improve start script

Signed-off-by: duanmengkk <[email protected]>

cluster/images/agent.Dockerfile

@@ -1,4 +1,4 @@
-FROM m.daocloud.io/docker.io/ubuntu AS release-env
+FROM docker.io/ubuntu AS release-env
 
 ARG BINARY
 

cluster/images/buildx.agent.Dockerfile

@@ -1,4 +1,4 @@
-FROM m.daocloud.io/docker.io/ubuntu AS release-env
+FROM docker.io/ubuntu AS release-env
 
 ARG BINARY
 ARG TARGETPLATFORM

deploy/node-agent.yml → deploy/node-agent.yaml

@@ -1,3 +1,38 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kosmos-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: kubenest-node-agent
+  namespace: kosmos-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: kubenest-node-agent
+rules:
+  - apiGroups: ['*']
+    resources: ['*']
+    verbs: ["*"]
+  - nonResourceURLs: ['*']
+    verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: kubenest-node-agent
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubenest-node-agent
+subjects:
+  - kind: ServiceAccount
+    name: kubenest-node-agent
+    namespace: kosmos-system
+---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
@@ -15,6 +50,7 @@ spec:
       hostPID: true # access host pid
       hostIPC: true # access host ipc
       hostNetwork: true # access host network
+      serviceAccountName: kubenest-node-agent
       tolerations:
         - operator: Exists # run on all nodes
       initContainers:
@@ -70,4 +106,14 @@ spec:
         - name: systemd-path
           hostPath:
             path: /etc/systemd/system
-            type: DirectoryOrCreate
+            type: DirectoryOrCreate
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: node-agent-secret
+  namespace: kosmos-system
+type: kubernetes.io/basic-auth
+data:
+  username: {{ .USERNAME }}
+  password: {{ .PASSWORD }}

hack/cluster.sh

@@ -13,7 +13,7 @@ REUSE=${REUSE:-false}
 USE_LOCAL_ARTIFACTS=${USE_LOCAL_ARTIFACTS:-true}
 VERSION=${VERSION:-latest}
 
-CN_ZONE=${CN_ZONE:-true}
+CN_ZONE=${CN_ZONE:-false}
 source "$(dirname "${BASH_SOURCE[0]}")/util.sh"
 
 # default cert and key for node server https
@@ -122,18 +122,18 @@ function prepare_docker_image() {
 
   if [ "${CN_ZONE}" == false ]; then
     # 使用 Calico 的官方镜像源
-    local calico_prefix="calico"
+    local calico_prefix=""
     local operator_prefix="quay.io"
   else
     # 使用 DaoCloud 镜像源
-    calico_prefix="docker.m.daocloud.io"
+    calico_prefix="docker.m.daocloud.io/"
     operator_prefix="quay.m.daocloud.io"
   fi
 
   # 拉取和标记 Calico 镜像
   for image in "${calico_images[@]}"; do
-    docker pull "${calico_prefix}/${image}:${version}"
-    docker tag "${calico_prefix}/${image}:${version}" "${image}:${version}"
+    docker pull "${calico_prefix}${image}:${version}"
+    docker tag "${calico_prefix}${image}:${version}" "${image}:${version}"
   done
 
   # 拉取和标记 Operator 镜像
@@ -347,6 +347,27 @@ function load_kubenetst_cluster_images() {
   kind load docker-image -n "$clustername" ghcr.io/kosmos-io/node-agent:"${VERSION}"
 }
 
+function create_node_agent_daemonset() {
+  # insure htpasswd
+  util::cmd_must_exist openssl
+  # generate username and password
+  username=$(openssl rand -hex 5)
+  password=$(openssl rand -base64 12)
+  echo "node-agent生成的用户名: $username"
+  echo "node-agent生成的密码: $password"
+  # Base64 encode the username and password
+  encoded_username=$(echo -n "$username" | base64)
+  encoded_password=$(echo -n "$password" | base64)
+
+  sed -e "s|^  username:.*|  username: ${encoded_username}|g" \
+    -e "s|^  password:.*|  password: ${encoded_password}|g" \
+    -e "w ${ROOT}/environments/node-agent.yaml" "$ROOT"/deploy/node-agent.yaml
+
+  local -r clustername=$1
+  CLUSTER_DIR="${ROOT}/environments/${clustername}"
+  kubectl --kubeconfig $CLUSTER_DIR/kubeconfig apply -f "${ROOT}/environments/node-agent.yaml"
+}
+
 function delete_cluster() {
   local -r clusterName=$1
   local -r clusterDir=$2

hack/install-go.sh

@@ -9,13 +9,13 @@ install_go() {
   echo "Go is not installed. Installing..."
 
   # Specify the Go version you want to install
-  GO_VERSION="1.20"  # Change this to the desired Go version
+  GO_VERSION="1.23.2"  # Change this to the desired Go version
 
   # Set the Go installation path
   GO_INSTALL_PATH="/usr/local"
 
   # Download and install Go
-  curl -O https://golang.org/dl/go$GO_VERSION.linux-amd64.tar.gz
+  wget https://golang.org/dl/go$GO_VERSION.linux-amd64.tar.gz
   tar -C $GO_INSTALL_PATH -xzf go$GO_VERSION.linux-amd64.tar.gz
 
   # Set Go environment variables
@@ -35,7 +35,7 @@ if ! command -v go &> /dev/null; then
 fi
 
 # Verify the Go version
-if ! go version | grep -q "go1.20"; then
+if ! go version | grep -q "go1.23.2"; then
   echo "Installed Go version does not match the required version (1.20)."
   install_go
 fi

hack/local-up-kubenest.sh

@@ -31,7 +31,7 @@ done
 KUBECONFIG_PATH=${KUBECONFIG_PATH:-"${HOME}/.kube"}
 export KUBECONFIG=$KUBECONFIG_PATH/"config"
 
-KIND_IMAGE=${KIND_IMAGE:-"m.daocloud.io/docker.io/kindest/node:v1.27.2"}
+KIND_IMAGE=${KIND_IMAGE:-"kindest/node:v1.27.2"}
 HOST_IPADDRESS=${1:-}
 KUBE_NEST_CLUSTER_NAME="kubenest-cluster"
 CLUSTER_POD_CIDR="10.233.64.0/18"
@@ -40,6 +40,7 @@ CLUSTER_SERVICE_CIDR="10.233.0.0/18"
 REPO_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
 VERSION=${VERSION:-"latest"}
 source "$(dirname "${BASH_SOURCE[0]}")/install_kind_kubectl.sh"
+source "$(dirname "${BASH_SOURCE[0]}")/install_kind_kubectl.sh"
 source "$(dirname "${BASH_SOURCE[0]}")/cluster.sh"
 source "$(dirname "${BASH_SOURCE[0]}")/util.sh"
 
@@ -62,4 +63,7 @@ create_cluster "${KIND_IMAGE}" "${HOST_IPADDRESS}" "${KUBE_NEST_CLUSTER_NAME}" "
 
 load_kubenetst_cluster_images "${KUBE_NEST_CLUSTER_NAME}"
 
+#step2. create node-agent daemonset in kubernetes
+create_node_agent_daemonset "${KUBE_NEST_CLUSTER_NAME}"
+