Merge pull request #81 from senthilrch/develop

PR for kube-fledged v0.8.1

Author: senthilrch

Makefile

@@ -43,7 +43,7 @@ ifndef OPERATOR_IMAGE_REPO
 endif
 
 ifndef RELEASE_VERSION
-  RELEASE_VERSION=v0.8.0
+  RELEASE_VERSION=v0.8.1
 endif
 
 ifndef DOCKER_VERSION
@@ -63,7 +63,7 @@ ifndef ALPINE_VERSION
 endif
 
 ifndef OPERATORSDK_VERSION
-  OPERATORSDK_VERSION=v1.7.2
+  OPERATORSDK_VERSION=v1.9.0
 endif
 
 ifndef TARGET_PLATFORMS
@@ -193,17 +193,17 @@ hack:
 
 deploy-using-yaml:
 	-kubectl apply -f deploy/kubefledged-namespace.yaml
-	bash deploy/webhook-create-signed-cert.sh
-	bash deploy/webhook-patch-ca-bundle.sh
 	kubectl apply -f deploy/kubefledged-crd.yaml
 	kubectl apply -f deploy/kubefledged-serviceaccount.yaml
 	kubectl apply -f deploy/kubefledged-clusterrole.yaml
 	kubectl apply -f deploy/kubefledged-clusterrolebinding.yaml
+	-kubectl delete validatingwebhookconfigurations -l app=kubefledged
+	kubectl apply -f deploy/kubefledged-validatingwebhook.yaml
 	kubectl apply -f deploy/kubefledged-deployment-webhook-server.yaml
-	kubectl rollout status deployment kubefledged-webhook-server -n kube-fledged --watch
-	kubectl apply -f deploy/kubefledged-deployment-controller.yaml
 	kubectl apply -f deploy/kubefledged-service-webhook-server.yaml
-	kubectl apply -f deploy/kubefledged-validatingwebhook.yaml
+	kubectl apply -f deploy/kubefledged-deployment-controller.yaml
+	kubectl rollout status deployment kubefledged-webhook-server -n kube-fledged --watch
+	kubectl rollout status deployment kubefledged-controller -n kube-fledged --watch
 
 deploy-using-operator:
 	# Create the namespaces for operator and kubefledged
@@ -213,17 +213,16 @@ deploy-using-operator:
 	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/service_account.yaml
 	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
 	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/operator.yaml
-	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
+	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_kubefledgeds_crd.yaml
 	kubectl apply -f deploy/kubefledged-operator/deploy/service_account.yaml
 	kubectl apply -f deploy/kubefledged-operator/deploy/clusterrole.yaml
 	kubectl apply -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
 	kubectl apply -f deploy/kubefledged-operator/deploy/operator.yaml
 	# Deploy kube-fledged to a separate namespace
-	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
-	sed -i "s|{{KUBEFLEDGED_NAMESPACE}}|${KUBEFLEDGED_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
-	bash deploy/webhook-create-signed-cert.sh --namespace ${KUBEFLEDGED_NAMESPACE}
-	bash deploy/webhook-patch-ca-bundle.sh
-	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
+	sed -i "s|{{OPERATOR_NAMESPACE}}|${OPERATOR_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_v1alpha2_kubefledged_cr.yaml
+	sed -i "s|{{KUBEFLEDGED_NAMESPACE}}|${KUBEFLEDGED_NAMESPACE}|g" deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_v1alpha2_kubefledged_cr.yaml
+	kubectl rollout status deployment kubefledged-operator -n kubefledged-operator --watch
+	kubectl apply -f deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_v1alpha2_kubefledged_cr.yaml
 
 update:
 	kubectl scale deployment kubefledged-controller --replicas=0 -n kube-fledged
@@ -238,21 +237,18 @@ remove-kubefledged:
 	-kubectl delete -f deploy/kubefledged-clusterrole.yaml
 	-kubectl delete -f deploy/kubefledged-crd.yaml
 	-kubectl delete -f deploy/kubefledged-validatingwebhook.yaml
-	-git checkout deploy/kubefledged-validatingwebhook.yaml
-	-git checkout deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
 
 remove-operator-and-kubefledged:
 	# Remove kubefledged and the namespace
-	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
+	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_v1alpha2_kubefledged_cr.yaml
+	-kubectl delete validatingwebhookconfigurations -l app.kubernetes.io/name=kube-fledged
 	-kubectl delete namespace ${KUBEFLEDGED_NAMESPACE}
-	-git checkout deploy/kubefledged-validatingwebhook.yaml
-	-git checkout deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_v1alpha2_kubefledged_cr.yaml
 	# Remove the kubefledged operator and the namespace
 	-kubectl delete -f deploy/kubefledged-operator/deploy/operator.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole_binding.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/clusterrole.yaml
 	-kubectl delete -f deploy/kubefledged-operator/deploy/service_account.yaml
-	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.k8s.io_kubefledgeds_crd.yaml
+	-kubectl delete -f deploy/kubefledged-operator/deploy/crds/charts.helm.kubefledged.io_kubefledgeds_crd.yaml
 	-kubectl delete namespace ${OPERATOR_NAMESPACE}
 	-git checkout deploy/kubefledged-operator/deploy/operator.yaml
 	-git checkout deploy/kubefledged-operator/deploy/clusterrole_binding.yaml

README.md

@@ -79,7 +79,6 @@ These instructions install _kube-fledged_ to a separate namespace called "kube-f
 
   ```
   $ kubectl get pods -n kube-fledged -l app=kubefledged
-  $ kubectl logs -f <pod_name_obtained_from_above_command> -n kube-fledged
   $ kubectl get imagecaches -n kube-fledged (Output should be: 'No resources found')
   ```
 
@@ -92,26 +91,14 @@ These instructions install _kube-fledged_ to a separate namespace called "kube-f
   $ kubectl create namespace ${KUBEFLEDGED_NAMESPACE}
   ```
 
-- Create secret containing cert/key for kubefledged-webhook-server
-
-  ```
-  $ curl -fsSL https://raw.githubusercontent.com/senthilrch/kube-fledged/master/deploy/webhook-create-signed-cert.sh | bash -s -- --namespace ${KUBEFLEDGED_NAMESPACE}
-  ```
-
-- Retrieve the certificate-authoity-data of the kubernetes cluster
-
-  ```
-  $ CLUSTER=$(kubectl config view --raw --flatten -o json | jq -r '.contexts[] | select(.name == "'$(kubectl config current-context)'") | .context.cluster')
-  $ export CA_BUNDLE=$(kubectl config view --raw --flatten -o json | jq -r '.clusters[] | select(.name == "'${CLUSTER}'") | .cluster."certificate-authority-data"')
-  ```
-
 - Verify and install latest version of kube-fledged helm chart
 
   ```
   $ helm repo add kubefledged-charts https://senthilrch.github.io/kubefledged-charts/
+  $ helm repo update
   $ gpg --keyserver keyserver.ubuntu.com --recv-keys 92D793FA3A6460ED (or) gpg --keyserver pgp.mit.edu --recv-keys 92D793FA3A6460ED
   $ gpg --export >~/.gnupg/pubring.gpg
-  $ helm install --verify kube-fledged kubefledged-charts/kube-fledged -n ${KUBEFLEDGED_NAMESPACE} --set validatingWebhookCABundle=${CA_BUNDLE} --wait
+  $ helm install --verify kube-fledged kubefledged-charts/kube-fledged -n ${KUBEFLEDGED_NAMESPACE} --wait
   ```
 
 ## Quick Install using Helm operator
@@ -135,8 +122,7 @@ These instructions install _kube-fledged_ to a separate namespace called "kube-f
 - Verify if _kube-fledged_ deployed successfully
 
   ```
-  $ kubectl get pods -n kube-fledged -l app.kubernetes.io/name=kubefledged
-  $ kubectl logs -f <pod_name_obtained_from_above_command> -n kube-fledged
+  $ kubectl get pods -n kube-fledged -l app.kubernetes.io/name=kube-fledged
   $ kubectl get imagecaches -n kube-fledged (Output should be: 'No resources found')
   ```
 
@@ -257,15 +243,15 @@ $ kubectl get imagecaches imagecache1 -n kube-fledged -o json
 _kube-fledged_ supports both automatic and on-demand refresh of image cache. Auto refresh is enabled using the flag `--image-cache-refresh-frequency:`. To request for an on-demand refresh, run the following command:-
 
 ```
-$ kubectl annotate imagecaches imagecache1 -n kube-fledged kubefledged.k8s.io/refresh-imagecache=
+$ kubectl annotate imagecaches imagecache1 -n kube-fledged kubefledged.io/refresh-imagecache=
 ```
 
 ### Delete image cache
 
 Before you could delete the image cache, you need to purge the images in the cache using the following command. This will remove all cached images from the worker nodes.
 
 ```
-$ kubectl annotate imagecaches imagecache1 -n kube-fledged kubefledged.k8s.io/purge-imagecache=
+$ kubectl annotate imagecaches imagecache1 -n kube-fledged kubefledged.io/purge-imagecache=
 ```
 
 View the status of purging the image cache. If any failures, such images should be removed manually or you could decide to leave the images in the worker nodes.
@@ -304,8 +290,6 @@ For more detailed description, go through _kube-fledged's_ [design proposal](doc
 
 `--image-cache-refresh-frequency:` The image cache is refreshed periodically to ensure the cache is up to date. Setting this flag to "0s" will disable refresh. default "15m"
 
-`--cri-client-image:` The image name of the cri client. The cri client is used when deleting images during purging the cache".
-
 `--image-pull-policy:` Image pull policy for pulling images into and refreshing the cache. Possible values are 'IfNotPresent' and 'Always'. Default value is 'IfNotPresent'. Image with no or ":latest" tag are always pulled.
 
 `--stderrthreshold:` Log level. set the value of this flag to INFO

cmd/controller/app/controller.go

@@ -45,8 +45,8 @@ import (
 )
 
 const controllerAgentName = "kubefledged-controller"
-const imageCachePurgeAnnotationKey = "kubefledged.k8s.io/purge-imagecache"
-const imageCacheRefreshAnnotationKey = "kubefledged.k8s.io/refresh-imagecache"
+const imageCachePurgeAnnotationKey = "kubefledged.io/purge-imagecache"
+const imageCacheRefreshAnnotationKey = "kubefledged.io/refresh-imagecache"
 
 const (
 	// SuccessSynced is used as part of the Event 'reason' when a ImageCache is synced
@@ -92,7 +92,8 @@ func NewController(
 	imageCacheInformer informers.ImageCacheInformer,
 	imageCacheRefreshFrequency time.Duration,
 	imagePullDeadlineDuration time.Duration,
-	dockerClientImage string,
+	criClientImage string,
+	busyboxImage string,
 	imagePullPolicy string) *Controller {
 
 	runtime.Must(fledgedscheme.AddToScheme(scheme.Scheme))
@@ -116,7 +117,7 @@ func NewController(
 		imageCacheRefreshFrequency: imageCacheRefreshFrequency,
 	}
 
-	imageManager, _ := images.NewImageManager(controller.workqueue, controller.imageworkqueue, controller.kubeclientset, controller.fledgedNameSpace, imagePullDeadlineDuration, dockerClientImage, imagePullPolicy)
+	imageManager, _ := images.NewImageManager(controller.workqueue, controller.imageworkqueue, controller.kubeclientset, controller.fledgedNameSpace, imagePullDeadlineDuration, criClientImage, busyboxImage, imagePullPolicy)
 	controller.imageManager = imageManager
 
 	glog.Info("Setting up event handlers")
@@ -635,10 +636,13 @@ func (c *Controller) syncHandler(wqKey images.WorkQueueKey) error {
 }
 
 func (c *Controller) updateImageCacheStatus(imageCache *v1alpha2.ImageCache, status *v1alpha2.ImageCacheStatus) error {
+	imageCacheCopy, err := c.kubefledgedclientset.KubefledgedV1alpha2().ImageCaches(imageCache.Namespace).Get(context.TODO(), imageCache.Name, metav1.GetOptions{})
+	if err != nil {
+		return err
+	}
 	// NEVER modify objects from the store. It's a read-only, local cache.
 	// You can use DeepCopy() to make a deep copy of original object and modify this copy
 	// Or create a copy manually for better performance
-	imageCacheCopy := imageCache.DeepCopy()
 	imageCacheCopy.Status = *status
 	if imageCacheCopy.Status.Status != v1alpha2.ImageCacheActionStatusProcessing {
 		completionTime := metav1.Now()
@@ -648,7 +652,7 @@ func (c *Controller) updateImageCacheStatus(imageCache *v1alpha2.ImageCache, sta
 	// we must use Update instead of UpdateStatus to update the Status block of the ImageCache resource.
 	// UpdateStatus will not allow changes to the Spec of the resource,
 	// which is ideal for ensuring nothing other than resource status has been updated.
-	_, err := c.kubefledgedclientset.KubefledgedV1alpha2().ImageCaches(imageCache.Namespace).Update(context.TODO(), imageCacheCopy, metav1.UpdateOptions{})
+	_, err = c.kubefledgedclientset.KubefledgedV1alpha2().ImageCaches(imageCache.Namespace).Update(context.TODO(), imageCacheCopy, metav1.UpdateOptions{})
 	return err
 }
 

cmd/controller/app/controller_test.go

@@ -60,7 +60,8 @@ func newTestController(kubeclientset kubernetes.Interface, fledgedclientset clie
 	imagecacheInformer := fledgedInformerFactory.Kubefledged().V1alpha2().ImageCaches()
 	imageCacheRefreshFrequency := time.Second * 0
 	imagePullDeadlineDuration := time.Second * 5
-	dockerClientImage := "senthilrch/fledged-docker-client:latest"
+	criClientImage := "senthilrch/fledged-docker-client:latest"
+	busyboxImage := "busybox:latest"
 	imagePullPolicy := "IfNotPresent"
 
 	/* 	startInformers := true
@@ -72,7 +73,7 @@ func newTestController(kubeclientset kubernetes.Interface, fledgedclientset clie
 	   	} */
 
 	controller := NewController(kubeclientset, fledgedclientset, fledgedNameSpace, nodeInformer, imagecacheInformer,
-		imageCacheRefreshFrequency, imagePullDeadlineDuration, dockerClientImage, imagePullPolicy)
+		imageCacheRefreshFrequency, imagePullDeadlineDuration, criClientImage, busyboxImage, imagePullPolicy)
 	controller.nodesSynced = func() bool { return true }
 	controller.imageCachesSynced = func() bool { return true }
 	return controller, nodeInformer, imagecacheInformer

cmd/controller/main.go

@@ -37,7 +37,8 @@ import (
 var (
 	imageCacheRefreshFrequency time.Duration
 	imagePullDeadlineDuration  time.Duration
-	dockerClientImage          string
+	criClientImage             string
+	busyboxImage               string
 	imagePullPolicy            string
 	fledgedNameSpace           string
 	webhookServerPort          int
@@ -70,7 +71,7 @@ func main() {
 	controller := app.NewController(kubeClient, fledgedClient, fledgedNameSpace,
 		kubeInformerFactory.Core().V1().Nodes(),
 		fledgedInformerFactory.Kubefledged().V1alpha2().ImageCaches(),
-		imageCacheRefreshFrequency, imagePullDeadlineDuration, dockerClientImage, imagePullPolicy)
+		imageCacheRefreshFrequency, imagePullDeadlineDuration, criClientImage, busyboxImage, imagePullPolicy)
 
 	glog.Info("Starting pre-flight checks")
 	if err = controller.PreFlightChecks(); err != nil {
@@ -89,9 +90,14 @@ func main() {
 func init() {
 	flag.DurationVar(&imagePullDeadlineDuration, "image-pull-deadline-duration", time.Minute*5, "Maximum duration allowed for pulling an image. After this duration, image pull is considered to have failed")
 	flag.DurationVar(&imageCacheRefreshFrequency, "image-cache-refresh-frequency", time.Minute*15, "The image cache is refreshed periodically to ensure the cache is up to date. Setting this flag to 0s will disable refresh")
-	flag.StringVar(&dockerClientImage, "cri-client-image", "senthilrch/kubefledged-cri-client:latest", "The image name of the cri client. the cri client is used when deleting images during purging the cache")
 	flag.StringVar(&imagePullPolicy, "image-pull-policy", "IfNotPresent", "Image pull policy for pulling images into the cache. Possible values are 'IfNotPresent' and 'Always'. Default value is 'IfNotPresent'. Images with no or ':latest' tag are always pulled")
 	if fledgedNameSpace = os.Getenv("KUBEFLEDGED_NAMESPACE"); fledgedNameSpace == "" {
 		fledgedNameSpace = "kube-fledged"
 	}
+	if criClientImage = os.Getenv("KUBEFLEDGED_CRI_CLIENT_IMAGE"); criClientImage == "" {
+		criClientImage = "senthilrch/kubefledged-cri-client:latest"
+	}
+	if busyboxImage = os.Getenv("BUSYBOX_IMAGE"); busyboxImage == "" {
+		busyboxImage = "busybox:1.29.2"
+	}
 }