifests/kube-flannel.yml into install-openyurt.sh file?

[windydayc]

ok, solved.

[rambohe-ch]

why put cni files under flannel directory?

[windydayc]

solved.

[rambohe-ch]

when do we apply this yaml file(shell-plugin.yaml)?

[windydayc]

It is sealer's plugin: http://sealer.cool/docs/getting-started/plugin.html#plugin-type-list
Sealer will automatically execute all plugins under the plugins directory.

[rambohe-ch]

we should not use concrete ip address and token in the example

[windydayc]

OK. I will change it to 1.2.3.4

[rambohe-ch]

ddiot

[windydayc]

ok, solved.

[rambohe-ch]

this ip address should be match with value that set by end user.

[windydayc]

ok.

[rambohe-ch]

@windydayc please do not push --force when you fixed above comments.

[rambohe-ch]

@Peeknut PTAL

[Peeknut]

Maybe it is better to explain how to install sealer and the version of sealer.

[windydayc]

ok.

[Peeknut]

Here are many IP addresses, how to make sure these IP addresses are available to all users?

[Peeknut]

why not use 1.19.8? 1198 is unclear.

[windydayc]

ok

[Peeknut]

Please delete notes.

[windydayc]

ok

[Peeknut]

If using constants, it is better to define in const.
If configuration is supported, it is better to use fmt.Sprintf.

[windydayc]

@Peeknut
openyurt-cni-0.8.7-0.x86_64.rpm(https://github.com/openyurtio/openyurt/releases/download/v0.7.0/openyurt-cni-0.8.7-0.x86_64.rpm) is only seen on https://github.com/openyurtio/openyurt/releases, and it has not changed.
It seems that it has little to do with the openyurt version.
Which one should be constants here? It seems that the openyurt version cannot be obtained in the yurtadm join codes. Even if it can be obtained, if it is latest version, there is no link like https://github.com/openyurtio/openyurt/releases/download/`latest`/openyurt-cni-0.8.7-0.x86_64.rpm

[windydayc]

I replaced it with cniUrl := fmt.Sprintf("%s", constants.OpenYurtCniUrl)

[windydayc]

For config/yurtadm/cluster-image/openyurt-latest/cni directory, I have replaced the content in openyurt-cni-0.8.7-0.x86_64.rpm in https://github.com/openyurtio/openyurt/releases

Reason see: https://openyurt.io/docs/user-manuals/network/edge-pod-network/#ipam-pod-ip-address-kept

[windydayc]

For yurtadm init, since the image of the latest version often changes, its configuration file may also change, so the cluster image which constructed by the latest version may not be available. Therefore, an image with a fixed version number is used here to prevent cluster imgae unavailability caused by image:latest changes.
For example, here use yurt-controller-manager:v0.7.0 ，not yurt-controller-manager:latest

[windydayc]

@Peeknut I have solved the above problems. Please have a look.

[huiwq1990]

@windydayc I think it's not a good idea to maintian the cni binaries in openyurt repo, could you explain the reason?
I recommend:

1. the binaries directly download from https://github.com/containernetworking/plugins/releases/
   or
2. after the k8s starup, use a daemonset put the binaries to cni directory, the yaml like:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: test-cni-tool
  name: test-cni-tool
spec:
  selector:
    matchLabels:
      app: test-cni-tool
  template:
    metadata:
      labels:
        app: test-cni-tool
    spec:
      hostNetwork: true
      hostPID: true
      dnsPolicy: ClusterFirstWithHostNet
      tolerations:
      - operator: "Exists"
      containers:
      - name: myapp-container
        image: busybox:1.28
        command: ['sh', '-c', 'echo The app is running! && sleep 3600h']
      initContainers:
        - name: hostname
          image: huiwq1990/cni-plugins
          imagePullPolicy: Always
          command: ["/bin/sh"]
          args: ["-c", "cp /cni/* /opt/cni/bin/"]
          volumeMounts:
           - name: task-pv-storage
             mountPath: /opt/cni/bin
        - name: restart
          image: jpetazzo/nsenter
          command: ["/bin/sh"]
          args: ["-c", "/nsenter --mount=/proc/1/ns/mnt systemctl restart containerd"]
          securityContext:
            privileged: true
      volumes:
        - name: task-pv-storage
          hostPath:
            path: /opt/cni/bin
            type: Directory

[windydayc]

@windydayc I think it's not a good idea to maintian the cni binaries in openyurt repo, could you explain the reason? I recommend:

1. the binaries directly download from https://github.com/containernetworking/plugins/releases/
   or
2. after the k8s starup, use a daemonset put the binaries to cni directory, the yaml like:

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: test-cni-tool
  name: test-cni-tool
spec:
  selector:
    matchLabels:
      app: test-cni-tool
  template:
    metadata:
      labels:
        app: test-cni-tool
    spec:
      hostNetwork: true
      hostPID: true
      dnsPolicy: ClusterFirstWithHostNet
      tolerations:
      - operator: "Exists"
      containers:
      - name: myapp-container
        image: busybox:1.28
        command: ['sh', '-c', 'echo The app is running! && sleep 3600h']
      initContainers:
        - name: hostname
          image: huiwq1990/cni-plugins
          imagePullPolicy: Always
          command: ["/bin/sh"]
          args: ["-c", "cp /cni/* /opt/cni/bin/"]
          volumeMounts:
           - name: task-pv-storage
             mountPath: /opt/cni/bin
        - name: restart
          image: jpetazzo/nsenter
          command: ["/bin/sh"]
          args: ["-c", "/nsenter --mount=/proc/1/ns/mnt systemctl restart containerd"]
          securityContext:
            privileged: true
      volumes:
        - name: task-pv-storage
          hostPath:
            path: /opt/cni/bin
            type: Directory

@huiwq1990

1. cni here is from openyurt-cni-0.8.7-0.x86_64.rpm in https://github.com/openyurtio/openyurt/releases, not directly download from https://github.com/containernetworking/plugins/releases/. Reason see: https://openyurt.io/docs/user-manuals/network/edge-pod-network/#ipam-pod-ip-address-kept
2. The config/yurtadm/cluster-image/openyurt-v0.7.0 dir here is just an example for user reference, users can customize their own cluster image.