Merge branch 'openyurtio:master' into master

.github/workflows/ci.yaml

@@ -24,6 +24,9 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ env.GO_VERSION }}
       - name: Verify Code
         run: make verify
 

CHANGELOG.md

@@ -1,5 +1,100 @@
 # CHANGELOG
 
+## v1.3.0
+
+### What's New
+
+**Refactor OpenYurt control plane components**
+
+In order to improve the management of all repos in OpenYurt community, and reduce the complexity of installing OpenYurt,
+after detailed discussions in the community, a new component named yurt-manager was agreed to manage controllers and webhooks
+scattered across multiple components (like yurt-controller-manager, yurt-app-manager, raven-controller-manager, etc.).
+
+After the refactoring, based on the controller-runtime framework, new controllers and webhooks can be easily added to the
+yurt-manager component in the future. Also note that the yurt-manager must be installed on the same node as the K8s
+control-plane component (like kube-controller-manager). [#1067](https://github.com/openyurtio/openyurt/issues/1067)
+
+**Support OTA or AdvancedRollingUpdate upgrade models for static pods**
+
+As you know, static pods are managed directly by the kubelet daemon on the node and there is no APIServer watching them.
+In general, if a user wants to upgrade a static pod(like YurtHub), the user should manually modify or replace the manifest
+of the static pod. This can be a very tedious and painful task when the number of static pods becomes very large.
+
+Users can define Pod templates and upgrade models through YurtStaticSet CRD. The upgrade models support both OTA and AdvancedRollingUpdate kinds,
+thus easily meeting the upgrade needs of large-scale Static Pods. Also the Pod template in yurthub YurtAppSet CRD is used to
+install YurtHub component on the node when the node is joined. [#1261](https://github.com/openyurtio/openyurt/pull/1261), [#1168](https://github.com/openyurtio/openyurt/pull/1168), [#1172](https://github.com/openyurtio/openyurt/pull/1172)
+
+**NodePort Service supports nodepool isolation**
+
+In edge scenarios, users using the NodePort service expect to listen to nodePort ports only in a specified nodepools
+in order to prevent port conflicts and save edge resources.
+
+Users can specify the nodepools to listen to by adding annotation `nodeport.openyurt.io/listen` to the NodePort or
+LoadBalancer service, thus getting the nodepool isolation capability of the NodePort or LoadBalancer service. [#1183](https://github.com/openyurtio/openyurt/issues/1183), [#1209](https://github.com/openyurtio/openyurt/pull/1209)
+
+### Other Notable changes
+
+- improve image build efficiency by @Congrool in https://github.com/openyurtio/openyurt/pull/1191
+- support filter chain for filtering response data by @rambohe-ch in https://github.com/openyurtio/openyurt/pull/1189
+- fix: re-list when target change by @LaurenceLiZhixin in https://github.com/openyurtio/openyurt/pull/1195
+- fix: pool-coordinator cannot be rescheduled when its node fails (#1212) by @AndyEWang in https://github.com/openyurtio/openyurt/pull/1218
+- feat: merge yurtctl to e2e by @YTGhost in https://github.com/openyurtio/openyurt/pull/1219
+- support pass bootstrap-file to yurthub by @rambohe-ch in https://github.com/openyurtio/openyurt/pull/1333
+- add system proxy for docker run by @gnunu in https://github.com/openyurtio/openyurt/pull/1335
+- feat: add yurtadm renew certificate command by @YTGhost in https://github.com/openyurtio/openyurt/pull/1314
+- add a new way to create webhook by @JameKeal in https://github.com/openyurtio/openyurt/pull/1359
+- feat: support pool-coordinator component work in specified namespace by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1355
+- feat: add nodepool e2e by @huiwq1990 in https://github.com/openyurtio/openyurt/pull/1365
+- feat: support yurt-manager work in specified namespace by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1367
+- support yurthub component work in specified namespace by @huweihuang in https://github.com/openyurtio/openyurt/pull/1366
+- support to specify enabled controllers by @xavier-hou in https://github.com/openyurtio/openyurt/pull/1388
+- feat: crd generate crds by @huiwq1990 in https://github.com/openyurtio/openyurt/pull/1389
+- add Yurtappdaemon e2e test by @theonefx in https://github.com/openyurtio/openyurt/pull/1406
+- fix generated crd name by @huiwq1990 in https://github.com/openyurtio/openyurt/pull/1408
+
+### Fixes
+
+- fix handle poolcoordinator certificates in case of restarting by @batthebee in https://github.com/openyurtio/openyurt/pull/1187
+- make rename replace old dir by @LaurenceLiZhixin in https://github.com/openyurtio/openyurt/pull/1237
+- yurtadm minor version compatibility of kubelet and kubeadm by @YTGhost in https://github.com/openyurtio/openyurt/pull/1244
+- delete specific iptables while testing kube-proxy by @y-ykcir in https://github.com/openyurtio/openyurt/pull/1268
+- fix yurthub dnsPolicy when using pool-coordinator by @JameKeal in https://github.com/openyurtio/openyurt/pull/1321
+- fix: yurt-controller-manager reboot cannot remove taint node.openyurt.io/unschedulable (#1233) by @AndyEWang in https://github.com/openyurtio/openyurt/pull/1337
+- fix daemonSet pod updater pointer error by @JameKeal in https://github.com/openyurtio/openyurt/pull/1340
+- bugfix for yurtappset by @theonefx in https://github.com/openyurtio/openyurt/pull/1391
+
+### Contributors
+
+**Thank you to everyone who contributed to this release!** ❤
+
+- [@batthebee](https://github.com/batthebee)
+- [@cndoit18](https://github.com/cndoit18)
+- [@fengshunli](https://github.com/fengshunli)
+- [@luc99hen](https://github.com/luc99hen)
+- [@frank-zsy](https://github.com/frank-zsy)
+- [@YTGhost](https://github.com/YTGhost)
+- [@Congrool](https://github.com/Congrool)
+- [@luckymrwang](https://github.com/luckymrwang)
+- [@AndyEWang](https://github.com/AndyEWang)
+- [@huiwq1990](https://github.com/huiwq1990)
+- [@njucjc](https://github.com/njucjc)
+- [@xavier-hou](https://github.com/xavier-hou)
+- [@kadisi](https://github.com/kadisi)
+- [@guoguodan](https://github.com/guoguodan)
+- [@JameKeal](https://github.com/JameKeal)
+- [@gnunu](https://github.com/gnunu)
+- [@y-ykcir](https://github.com/y-ykcir)
+- [@Lan-ce-lot](https://github.com/Lan-ce-lot)
+- [@River-sh](https://github.com/River-sh)
+- [@huweihuang](https://github.com/huweihuang)
+- [@lilongfeng0902](https://github.com/lilongfeng0902)
+- [@theonefx](https://github.com/theonefx)
+- [@fujitatomoya](https://github.com/fujitatomoya)
+- [@rambohe-ch](https://github.com/rambohe-ch)
+
+And thank you very much to everyone else not listed here who contributed in other ways like filing issues,
+giving feedback, helping users in community group, etc.
+
 ## v1.2.0
 
 ### What's New
@@ -12,7 +107,7 @@ After improving edge autonomy capability, when the reason of node NotReady is cl
 because leader yurthub will help these offline nodes to proxy their heartbeats to the cloud via pool-coordinator component,
 and pods will be evicted and recreated on other ready node if node crashed.
 
-By the way, The original edge autonomy capability by annotating node (with node.beta.openyurt.io/autonomy) will be kept as it is,
+By the way, the original edge autonomy capability by annotating node (with node.beta.openyurt.io/autonomy) will be kept as it is,
 which will influence all pods on autonomy nodes. And a new annotation (named apps.openyurt.io/binding) can be added to workload to
 enable the original edge autonomy capability for specified pod.
 
@@ -351,7 +446,7 @@ Thanks to all contributors for maintaining docs for OpenYurt. ([@huangyuqi](http
 - yurt-edgex-manager
 
   Yurt-edgex-manager enable OpenYurt to be able to manage the EdgeX lifecycle. Each EdgeX CR (Custom Resource) stands for an EdgeX instance.
-Users can deploy/update/delete EdgeX in OpenYurt cluster by operate the EdgeX CR directly. ([yurt-edgex-manager](https://github.com/openyurtio/yurt-edgex-manager), [@yixingjia](https://github.com/yixingjia), [@lwmqwer](https://github.com/lwmqwer))
+Users can deploy/update/delete EdgeX in OpenYurt cluster by operating the EdgeX CR directly. ([yurt-edgex-manager](https://github.com/openyurtio/yurt-edgex-manager), [@yixingjia](https://github.com/yixingjia), [@lwmqwer](https://github.com/lwmqwer))
 
 - yurt-device-controller
 
@@ -404,7 +499,7 @@ Please refer to the [proposal doc](https://github.com/openyurtio/openyurt/blob/m
 
 **Support Pods use `InClusterConfig` access kube-apiserver through yurthub**
 
-Many users in OpenYurt community have requested that support InClusterConfig for pods to access kube-apiserver through yurthub on edge nodes. so pods on cloud can move to edge cluster smoothly. so we add the following features.
+Many users in OpenYurt community have requested that support InClusterConfig for pods to access kube-apiserver through yurthub on edge nodes. so pods on cloud can move to edge cluster smoothly. So we add the following features.
 -  yurthub supports https serve.
 - env `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` should be the address that yurthub listening, like `169.254.2.1:10261`
 

MAINTAINERS.md

@@ -3,15 +3,16 @@
 This file lists the maintainers of the OpenYurt project. The responsibilities of maintainers are listed in the [GOVERNANCE.md](GOVERNANCE.md) file.
 
 ## Project Maintainers
-| Name | GitHub ID | Affiliation |
-| ---- | --------- | ----------- |
-| [Fei Guo](mailto:[email protected]) | [Fei-Guo](https://github.com/Fei-Guo) | Alibaba |
-| [Linbo He](mailto:[email protected]) | [rambohe-ch](https://github.com/rambohe-ch) | Alibaba |
-| [Shida Qiu](mailto:[email protected]) | [SataQiu](https://github.com/SataQiu) | Alibaba |
-| [Chao Zheng](mailto:[email protected]) | [charleszheng44](https://github.com/charleszheng44) | ByteDance |
-| [Yixing Jia](mailto:[email protected]) | [yixingjia](https://github.com/yixingjia) | VMware |
-| [Wuming Liu](mailto:[email protected]) | [lwmqwer](https://github.com/lwmqwer) | VMware |
-| [Shaoqiang Chen](mailto:[email protected]) | [gnunu](https://github.com/gnunu) | Intel |
-| [Tao Chen](mailto:[email protected]) | [qclc](https://github.com/qclc) | Zhejiang University |
-| [Lifang Zhang](mailto:[email protected]) | [DrmagicE](https://github.com/DrmagicE) | China Telecom |
-| [Zhengguang Zhang](mailto:[email protected]) | [zzguang](https://github.com/zzguang) | Intel |
+| Name                                              | GitHub ID                                           | Affiliation         |
+|---------------------------------------------------|-----------------------------------------------------|---------------------|
+| [Fei Guo](mailto:[email protected])           | [Fei-Guo](https://github.com/Fei-Guo)               | Alibaba             |
+| [Linbo He](mailto:[email protected])      | [rambohe-ch](https://github.com/rambohe-ch)         | Alibaba             |
+| [Shida Qiu](mailto:[email protected])     | [SataQiu](https://github.com/SataQiu)               | Alibaba             |
+| [Chao Zheng](mailto:[email protected])     | [charleszheng44](https://github.com/charleszheng44) | ByteDance           |
+| [Yixing Jia](mailto:[email protected])          | [yixingjia](https://github.com/yixingjia)           | VMware              |
+| [Wuming Liu](mailto:[email protected])              | [lwmqwer](https://github.com/lwmqwer)               | VMware              |
+| [Shaoqiang Chen](mailto:[email protected]) | [gnunu](https://github.com/gnunu)                   | Intel               |
+| [Tao Chen](mailto:[email protected])             | [qclc](https://github.com/qclc)                     | Zhejiang University |
+| [Lifang Zhang](mailto:[email protected])           | [DrmagicE](https://github.com/DrmagicE)             | China Telecom       |
+| [Zhengguang Zhang](mailto:[email protected]) | [zzguang](https://github.com/zzguang)               | Intel               |
+| [Chenglong Wang](mailto:[email protected])      | [luckymrwang](https://github.com/luckymrwang)       | Inspur              |

Makefile

@@ -22,7 +22,7 @@ IMAGE_REPO ?= openyurt
 IMAGE_TAG ?= $(shell git describe --abbrev=0 --tags)
 GIT_COMMIT = $(shell git rev-parse HEAD)
 ENABLE_AUTONOMY_TESTS ?=true
-CRD_OPTIONS ?= "crd:crdVersions=v1"
+CRD_OPTIONS ?= "crd:crdVersions=v1,maxDescLen=1000"
 BUILD_KUSTOMIZE ?= _output/manifest
 GOPROXY ?= $(shell go env GOPROXY)
 
@@ -51,6 +51,17 @@ ifneq (${https_proxy},)
 DOCKER_BUILD_ARGS += --build-arg https_proxy='${https_proxy}'
 endif
 
+LOCALBIN ?= $(shell pwd)/bin
+$(LOCALBIN):
+	mkdir -p $(LOCALBIN)
+
+KUSTOMIZE_VERSION ?= v4.5.7
+## Tool Binaries
+KUSTOMIZE ?= $(LOCALBIN)/kustomize
+
+KUBECTL_VERSION ?= v1.22.3
+KUBECTL ?= $(LOCALBIN)/kubectl
+
 .PHONY: clean all build test
 
 all: test build
@@ -68,7 +79,10 @@ clean:
 	-rm -Rf _output
 
 # verify will verify the code.
-verify: verify-mod verify-license
+verify: verify-mod verify-license verify_manifests
+
+verify_manifests:
+	hack/make-rules/verify_manifests.sh
 
 # verify-license will check if license has been added to files. 
 verify-license:
@@ -155,10 +169,10 @@ generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and
 #	hack/make-rule/generate_openapi.sh // TODO by kadisi
 	$(CONTROLLER_GEN) object:headerFile="hack/boilerplate.go.txt" paths="./pkg/apis/..."
 
-manifests: generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+manifests: kustomize kubectl generate ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
 	rm -rf $(BUILD_KUSTOMIZE)
 	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=role webhook paths="./pkg/..." output:crd:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/crd output:rbac:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/rbac output:webhook:artifacts:config=$(BUILD_KUSTOMIZE)/auto_generate/webhook
-	hack/make-rules/kustomize_to_chart.sh --crd $(BUILD_KUSTOMIZE)/auto_generate/crd  --webhook $(BUILD_KUSTOMIZE)/auto_generate/webhook --rbac $(BUILD_KUSTOMIZE)/auto_generate/rbac --output $(BUILD_KUSTOMIZE)/kustomize --templateDir charts/openyurt/templates
+	hack/make-rules/kustomize_to_chart.sh --crd $(BUILD_KUSTOMIZE)/auto_generate/crd  --webhook $(BUILD_KUSTOMIZE)/auto_generate/webhook --rbac $(BUILD_KUSTOMIZE)/auto_generate/rbac --output $(BUILD_KUSTOMIZE)/kustomize --chartDir charts/yurt-manager
 
 
 # newcontroller
@@ -176,6 +190,26 @@ else
 	$(call go-get-tool,$(CONTROLLER_GEN),sigs.k8s.io/controller-tools/cmd/[email protected])
 endif
 
+.PHONY: kubectl
+kubectl: $(KUBECTL) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
+$(KUBECTL): $(LOCALBIN)
+	@if test -x $(LOCALBIN)/kubectl && ! $(LOCALBIN)/kubectl version | grep -q $(KUBECTL_VERSION); then \
+		echo "$(LOCALBIN)/kubectl version is not expected $(KUBECTL_VERSION). Removing it before installing."; \
+		rm -rf $(LOCALBIN)/kubectl; \
+	fi
+	test -s $(LOCALBIN)/kubectl || curl https://storage.googleapis.com/kubernetes-release/release/v1.22.3/bin/$(shell go env GOOS)/$(shell go env GOARCH)/kubectl -o $(KUBECTL)
+	chmod +x $(KUBECTL)
+
+KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
+.PHONY: kustomize
+kustomize: $(KUSTOMIZE) ## Download kustomize locally if necessary. If wrong version is installed, it will be removed before downloading.
+$(KUSTOMIZE): $(LOCALBIN)
+	@if test -x $(LOCALBIN)/kustomize && ! $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION); then \
+		echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \
+		rm -rf $(LOCALBIN)/kustomize; \
+	fi
+	test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); }
+
 # go-get-tool will 'go get' any package $2 and install it to $1.
 PROJECT_DIR := $(shell dirname $(abspath $(lastword $(MAKEFILE_LIST))))
 define go-get-tool