YurtAppDaemon

Background

In edge scenarios, edge nodes from the same region will be assigned to the same NodePool, at which point some system components, such as CoreDNS, will typically need to be deployed in NodePool dimension. When creating the NodePool, we want to create these system components automatically, without any manual operations.

YurtAppDaemon ensures that all or some of the NodePools run replicas with a Deployment or StatefulSet template. As NodePools are created, these sub-Deployments or sub-StatefulSets are added to the cluster and the creation/updating of them are controlled by the YurtAppDaemon controller.

img

Usage:

  • Create test1 NodePool
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: NodePool
  6. metadata:
  7.   name: test1
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       apps.openyurt.io/nodepool: test1
  12.   type: Edge
  15. EOF
  • Create test2 NodePool
  1. cat <<EOF | kubectl apply -f -
  3. apiVersion: apps.openyurt.io/v1alpha1
  4. kind: NodePool
  5. metadata:
  6.   name: test2
  7. spec:
  8.   selector:
  9.     matchLabels:
  10.       apps.openyurt.io/nodepool: test2
  11.   type: Edge
  13. EOF
  • Add nodes to the corresponding NodePool
  1.  kubectl label node cn-beijing.172.23.142.31 apps.openyurt.io/desired-nodepool=test1
  2.  kubectl label node cn-beijing.172.23.142.32 apps.openyurt.io/desired-nodepool=test1
  4.  kubectl label node cn-beijing.172.23.142.34 apps.openyurt.io/desired-nodepool=test2
  5.  kubectl label node cn-beijing.172.23.142.35 apps.openyurt.io/desired-nodepool=test2
  • Create YurtAppDaemon
  1. cat <<EOF | kubectl apply -f -
  3. apiVersion: apps.openyurt.io/v1alpha1
  4. kind: YurtAppDaemon
  5. metadata:
  6.   name: daemon-1
  7.   namespace: default
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       app: daemon-1
  13.   workloadTemplate:
  14.     deploymentTemplate:
  15.       metadata:
  16.         labels:
  17.           app: daemon-1
  18.       spec:
  19.         replicas: 1
  20.         selector:
  21.           matchLabels:
  22.             app: daemon-1
  23.         template:
  24.           metadata:
  25.             labels:
  26.               app: daemon-1
  27.           spec:
  28.             containers:
  29.             - image: nginx:1.18.0
  30.               imagePullPolicy: Always
  31.               name: nginx
  32.   nodepoolSelector:
  33.     matchLabels:
  34.       yurtappdaemon.openyurt.io/type: "nginx"
  36. EOF
  • Label test1 NodePool
  1. kubectl label np test1 yurtappdaemon.openyurt.io/type=nginx
  3. # Check the Deployment
  4. kubectl get deployments.apps
  6. # Check the Deployment nodeselector
  8. # Check the Pod
  • Label test2 NodePool
  1. kubectl label np test2 yurtappdaemon.openyurt.io/type=nginx
  3. # Check the Deployment
  4. kubectl get deployments.apps
  6. # Check the Deployment nodeselector
  8. # Check the Pod
  • Update YurtAppDaemon
  1. # Change yurtappdaemon workloadTemplate replicas to 2
  3. # Change yurtappdaemon workloadTemplate image to nginx:1.19.0
  5. # Check the Pod
  • Remove NodePool labels
  1. # Remove the nodepool test1 label
  2. kubectl label np test1 yurtappdaemon.openyurt.io/type-
  4. # Check the Deployment
  6. # Check the Pod
  8. # Remove the nodepool test2 label
  9. kubectl label np test2 yurtappdaemon.openyurt.io/type-
  11. # Check the Deployment
  13. # Check the Pod

Example for deploying coredns

Using YurtAppDaemon+service topology to solve dns resolution problems

  • Create NodePool
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: NodePool
  6. metadata:
  7.   name: hangzhou
  8. spec:
  9.   selector:
  10.     matchLabels:
  11.       apps.openyurt.io/nodepool: hangzhou
  12.   taints:
  13.     - effect: NoSchedule
  14.       key: node-role.openyurt.io/edge
  15.   type: Edge
  18. EOF
  • Add label to NodePool
  1. kubectl label np hangzhou yurtappdaemon.openyurt.io/type=coredns
  • Deploy coredns
  1. cat <<EOF | kubectl apply -f -
  4. apiVersion: apps.openyurt.io/v1alpha1
  5. kind: YurtAppDaemon
  6. metadata:
  7.   name: coredns
  8.   namespace: kube-system
  9. spec:
  10.   selector:
  11.     matchLabels:
  12.        k8s-app: kube-dns
  13.   workloadTemplate:
  14.     deploymentTemplate:
  15.       metadata:
  16.         labels:
  17.           k8s-app: kube-dns
  18.       spec:
  19.         replicas: 2
  20.         selector:
  21.           matchLabels:
  22.             k8s-app: kube-dns
  23.         template:
  24.           metadata:
  25.             labels:
  26.               k8s-app: kube-dns
  27.           spec:
  28.             volumes:
  29.             - name: config-volume
  30.               configMap:
  31.                name: coredns
  32.                items:
  33.                - key: Corefile
  34.                  path: Corefile
  35.                  name: coredns
  36.             dnsPolicy: Default
  37.             serviceAccount: coredns
  38.             serviceAccountName: coredns
  39.             containers:
  40.             - args:
  41.               - -conf
  42.               - /etc/coredns/Corefile
  43.               image: k8s.gcr.io/coredns:1.6.7
  44.               imagePullPolicy: IfNotPresent
  45.               name: coredns
  46.               resources:
  47.                 limits:
  48.                   memory: 170Mi
  49.                 requests:
  50.                   cpu: 100m
  51.                   memory: 70Mi
  52.               securityContext:
  53.                 allowPrivilegeEscalation: false
  54.                 capabilities:
  55.                   add:
  56.                   - NET_BIND_SERVICE
  57.                   drop:
  58.                   - all
  59.                 readOnlyRootFilesystem: true        
  60.               livenessProbe:
  61.                 failureThreshold: 5
  62.                 httpGet:
  63.                   path: /health
  64.                   port: 8080
  65.                   scheme: HTTP
  66.                 initialDelaySeconds: 60
  67.                 periodSeconds: 10
  68.                 successThreshold: 1
  69.                 timeoutSeconds: 5  
  70.               volumeMounts:
  71.               - mountPath: /etc/coredns
  72.                 name: config-volume
  73.                 readOnly: true
  74.   nodepoolSelector:
  75.     matchLabels:
  76.       yurtappdaemon.openyurt.io/type: "coredns"
  78. ---
  79. apiVersion: v1
  80. kind: Service
  81. metadata:
  82.   namespace: kube-system
  83.   annotations:
  84.     prometheus.io/port: "9153"
  85.     prometheus.io/scrape: "true"
  86.     openyurt.io/topologyKeys: openyurt.io/nodepool
  87.   labels:
  88.     k8s-app: kube-dns
  89.     kubernetes.io/cluster-service: "true"
  90.     kubernetes.io/name: KubeDNS
  91.   name: kube-dns
  92. spec:
  93.   clusterIP: __kubernetes-coredns-ip__  ##修改为kubernetes dns service ip
  94.   ports:
  95.   - name: dns
  96.     port: 53
  97.     protocol: UDP
  98.     targetPort: 53
  99.   - name: dns-tcp
  100.     port: 53
  101.     protocol: TCP
  102.     targetPort: 53
  103.   - name: metrics
  104.     port: 9153
  105.     protocol: TCP
  106.     targetPort: 9153
  107.   selector:
  108.     k8s-app: kube-dns
  109.   sessionAffinity: None
  110.   type: ClusterIP   
  111. ---
  112. apiVersion: v1
  113. data:
  114.   Corefile: |
  115.     .:53 {
  116.         errors
  117.         health {
  118.            lameduck 5s
  119.         }
  120.         ready
  121.         kubernetes cluster.local in-addr.arpa ip6.arpa {
  122.            pods insecure
  123.            fallthrough in-addr.arpa ip6.arpa
  124.            ttl 30
  125.         }
  126.         prometheus :9153
  127.         forward . /etc/resolv.conf
  128.         cache 30
  129.         loop
  130.         reload
  131.         loadbalance
  132.     }
  133. kind: ConfigMap
  134. metadata:
  135.   name: coredns
  136.   namespace: kube-system
  137. ---
  138. apiVersion: v1
  139. kind: ServiceAccount
  140. metadata:
  141.   name: coredns
  142.   namespace: kube-system
  143.   labels:
  144.       kubernetes.io/cluster-service: "true"
  145.       addonmanager.kubernetes.io/mode: Reconcile
  146. ---
  147. apiVersion: rbac.authorization.k8s.io/v1
  148. kind: ClusterRole
  149. metadata:
  150.   labels:
  151.     kubernetes.io/bootstrapping: rbac-defaults
  152.     addonmanager.kubernetes.io/mode: Reconcile
  153.   name: system:coredns
  154. rules:
  155. - apiGroups:
  156.   - ""
  157.   resources:
  158.   - endpoints
  159.   - services
  160.   - pods
  161.   - namespaces
  162.   verbs:
  163.   - list
  164.   - watch
  165. - apiGroups:
  166.   - ""
  167.   resources:
  168.   - nodes
  169.   verbs:
  170.   - get
  171. ---
  172. apiVersion: rbac.authorization.k8s.io/v1
  173. kind: ClusterRoleBinding
  174. metadata:
  175.   annotations:
  176.     rbac.authorization.kubernetes.io/autoupdate: "true"
  177.   labels:
  178.     kubernetes.io/bootstrapping: rbac-defaults
  179.     addonmanager.kubernetes.io/mode: EnsureExists
  180.   name: system:coredns
  181. roleRef:
  182.   apiGroup: rbac.authorization.k8s.io
  183.   kind: ClusterRole
  184.   name: system:coredns
  185. subjects:
  186. - kind: ServiceAccount
  187.   name: coredns
  188.   namespace: kube-system
  191. EOF