netchecker: update images to 1.2.2 from Mirantis (#8074)

* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images

* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+

docs/netcheck.md

@@ -1,7 +1,7 @@
 # Network Checker Application
 
 With the ``deploy_netchecker`` var enabled (defaults to false), Kubespray deploys a
-Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker
+Network Checker Application from the 3rd side `mirantis/k8s-netchecker` docker
 images. It consists of the server and agents trying to reach the server by usual
 for Kubernetes applications network connectivity meanings. Therefore, this
 automatically verifies a pod to pod connectivity via the cluster IP and checks

roles/download/defaults/main.yml

@@ -479,11 +479,12 @@ pod_infra_image_repo: "{{ kube_image_repo }}/pause"
 pod_infra_image_tag: "{{ pod_infra_version }}"
 install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat"
 install_socat_image_tag: "latest"
-netcheck_version: "v1.0"
+netcheck_version: "v1.2.2"
-netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent"
+netcheck_agent_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-agent"
 netcheck_agent_image_tag: "{{ netcheck_version }}"
-netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server"
+netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server"
 netcheck_server_image_tag: "{{ netcheck_version }}"
+netcheck_etcd_image_tag: "v3.4.17"
 weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube"
 weave_kube_image_tag: "{{ weave_version }}"
 weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc"

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -38,6 +38,10 @@ netchecker_server_cpu_limit: 100m
 netchecker_server_memory_limit: 256M
 netchecker_server_cpu_requests: 50m
 netchecker_server_memory_requests: 64M
+netchecker_etcd_cpu_limit: 200m
+netchecker_etcd_memory_limit: 256M
+netchecker_etcd_cpu_requests: 100m
+netchecker_etcd_memory_requests: 128M
 
 # SecurityContext when PodSecurityPolicy is enabled
 netchecker_agent_user: 1000

roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2

@@ -6,10 +6,4 @@ metadata:
 rules:
   - apiGroups: [""]
     resources: ["pods"]
-    verbs: ["list"]
+    verbs: ["list", "get"]
-  - apiGroups: ["apiextensions.k8s.io"]
-    resources: ["customresourcedefinitions"]
-    verbs: ['*']
-  - apiGroups: ["network-checker.ext"]
-    resources: ["agents"]
-    verbs: ['*']

roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2

@@ -17,6 +17,9 @@ spec:
         app: netchecker-server
     spec:
       priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+      volumes:
+        - name: etcd-data
+          emptyDir: {}
       containers:
         - name: netchecker-server
           image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}"
@@ -34,10 +37,34 @@ spec:
           ports:
             - containerPort: 8081
           args:
-            - "-v=5"
+            - -v=5
-            - "-logtostderr"
+            - -logtostderr
-            - "-kubeproxyinit"
+            - -kubeproxyinit=false
-            - "-endpoint=0.0.0.0:8081"
+            - -endpoint=0.0.0.0:8081
+            - -etcd-endpoints=http://127.0.0.1:2379
+        - name: etcd
+          image: "{{ etcd_image_repo }}:{{ netcheck_etcd_image_tag }}"
+          imagePullPolicy: {{ k8s_image_pull_policy }}
+          command:
+            - etcd
+            - --listen-client-urls=http://127.0.0.1:2379
+            - --advertise-client-urls=http://127.0.0.1:2379
+            - --data-dir=/var/lib/etcd
+            - --enable-v2
+            - --force-new-cluster
+          volumeMounts:
+            - mountPath: /var/lib/etcd
+              name: etcd-data
+          resources:
+            limits:
+              cpu: {{ netchecker_etcd_cpu_limit }}
+              memory: {{ netchecker_etcd_memory_limit }}
+            requests:
+              cpu: {{ netchecker_etcd_cpu_requests }}
+              memory: {{ netchecker_etcd_memory_requests }}
+          securityContext:
+            runAsUser: {{ netchecker_server_user | default('0') }}
+            runAsGroup: {{ netchecker_server_group | default('0') }}
       tolerations:
         - effect: NoSchedule
           operator: Exists