openyurtio/openyurt v1.5.0

on GitHub

v1.5.0

What's New

Support Kubernetes up to V1.28

“k8s.io/xxx” and all its related dependencies are upgraded to version “v0.28.9”, for ensuring OpenYurt is compatible with Kubernetes v1.28 version. This compatibility has been confirmed by an end-to-end (E2E) test where we started a Kubernetes v1.28 cluster using KinD and deployed the latest components of OpenYurt. At the same time, all the key components of OpenYurt, such as yurt-manager and yurthub, are deployed on the Kubernetes cluster via Helm to ensure that the Helm charts provided by the OpenYurt community can run stably in the production environment.
#2047
#2074

Reduce cloud-edge traffic spike during rapid node additions

NodePool resource is essential for managing groups of nodes within OpenYurt clusters, as it records details of all nodes in the collective through the NodePool.status.nodes field. YurtHub relies on this information to identify endpoints within the same NodePool, thereby enabling pool-level service topology functionality. However, when a large NodePool—potentially comprising thousands of nodes—experiences swift expansion, such as the integration of hundreds of edge nodes within a mere minute, the surge in cloud-to-edge network traffic can be significant. In this release, a new type of resource called NodeBucket has been introduced. It provides a scalable and streamlined method for managing extensive NodePool, significantly reducing the impact on cloud-edge traffic during periods of rapid node growth, and ensuring the stability of the clusters is maintained.
#1864
#1874
#1930

Upgrade YurtAppSet to v1beta1 version

YurtAppSet v1beta1 is introduced to facilitate the management of multi-region workloads. Users can use YurtAppSet to distribute the same WorkloadTemplate (Deployment/Statefulset) to different nodepools by a label selector NodePoolSelector or nodepool name slice (Pools). Users can also customize the configuration of workloads in different node pools through WorkloadTweaks.
In this release, we have combined the functionality from the three old crds (YurtAppSet v1alpha1, YurtAppDaemon and YurtAppOverrider) in yurtappset v1beta1. We recommend to use this in favor of the old ones.
#1890
#1931
#1939
#1974
#1997

Improve transparent management mechanism for control traffic from edge to cloud

The current transparent management mechanism for cloud-edge control traffic has certain limitations and cannot effectively support direct requests to the default/kubernetes service. In this release, a new transparent management mechanism for cloud-edge control traffic, aimed at enabling pods using InClusterConfig or the default/kubernetes service name to access the kube-apiserver via YurtHub without needing to be aware of the details of the public network connection between the cloud and edge.
#1975
#1996

Separate clients for yurt-manager component

Yurt-manager is an important component in cloud environment for OpenYurt which holds multiple controllers and webhooks. Those controllers and webhooks shared one client and one set of RBAC (yurt-manager-role/yurt-manager-role-binding/yurt-manager-sa) which grew bigger as we add more function into yurt-manager. This mechanism makes a controller has access it shouldn't has. and it's difficult to find out the request is from which controller from the audit logs. In the latest release, we restrict each controller/webhook to only the permissions it may use and separate RBAC and UA for different controllers and webhooks.
#2051
#2069

Enhancement to Yurthub's Autonomy capabilities

New autonomy condition have been added to node conditions so that yurthub can report autonomy status of node in real time at each nodeStatusUpdateFrequency. This condition allows for accurate determination of each node's autonomy status. In addition, an error key mechanism has been introduced to log cache failure keys along with their corresponding fault reasons. The error keys are persisted using the AOF (Append-Only File) method, ensuring that the autonomy state is recovered even after a reboot and preventing the system from entering a pseudo-autonomous state. These enhancements also facilitate easier troubleshooting when autonomy issues arise.
#2015
#2033
#2096

Other Notable changes

• improve ca data for yurthub component by @rambohe-ch in #1815
• improve FieldIndexer setting in yurt-manager by @2456868764 in #1834
• fix: yurtadm join ignorePreflightErrors could not set all by @YTGhost in #1837
• Feature: add name-length of dummy interface too long error by @8rxn in #1875
• feat: support v3 rest api client for edgex v3 api by @wangxye in #1850
• feat: support edgex napa version by auto-collector by @LavenderQAQ in #1852
• feat: improve discardcloudservice filter in yurthub component (#1924) by @huangchenzhao in #1926
• Add missing verb to the role of node lifecycle controller by @crazytaxii in #1936
• don't cache csr and sar resource in yurthub by @rambohe-ch in #1949
• feat: improve hostNetwork mode of NodePool by adding NodeAffinity to pods with specified annotation (#1935) by @huangchenzhao in #1959
• move list object handling from ObjectFilter into ResponseFilter by @rambohe-ch in #1991
• The gateway can forward traffic from extra source cidrs by @River-sh in #1993
• return back watch.Deleted event to clients when watch object is removed in OjbectFilters by @rambohe-ch in #1995
• add pool service controller. by @zyjhtangtang in #2010
• aggregated annotations and labels. by @zyjhtangtang in #2027
• improve pod webhook for adapting hostnetwork mode nodepool by @rambohe-ch in #2050
• intercept kubelet get node request in order to reduce the traffic by @vie-serendipity in #2039
• bump controller-gen to v0.13.0 by @Congrool in #2056
• improve nodepool conversion by @rambohe-ch in #2080
• feat: add version metrics for yurt-manager and yurthub components by @rambohe-ch in #2094

Fixes

• fix cache manager panic in yurthub by @rambohe-ch in #1950
• fix: upgrade the version of runc to avoid security risk by @qclc in #1972
• fix only openyurt crd conversion should be handled for upgrading cert by @rambohe-ch in #2013
• fix the cache leak in yurtappoverrider controller by @MeenuyD in #1795
• fix(yurt-manager): add clusterrole for nodes/status subresources by @qclc in #1884
• fix: close dst file by @testwill in #2046

Proposals

• Proposal: High Availability of Edge Services by @Rui-Gan in #1816
• Proposal: yurt express: openyurt data transmission system proposal by @qsfang in #1840
• proposal: add NodeBucket to reduce cloud-edge traffic spike during rapid node additions. by @rambohe-ch in #1864
• Proposal: add yurtappset v1beta1 proposal by @luc99hen in #1890
• proposal: improve transparent management mechanism for control traffic from edge to cloud by @rambohe-ch in #1975
• Proposal: enhancement of edge autonomy by @vie-serendipity in #2015
• Proposal: separate yurt-manager clients by @luc99hen in #2051

Contributors

Thank you to everyone who contributed to this release! ❤

• @wangxye
• @huiwq1990
• @testwill
• @fengshunli
• @Congrool
• @zyjhtangtang
• @vie-serendipity
• @dsy3502
• @YTGhost
• @River-sh
• @qclc
• @lilongfeng0902
• @NewKeyTo
• @crazytaxii
• @MeenuyD
• @dzcvxe
• @2456868764
• @8rxn
• @huangchenzhao
• @karthik507
• @MundaneImmortal
• @rambohe-ch

And thank you very much to everyone else not listed here who contributed in other ways like filing issues,
giving feedback, helping users in community group, etc.