docs: update kubernetes docs (#714)

Signed-off-by: Jim Ma <majinjing3@gmail.com>
dragonflyoss · Jun 28, 2023 · c761cbb · c761cbb
1 parent efad31c
commit c761cbb
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 43 deletions.
diff --git a/docs/en/ecosystem/Kubernetes-with-Dragonfly.md b/docs/en/ecosystem/Kubernetes-with-Dragonfly.md
@@ -29,50 +29,60 @@ Dragonfly helm supports config docker automatically.
 
 Config cases:
 
-**Case 1: [Preferred] Arbitrary registries support with restart docker**
+**Case 1: [Preferred] Implicit registries support without restart docker**
 
 Chart customize values.yaml:
 ```yaml
 containerRuntime:
   docker:
     enable: true
-    # -- Restart docker daemon to redirect traffic to dfdaemon
-    # When containerRuntime.docker.restart=true, containerRuntime.docker.injectHosts and containerRuntime.registry.domains is ignored.
-    # If did not want restart docker daemon, keep containerRuntime.docker.restart=false and containerRuntime.docker.injectHosts=true.
-    restart: true
-    skipHosts:
-    - "127.0.0.1"
-    - "docker.io" # Dragonfly use this image registry to upgrade itself, so we need skip it. Change it in real environment.
+    # -- Inject domains into /etc/hosts to force redirect traffic to dfdaemon.
+    # Caution: This feature need dfdaemon to implement SNI Proxy, confirm image tag is greater than v2.0.0.
+    # When use certs and inject hosts in docker, no necessary to restart docker daemon.
+    injectHosts: true
+    registryDomains:
+    - "harbor.example.com"
+    - "harbor.example.net"
 ```
 
-This config enables docker pulling images from arbitrary registries via Dragonfly.
-When deploying Dragonfly with above config, dfdaemon will restart docker daemon.
+This config enables docker pulling images from registries `harbor.example.com` and `harbor.example.net` via Dragonfly.
+When deploying Dragonfly with above config, it's unnecessary to restart docker daemon.
+
+Advantages:
+* Support upgrade dfdaemon smoothness
+
+> In this mode, when dfdaemon pod deleted, the `preStop` hook will remove all injected hosts info in /etc/hosts,
+> all images traffic fallbacks to original registries.
 
 Limitations:
-* Must enable live-restore feature in docker
-* Need restart docker daemon
+* Only support implicit registries
 
-**Case 2: Implicit registries support without restart docker**
+**Case 2: Arbitrary registries support with restart docker**
 
 Chart customize values.yaml:
 ```yaml
 containerRuntime:
   docker:
     enable: true
-    # -- Inject domains into /etc/hosts to force redirect traffic to dfdaemon.
-    # Caution: This feature need dfdaemon to implement SNI Proxy, confirm image tag is greater than v0.4.0.
-    # When use certs and inject hosts in docker, no necessary to restart docker daemon.
-    injectHosts: true
-    registryDomains:
-    - "harbor.example.com"
-    - "harbor.example.net"
+    # -- Restart docker daemon to redirect traffic to dfdaemon
+    # When containerRuntime.docker.restart=true, containerRuntime.docker.injectHosts and containerRuntime.registry.domains is ignored.
+    # If did not want restart docker daemon, keep containerRuntime.docker.restart=false and containerRuntime.docker.injectHosts=true.
+    restart: true
+    skipHosts:
+    - "127.0.0.1"
+    - "docker.io" # Dragonfly use this image registry to upgrade itself, so we need skip it. Change it in real environment.
 ```
 
-This config enables docker pulling images from registries `harbor.example.com` and `harbor.example.net` via Dragonfly.
-When deploying Dragonfly with above config, it's unnecessary to restart docker daemon.
+This config enables docker pulling images from arbitrary registries via Dragonfly.
+When deploying Dragonfly with above config, dfdaemon will restart docker daemon.
+
+Advantages:
+* Support arbitrary registries
 
 Limitations:
-* Only support implicit registries
+* Must enable live-restore feature in docker
+* Need restart docker daemon
+* When upgrade dfdaemon, new image must be pulled beforehand.
 
 #### 2. Containerd
 

diff --git a/docs/zh-CN/ecosystem/Kubernetes-with-Dragonfly.md b/docs/zh-CN/ecosystem/Kubernetes-with-Dragonfly.md
@@ -27,47 +27,58 @@
 
 Dragonfly Helm 支持自动更改 docker 配置。
 
-**情况 1:【推荐的】支持任意仓库**
+**情况 1:【推荐的】支持指定仓库**
 
 定制 values.yaml 文件:
 ```yaml
 containerRuntime:
   docker:
     enable: true
-    # -- Restart docker daemon to redirect traffic to dfdaemon
-    # When containerRuntime.docker.restart=true, containerRuntime.docker.injectHosts and containerRuntime.registry.domains is ignored.
-    # If did not want restart docker daemon, keep containerRuntime.docker.restart=false and containerRuntime.docker.injectHosts=true.
-    restart: true
+    # -- Inject domains into /etc/hosts to force redirect traffic to dfdaemon.
+    # Caution: This feature need dfdaemon to implement SNI Proxy, confirm image tag is greater than v2.0.0.
+    # When use certs and inject hosts in docker, no necessary to restart docker daemon.
+    injectHosts: true
+    registryDomains:
+    - "harbor.example.com"
+    - "harbor.example.net"
 ```
 
-此配置允许 Dragonfly 拦截所有 docker 流量。
-使用上述配置部署 Dragonfly 时，dfdaemon 将重新启动 docker。
+When upgrade dfdaemon, the old pods will be deleted and the injected hosts info will be removed,
+then docker will pull image without dragonfly, finally, the new pods will be created.
+
+Advantages:
+* Support upgrade dfdaemon smoothness
+
+此配置允许 docker 通过 Dragonfly 拉取 `harbor.example.com` 和 `harbor.example.net` 域名镜像。
+使用上述配置部署 Dragonfly 时，无需重新启动 docker。
+
+优点：
+* 支持 dfdaemon 自身平滑升级
+
+> 这种模式下，当删除 dfdaemon pod 的时候，`preStop` 钩子将会清理已经注入到 `/etc/hosts` 下的所有主机信息，所有流量将会走原来的镜像中心。
 
 限制:
-* 必须开启 docker 的 `live-restore` 功能
-* 需要重启 docker daemon
+* 只支持指定域名。
 
-**情况 2: 支持指定仓库**
+**情况 2: 支持任意仓库**
 
 定制 values.yaml 文件:
 ```yaml
 containerRuntime:
   docker:
     enable: true
-    # -- Inject domains into /etc/hosts to force redirect traffic to dfdaemon.
-    # Caution: This feature need dfdaemon to implement SNI Proxy, confirm image tag is greater than v0.4.0.
-    # When use certs and inject hosts in docker, no necessary to restart docker daemon.
-    injectHosts: true
-    registryDomains:
-    - "harbor.example.com"
-    - "harbor.example.net"
+    # -- Restart docker daemon to redirect traffic to dfdaemon
+    # When containerRuntime.docker.restart=true, containerRuntime.docker.injectHosts and containerRuntime.registry.domains is ignored.
+    # If did not want restart docker daemon, keep containerRuntime.docker.restart=false and containerRuntime.docker.injectHosts=true.
+    restart: true
 ```
 
-此配置允许 docker 通过 Dragonfly 拉取 `harbor.example.com` 和 `harbor.example.net` 域名镜像。
-使用上述配置部署 Dragonfly 时，无需重新启动 docker。
+此配置允许 Dragonfly 拦截所有 docker 流量。
+使用上述配置部署 Dragonfly 时，dfdaemon 将重新启动 docker。
 
 限制:
-* 只支持指定域名。
+* 必须开启 docker 的 `live-restore` 功能
+* 需要重启 docker daemon
 
 #### 2. Containerd