From 6a5b87dda41fa050e52b44535013972b13cb8b7c Mon Sep 17 00:00:00 2001 From: Cristian Calin <6627509+cristicalin@users.noreply.github.com> Date: Tue, 19 Oct 2021 20:17:04 +0300 Subject: [PATCH] netchecker: update images to 1.2.2 from Mirantis (#8074) * netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images * Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+ --- docs/netcheck.md | 2 +- roles/download/defaults/main.yml | 7 ++-- .../kubernetes-apps/ansible/defaults/main.yml | 4 +++ .../netchecker-server-clusterrole.yml.j2 | 8 +---- .../netchecker-server-deployment.yml.j2 | 35 ++++++++++++++++--- 5 files changed, 41 insertions(+), 15 deletions(-) diff --git a/docs/netcheck.md b/docs/netcheck.md index 9db5e37ac..6a1bf8046 100644 --- a/docs/netcheck.md +++ b/docs/netcheck.md @@ -1,7 +1,7 @@ # Network Checker Application With the ``deploy_netchecker`` var enabled (defaults to false), Kubespray deploys a -Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker +Network Checker Application from the 3rd side `mirantis/k8s-netchecker` docker images. It consists of the server and agents trying to reach the server by usual for Kubernetes applications network connectivity meanings. Therefore, this automatically verifies a pod to pod connectivity via the cluster IP and checks diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 87171e4ed..394a19e33 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -479,11 +479,12 @@ pod_infra_image_repo: "{{ kube_image_repo }}/pause" pod_infra_image_tag: "{{ pod_infra_version }}" install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat" install_socat_image_tag: "latest" -netcheck_version: "v1.0" -netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent" +netcheck_version: "v1.2.2" +netcheck_agent_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-agent" netcheck_agent_image_tag: "{{ netcheck_version }}" -netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server" +netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server" netcheck_server_image_tag: "{{ netcheck_version }}" +netcheck_etcd_image_tag: "v3.4.17" weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube" weave_kube_image_tag: "{{ weave_version }}" weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc" diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml index b3067e771..c07dc9044 100644 --- a/roles/kubernetes-apps/ansible/defaults/main.yml +++ b/roles/kubernetes-apps/ansible/defaults/main.yml @@ -38,6 +38,10 @@ netchecker_server_cpu_limit: 100m netchecker_server_memory_limit: 256M netchecker_server_cpu_requests: 50m netchecker_server_memory_requests: 64M +netchecker_etcd_cpu_limit: 200m +netchecker_etcd_memory_limit: 256M +netchecker_etcd_cpu_requests: 100m +netchecker_etcd_memory_requests: 128M # SecurityContext when PodSecurityPolicy is enabled netchecker_agent_user: 1000 diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2 index 50b4e1b91..290dec350 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2 @@ -6,10 +6,4 @@ metadata: rules: - apiGroups: [""] resources: ["pods"] - verbs: ["list"] - - apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ['*'] - - apiGroups: ["network-checker.ext"] - resources: ["agents"] - verbs: ['*'] + verbs: ["list", "get"] diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 index 0be97e0db..bd36af8d0 100644 --- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 @@ -17,6 +17,9 @@ spec: app: netchecker-server spec: priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} + volumes: + - name: etcd-data + emptyDir: {} containers: - name: netchecker-server image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}" @@ -34,10 +37,34 @@ spec: ports: - containerPort: 8081 args: - - "-v=5" - - "-logtostderr" - - "-kubeproxyinit" - - "-endpoint=0.0.0.0:8081" + - -v=5 + - -logtostderr + - -kubeproxyinit=false + - -endpoint=0.0.0.0:8081 + - -etcd-endpoints=http://127.0.0.1:2379 + - name: etcd + image: "{{ etcd_image_repo }}:{{ netcheck_etcd_image_tag }}" + imagePullPolicy: {{ k8s_image_pull_policy }} + command: + - etcd + - --listen-client-urls=http://127.0.0.1:2379 + - --advertise-client-urls=http://127.0.0.1:2379 + - --data-dir=/var/lib/etcd + - --enable-v2 + - --force-new-cluster + volumeMounts: + - mountPath: /var/lib/etcd + name: etcd-data + resources: + limits: + cpu: {{ netchecker_etcd_cpu_limit }} + memory: {{ netchecker_etcd_memory_limit }} + requests: + cpu: {{ netchecker_etcd_cpu_requests }} + memory: {{ netchecker_etcd_memory_requests }} + securityContext: + runAsUser: {{ netchecker_server_user | default('0') }} + runAsGroup: {{ netchecker_server_group | default('0') }} tolerations: - effect: NoSchedule operator: Exists