Merge branch 'master' into feat_persistence_command

.github/workflows/lint.yml

@@ -59,7 +59,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0 --skip-dirs=test --skip-dirs=pkg/logs/glog
+          args: --timeout=30m --skip-dirs=test --skip-dirs=pkg/logs/glog --out-format=colored-line-number
           working-directory: bcs-services/bcs-bscp
   bcs-cluster-manager:
     name: bcs-cluster-manager
@@ -79,7 +79,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0
+          args: --timeout=30m
           working-directory: bcs-services/bcs-cluster-manager
   bcs-helm-manager:
     name: bcs-helm-manager
@@ -99,7 +99,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0
+          args: --timeout=30m
           working-directory: bcs-services/bcs-helm-manager
   bcs-project-manager:
     name: bcs-project-manager
@@ -119,7 +119,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0
+          args: --timeout=30m --out-format=colored-line-number
           working-directory: bcs-services/bcs-project-manager
   bcs-user-manager:
     name: bcs-user-manager
@@ -139,7 +139,7 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0
+          args: --timeout=30m
           working-directory: bcs-services/bcs-user-manager
   bcs-cluster-resources:
     name: bcs-cluster-resources
@@ -159,5 +159,5 @@ jobs:
         uses: golangci/golangci-lint-action@v3
         with:
           version: v1.54.2
-          args: --timeout=30m --issues-exit-code=0
+          args: --timeout=30m
           working-directory: bcs-services/cluster-resources

bcs-common/pkg/audit/activity.go

@@ -42,6 +42,8 @@ const (
 	// ActivityStatusPending means the activity is pending
 	ActivityStatusPending ActivityStatus = "pending"
 
+	// ActivityTypeView means the activity type is view
+	ActivityTypeView ActivityType = "view"
 	// ActivityTypeCreate means the activity type is create
 	ActivityTypeCreate ActivityType = "create"
 	// ActivityTypeUpdate means the activity type is update

bcs-ops/env/offline-manifest.yaml

@@ -7,6 +7,8 @@ bcs-ops:
       containerd: "1.6.21"
       runc: "1.1.8"
       docker: "19.03.9"
+      jq: "1.6"
+      yq: "4.30.6"
 
     images:
       - hub.bktencent.com/registry.k8s.io/kube-apiserver:v1.20.15
@@ -44,6 +46,8 @@ bcs-ops:
       containerd: "1.6.21"
       runc: "1.1.8"
       docker: "19.03.9"
+      jq: "1.6"
+      yq: "4.30.6"
 
     images:
       - hub.bktencent.com/registry.k8s.io/kube-apiserver:v1.23.17
@@ -79,6 +83,8 @@ bcs-ops:
       crictl: "1.26.0"
       containerd: "1.6.21"
       runc: "1.1.8"
+      jq: "1.6"
+      yq: "4.30.6"
 
     images:
       - hub.bktencent.com/registry.k8s.io/kube-apiserver:v1.24.15

bcs-ops/install_master.sh

@@ -46,6 +46,8 @@ safe_source "${ROOT_DIR}/functions/k8s.sh"
 
 "${ROOT_DIR}"/system/config_envfile.sh -c init
 "${ROOT_DIR}"/system/config_system.sh -c dns sysctl
+"${ROOT_DIR}"/tools/install_tools.sh jq yq
+"${ROOT_DIR}"/system/install_yq
 "${ROOT_DIR}"/k8s/install_cri.sh
 "${ROOT_DIR}"/k8s/install_k8s_tools
 "${ROOT_DIR}"/k8s/render_kubeadm
@@ -107,3 +109,5 @@ else
     fi
   fi
 fi
+
+"${ROOT_DIR}"/k8s/install_k8s

bcs-ops/install_node.sh

@@ -106,6 +106,7 @@ safe_source "${ROOT_DIR}/functions/k8s.sh"
 
 "${ROOT_DIR}"/system/config_envfile.sh -c init
 "${ROOT_DIR}"/system/config_system.sh -c dns sysctl
+"${ROOT_DIR}"/tools/install_tools.sh jq yq
 "${ROOT_DIR}"/k8s/install_cri.sh
 "${ROOT_DIR}"/k8s/install_k8s_tools
 "${ROOT_DIR}"/k8s/render_kubeadm

bcs-ops/install_op.sh

@@ -35,7 +35,7 @@ for file in "${source_files[@]}"; do
   safe_source "$file"
 done
 
-"${ROOT_DIR}"/k8s/operate_completion kubeadm kubectl helm ctr
+"${ROOT_DIR}"/k8s/operate_completion kubeadm kubectl helm ctr yq
 
 if [[ -n "${BKREPO_URL:-}" ]]; then
   if command -v helm &>/dev/null; then

bcs-ops/k8s/install_k8s

@@ -0,0 +1,161 @@
+#!/bin/bash
+
+#######################################
+# Tencent is pleased to support the open source community by making Blueking Container Service available.
+# Copyright (C) 2019 THL A29 Limited, a Tencent company. All rights reserved.
+# Licensed under the MIT License (the "License"); you may not use this file except
+# in compliance with the License. You may obtain a copy of the License at
+# http://opensource.org/licenses/MIT
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions and
+# limitations under the License.
+#######################################
+
+set -euo pipefail
+trap "utils::on_ERR;" ERR
+HELM_VER=${HELM_VER:-"3.7.2"}
+
+SELF_DIR=$(dirname "$(readlink -f "$0")")
+ROOT_DIR="${SELF_DIR}/.."
+
+safe_source() {
+  local source_file=$1
+  if [[ -f ${source_file} ]]; then
+    #shellcheck source=/dev/null
+    source "${source_file}"
+  else
+    echo "[ERROR]: FAIL to source, missing ${source_file}"
+    exit 1
+  fi
+}
+
+
+source_files=("${ROOT_DIR}/functions/utils.sh" "${ROOT_DIR}/env/bcs.env")
+for file in "${source_files[@]}"; do
+  safe_source "$file"
+done
+
+#start configuration
+goversion=`kubectl version|grep "Server Version:"|grep -E "go[0-9]{1}.[0-9]{2}" -o|awk -F'.' ' { print $2  } '`
+if [ -z "${goversion}" ];then
+  job_fail "get go version failed, configure etcd failed"
+fi
+
+pod_files=(etcd.yaml kube-apiserver.yaml kube-controller-manager.yaml kube-scheduler.yaml)
+
+for pod_file in ${pod_files[@]};do
+  if [[ ${goversion} -le 15 ]] || [[ ${goversion} -ge 12 ]];then
+    if ! grep GODEBUG /etc/kubernetes/manifests/${pod_file};then
+      if [[ $(yq '.spec.containers[0].env' /etc/kubernetes/manifests/${pod_file}) != "null" ]];then
+        env_length=$(yq '.spec.containers[0].env|to_entries|length'  /etc/kubernetes/manifests/${pod_file})
+        yq -i '.spec.containers[0].env['${env_length}']={"name":"GODEBUG", "value":"madvdontneed=1"}' /etc/kubernetes/manifests/${pod_file}
+      else
+        yq -i '.spec.containers[0].env[0]={"name":"GODEBUG", "value":"madvdontneed=1"}' /etc/kubernetes/manifests/${pod_file}
+      fi
+    fi
+  fi
+done
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-apiserver.yaml|grep max-mutating-requests-inflight;then
+    yq -i '.spec.containers[0].command += "--max-mutating-requests-inflight=1000"' /etc/kubernetes/manifests/kube-apiserver.yaml
+else
+    if ! grep max-mutating-requests-inflight=1000 /etc/kubernetes/manifests/kube-apiserver.yaml;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-apiserver.yaml|yq '.[]|select (.value|test("max-mutating-requests-inflight")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--max-mutating-requests-inflight=1000"' /etc/kubernetes/manifests/kube-apiserver.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-apiserver.yaml |grep max-requests-inflight;then
+    yq -i '.spec.containers[0].command += "--max-requests-inflight=3000"' /etc/kubernetes/manifests/kube-apiserver.yaml
+else
+    if ! grep max-requests-inflight=3000 /etc/kubernetes/manifests/kube-apiserver.yaml ;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-apiserver.yaml|yq '.[]|select (.value|test("max-mutating-requests-inflight")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--max-requests-inflight=3000"' /etc/kubernetes/manifests/kube-apiserver.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-controller-manager.yaml|grep kube-api-qps;then
+    yq -i '.spec.containers[0].command += "--kube-api-qps=300"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+else
+    if ! grep kube-api-qps=300 /etc/kubernetes/manifests/kube-controller-manager.yaml ;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-controller-manager.yaml|yq '.[]|select (.value|test("kube-api-qps")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--kube-api-qps=300"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-controller-manager.yaml |grep kube-api-burst;then
+    yq -i '.spec.containers[0].command += "--kube-api-burst=400"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+else
+    if ! grep kube-api-burst=400 /etc/kubernetes/manifests/kube-controller-manager.yaml;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-controller-manager.yaml|yq '.[]|select (.value|test("kube-api-burst")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--kube-api-burst=400"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-controller-manager.yaml|grep terminated-pod-gc-threshold;then
+    yq -i '.spec.containers[0].command += "--terminated-pod-gc-threshold=12500"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+else
+    if ! grep terminated-pod-gc-threshold=12500 /etc/kubernetes/manifests/kube-controller-manager.yaml;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-controller-manager.yaml|yq '.[]|select (.value|test("terminated-pod-gc-threshold")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--terminated-pod-gc-threshold=12500"' /etc/kubernetes/manifests/kube-controller-manager.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-scheduler.yaml|grep kube-api-qps;then
+    yq -i '.spec.containers[0].command += "--kube-api-qps=300"' /etc/kubernetes/manifests/kube-scheduler.yaml
+else
+    if ! grep kube-api-qps=300 /etc/kubernetes/manifests/kube-scheduler.yaml;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-scheduler.yaml|yq '.[]|select (.value|test("kube-api-qps")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--kube-api-qps=300"' /etc/kubernetes/manifests/kube-scheduler.yaml
+    fi
+fi
+
+if ! grep -v "^#" /etc/kubernetes/manifests/kube-scheduler.yaml |grep kube-api-burst;then
+    yq -i '.spec.containers[0].command += "--kube-api-burst=400"' /etc/kubernetes/manifests/kube-scheduler.yaml
+else
+    if ! grep kube-api-burst=400 /etc/kubernetes/manifests/kube-scheduler.yaml;then
+      element_index=$(yq '.spec.containers[0].command|to_entries'  /etc/kubernetes/manifests/kube-scheduler.yaml|yq '.[]|select (.value|test("kube-api-burst")).key')
+      yq -i '.spec.containers[0].command['${element_index}']="--kube-api-burst=400"' /etc/kubernetes/manifests/kube-scheduler.yaml
+    fi
+fi
+
+sleep 20
+pods=(etcd kube-apiserver kube-controller-manager kube-scheduler)
+for pod in ${pods[@]};do
+  case "${CRI_TYPE,,}" in
+    "docker")
+      if ! docker ps |grep -v pause|grep ${pod}|grep -i Up;then
+        utils::log "ERROR" "${pod} fail to run "
+      fi
+      ;;
+    "containerd")
+      if ! crictl ps |grep ${pod}|grep -i running;then
+        utils::log "ERROR" "${pod} fail to run "
+      fi
+      ;;
+    *)
+      export ERR_CODE=1
+      utils::log "FATAL" "unkown CRI_TYPE: $CRI_TYPE"
+      ;;
+  esac
+done
+
+kubectl get cm -n kube-system kube-proxy -o yaml|yq '.data.["kubeconfig.conf"]' > kubeconfig.conf
+kubectl get cm -n kube-system kube-proxy -o yaml|yq '.data.["config.conf"]'|yq '.ipvs.udpTimeout="10s"' > config.conf
+kubectl get cm -n kube-system kube-proxy  -o yaml > kube-proxy-configmap.bak
+kubectl delete cm kube-proxy -n kube-system 
+kubectl create cm kube-proxy -n kube-system --from-file config.conf --from-file kubeconfig.conf
+
+if ! kubectl get ds -n kube-system kube-proxy -o yaml|grep madvdontneed;then
+    kubectl patch ds -n kube-system kube-proxy -p '[{"op": "add", "path": "/spec/template/spec/containers/0/env/-", "value":{"name":"GODEBUG", "value":"madvdontneed=1"}}]' --type json
+else
+  if ! kubectl get ds -n kube-system kube-proxy -o yaml|grep madvdontneed=1;then
+    element_index=`kubectl get ds -n kube-system kube-proxy -o json|jq '.spec.template.spec.containers[0].env|to_entries[]|select (.value.name|test("GODEBUG")).key'`
+    kubectl patch ds -n kube-system kube-proxy -p '[{"op": "replace", "path": "/spec/template/spec/containers/0/env/'${element_index}'", "value":{"name":"GODEBUG", "value":"madvdontneed=1"}}]' --type json
+  fi
+fi
+
+#coredns configuration
+
+utils::log "OK" "K8S configuration done!"

bcs-ops/k8s/install_k8s_tools

@@ -104,7 +104,7 @@ _offline_k8s() {
 }
 
 main() {
-  local source_file
+  local source_files
   source_files=("${ROOT_DIR}/functions/utils.sh" "${ROOT_DIR}/env/bcs.env")
   for file in "${source_files[@]}"; do
     safe_source "$file"

bcs-ops/k8s/operate_completion

@@ -22,7 +22,7 @@ ROOT_DIR="${SELF_DIR}/.."
 
 RC_FILE="/etc/bash_completion.d/bcs.bash"
 
-PROJECTS=(kubeadm kubectl helm ctr)
+PROJECTS=(kubeadm kubectl helm ctr yq)
 readonly SELF_DIR ROOT_DIR RC_FILE PROJECTS
 
 usage_and_exit() {
@@ -100,6 +100,18 @@ source <(helm completion bash)
 EOF
 }
 
+completion_yq() {
+  check_completion
+    sed -ri \
+    '/bcs config begin for yq/,/bcs config end for yq/d' ${RC_FILE}
+  cat >>"$RC_FILE" <<'EOF'
+# bcs config begin for yq
+# yq 命令补全
+source <(yq shell-completion bash)
+# bcs config end for yq
+EOF
+}
+
 completion_clean() {
   rm -f ${RC_FILE}
 }

bcs-ops/system/config_envfile.sh

@@ -104,6 +104,8 @@ init_env() {
   # mirror
   ## yum_mirror
   MIRROR_URL=${MIRROR_URL:-"https://mirrors.tencent.com"}
+  ## repo_url
+  REPO_URL=${REPO_URL:-"https://bkopen-1252002024.file.myqcloud.com/ce7/tools"}
   ##
   MIRROR_IP=${MIRROR_IP:-}
   ## image_registry
@@ -277,6 +279,7 @@ CSI_EOF
 
 ## yum_mirror
 MIRROR_URL="${MIRROR_URL}"
+REPO_URL="${REPO_URL}"
 MIRROR_IP="${MIRROR_IP}"
 ## image_registry
 ### docker.io