This commit is contained in:
Mark Lee 2017-02-08 19:19:26 +09:00
commit df761713aa
13 changed files with 48 additions and 45 deletions

View file

@ -2,7 +2,7 @@ Network Checker Application
=========================== ===========================
With the ``deploy_netchecker`` var enabled (defaults to false), Kargo deploys a With the ``deploy_netchecker`` var enabled (defaults to false), Kargo deploys a
Network Checker Application from the 3rd side `l23network/mcp-netchecker` docker Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker
images. It consists of the server and agents trying to reach the server by usual images. It consists of the server and agents trying to reach the server by usual
for Kubernetes applications network connectivity meanings. Therefore, this for Kubernetes applications network connectivity meanings. Therefore, this
automagically verifies a pod to pod connectivity via the cluster IP and checks automagically verifies a pod to pod connectivity via the cluster IP and checks
@ -25,8 +25,8 @@ There are related application specifc variables:
netchecker_port: 31081 netchecker_port: 31081
agent_report_interval: 15 agent_report_interval: 15
netcheck_namespace: default netcheck_namespace: default
agent_img: "quay.io/l23network/mcp-netchecker-agent:v0.1" agent_img: "quay.io/l23network/k8s-netchecker-agent:v1.0"
server_img: "quay.io/l23network/mcp-netchecker-server:v0.1" server_img: "quay.io/l23network/k8s-netchecker-server:v1.0"
``` ```
Note that the application verifies DNS resolve for FQDNs comprising only the Note that the application verifies DNS resolve for FQDNs comprising only the

View file

@ -59,11 +59,9 @@ hyperkube_image_repo: "quay.io/coreos/hyperkube"
hyperkube_image_tag: "{{ kube_version }}_coreos.0" hyperkube_image_tag: "{{ kube_version }}_coreos.0"
pod_infra_image_repo: "gcr.io/google_containers/pause-amd64" pod_infra_image_repo: "gcr.io/google_containers/pause-amd64"
pod_infra_image_tag: "{{ pod_infra_version }}" pod_infra_image_tag: "{{ pod_infra_version }}"
netcheck_tag: v0.1 netcheck_tag: "v1.0"
netcheck_kubectl_tag: v0.18.0-120-gaeb4ac55ad12b1-dirty netcheck_agent_img_repo: "quay.io/l23network/k8s-netchecker-agent"
netcheck_agent_img_repo: "quay.io/l23network/mcp-netchecker-agent" netcheck_server_img_repo: "quay.io/l23network/k8s-netchecker-server"
netcheck_server_img_repo: "quay.io/l23network/mcp-netchecker-server"
netcheck_kubectl_img_repo: "gcr.io/google_containers/kubectl"
weave_kube_image_repo: "weaveworks/weave-kube" weave_kube_image_repo: "weaveworks/weave-kube"
weave_kube_image_tag: "{{ weave_version }}" weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "weaveworks/weave-npc" weave_npc_image_repo: "weaveworks/weave-npc"
@ -96,12 +94,6 @@ downloads:
tag: "{{ netcheck_tag }}" tag: "{{ netcheck_tag }}"
sha256: "{{ netcheck_agent_digest_checksum|default(None) }}" sha256: "{{ netcheck_agent_digest_checksum|default(None) }}"
enabled: "{{ deploy_netchecker|bool }}" enabled: "{{ deploy_netchecker|bool }}"
netcheck_kubectl:
container: true
repo: "{{ netcheck_kubectl_img_repo }}"
tag: "{{ netcheck_kubectl_tag }}"
sha256: "{{ netcheck_kubectl_digest_checksum|default(None) }}"
enabled: "{{ deploy_netchecker|bool }}"
etcd: etcd:
version: "{{etcd_version}}" version: "{{etcd_version}}"
dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz" dest: "etcd/etcd-{{ etcd_version }}-linux-amd64.tar.gz"

View file

@ -7,6 +7,11 @@ etcd_cert_group: root
etcd_script_dir: "{{ bin_dir }}/etcd-scripts" etcd_script_dir: "{{ bin_dir }}/etcd-scripts"
etcd_heartbeat_interval: "250"
etcd_election_timeout: "5000"
# Limits # Limits
etcd_memory_limit: 512M etcd_memory_limit: 512M
etcd_cpu_limit: 300m
# Uncomment to set CPU share for etcd
#etcd_cpu_limit: 300m

View file

@ -14,7 +14,12 @@ ExecStart={{ docker_bin_dir }}/docker run --restart=on-failure:5 \
-v /etc/ssl/certs:/etc/ssl/certs:ro \ -v /etc/ssl/certs:/etc/ssl/certs:ro \
-v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \ -v {{ etcd_cert_dir }}:{{ etcd_cert_dir }}:ro \
-v /var/lib/etcd:/var/lib/etcd:rw \ -v /var/lib/etcd:/var/lib/etcd:rw \
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} --cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \ {% if etcd_memory_limit is defined %}
--memory={{ etcd_memory_limit|regex_replace('Mi', 'M') }} \
{% endif %}
{% if etcd_cpu_limit is defined %}
--cpu-shares={{ etcd_cpu_limit|regex_replace('m', '') }} \
{% endif %}
--name={{ etcd_member_name | default("etcd") }} \ --name={{ etcd_member_name | default("etcd") }} \
{{ etcd_image_repo }}:{{ etcd_image_tag }} \ {{ etcd_image_repo }}:{{ etcd_image_tag }} \
{% if etcd_after_v3 %} {% if etcd_after_v3 %}

View file

@ -4,7 +4,8 @@ ETCD_INITIAL_ADVERTISE_PEER_URLS={{ etcd_peer_url }}
ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %} ETCD_INITIAL_CLUSTER_STATE={% if etcd_cluster_is_healthy.rc != 0 | bool %}new{% else %}existing{% endif %}
ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379 ETCD_LISTEN_CLIENT_URLS=https://{{ etcd_address }}:2379,https://127.0.0.1:2379
ETCD_ELECTION_TIMEOUT=10000 ETCD_ELECTION_TIMEOUT={{ etcd_election_timeout }}
ETCD_HEARTBEAT_INTERVAL={{ etcd_heartbeat_interval }}
ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd ETCD_INITIAL_CLUSTER_TOKEN=k8s_etcd
ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380 ETCD_LISTEN_PEER_URLS=https://{{ etcd_address }}:2380
ETCD_NAME={{ etcd_member_name }} ETCD_NAME={{ etcd_member_name }}

View file

@ -31,7 +31,6 @@ agent_report_interval: 15
netcheck_namespace: default netcheck_namespace: default
agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_tag }}" agent_img: "{{ netcheck_agent_img_repo }}:{{ netcheck_tag }}"
server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_tag }}" server_img: "{{ netcheck_server_img_repo }}:{{ netcheck_tag }}"
kubectl_image: "{{ netcheck_kubectl_img_repo }}:{{ netcheck_kubectl_tag }}"
# Limits for netchecker apps # Limits for netchecker apps
netchecker_agent_cpu_limit: 30m netchecker_agent_cpu_limit: 30m
@ -42,10 +41,6 @@ netchecker_server_cpu_limit: 100m
netchecker_server_memory_limit: 256M netchecker_server_memory_limit: 256M
netchecker_server_cpu_requests: 50m netchecker_server_cpu_requests: 50m
netchecker_server_memory_requests: 128M netchecker_server_memory_requests: 128M
netchecker_kubectl_cpu_limit: 30m
netchecker_kubectl_memory_limit: 128M
netchecker_kubectl_cpu_requests: 15m
netchecker_kubectl_memory_requests: 64M
# SSL # SSL
etcd_cert_dir: "/etc/ssl/etcd/ssl" etcd_cert_dir: "/etc/ssl/etcd/ssl"

View file

@ -20,8 +20,11 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: REPORT_INTERVAL args:
value: '{{ agent_report_interval }}' - "-v=5"
- "-alsologtostderr=true"
- "-serverendpoint=netchecker-service:8081"
- "-reportinterval={{ agent_report_interval }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
resources: resources:
limits: limits:

View file

@ -21,8 +21,11 @@ spec:
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: metadata.name fieldPath: metadata.name
- name: REPORT_INTERVAL args:
value: '{{ agent_report_interval }}' - "-v=5"
- "-alsologtostderr=true"
- "-serverendpoint=netchecker-service:8081"
- "-reportinterval={{ agent_report_interval }}"
imagePullPolicy: {{ k8s_image_pull_policy }} imagePullPolicy: {{ k8s_image_pull_policy }}
resources: resources:
limits: limits:

View file

@ -21,15 +21,8 @@ spec:
ports: ports:
- containerPort: 8081 - containerPort: 8081
hostPort: 8081 hostPort: 8081
- name: kubectl-proxy
image: "{{ kubectl_image }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
resources:
limits:
cpu: {{ netchecker_kubectl_cpu_limit }}
memory: {{ netchecker_kubectl_memory_limit }}
requests:
cpu: {{ netchecker_kubectl_cpu_requests }}
memory: {{ netchecker_kubectl_memory_requests }}
args: args:
- proxy - "-v=5"
- "-logtostderr"
- "-kubeproxyinit"
- "-endpoint=0.0.0.0:8081"

View file

@ -12,9 +12,5 @@ dependencies:
file: "{{ downloads.netcheck_agent }}" file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker when: deploy_netchecker
tags: [download, netchecker] tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker
tags: [download, netchecker]
- {role: kubernetes-apps/ansible, tags: apps} - {role: kubernetes-apps/ansible, tags: apps}
- {role: kubernetes-apps/kpm, tags: [apps, kpm]} - {role: kubernetes-apps/kpm, tags: [apps, kpm]}

View file

@ -29,3 +29,7 @@ nginx_image_repo: nginx
nginx_image_tag: 1.11.4-alpine nginx_image_tag: 1.11.4-alpine
etcd_config_dir: /etc/ssl/etcd etcd_config_dir: /etc/ssl/etcd
# A port range to reserve for services with NodePort visibility.
# Inclusive at both ends of the range.
kube_apiserver_node_port_range: "30000-32767"

View file

@ -22,10 +22,6 @@ dependencies:
file: "{{ downloads.netcheck_agent }}" file: "{{ downloads.netcheck_agent }}"
when: deploy_netchecker when: deploy_netchecker
tags: [download, netchecker] tags: [download, netchecker]
- role: download
file: "{{ downloads.netcheck_kubectl }}"
when: deploy_netchecker
tags: [download, netchecker]
- role: download - role: download
file: "{{ downloads.kubednsmasq }}" file: "{{ downloads.kubednsmasq }}"
tags: [download, dnsmasq] tags: [download, dnsmasq]

View file

@ -21,6 +21,16 @@
notify: restart kubelet notify: restart kubelet
tags: kubelet tags: kubelet
- name: Ensure nodePort range is reserved
sysctl:
name: net.ipv4.ip_local_reserved_ports
value: "{{ kube_apiserver_node_port_range }}"
sysctl_set: yes
state: present
reload: yes
when: kube_apiserver_node_port_range is defined
tags: kube-proxy
- name: Write proxy manifest - name: Write proxy manifest
template: template:
src: manifests/kube-proxy.manifest.j2 src: manifests/kube-proxy.manifest.j2