--- - hosts: kube_node tasks: - name: Test tunl0 routes shell: "set -o pipefail && ! /sbin/ip ro | grep '/26 via' | grep -v tunl0" args: executable: /bin/bash when: - (ipip|default(true) or cloud_provider is defined) - kube_network_plugin|default('calico') == 'calico' - hosts: k8s_cluster vars: agent_report_interval: 10 netcheck_namespace: default netchecker_port: 31081 tasks: - name: Force binaries directory for Container Linux by CoreOS and Flatcar set_fact: bin_dir: "/opt/bin" when: ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - name: Force binaries directory on other hosts set_fact: bin_dir: "/usr/local/bin" when: not ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] - import_role: # noqa unnamed-task name: cluster-dump - name: Wait for netchecker server shell: "set -o pipefail && {{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server" args: executable: /bin/bash register: ncs_pod until: ncs_pod.stdout.find('Running') != -1 retries: 3 delay: 10 when: inventory_hostname == groups['kube_control_plane'][0] - name: Wait for netchecker agents shell: "set -o pipefail && {{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'" args: executable: /bin/bash register: nca_pod until: nca_pod.stdout_lines|length >= groups['k8s_cluster']|intersect(ansible_play_hosts)|length * 2 retries: 3 delay: 10 failed_when: false when: inventory_hostname == groups['kube_control_plane'][0] - name: Get netchecker pods command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}" run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" no_log: false with_items: - netchecker-agent - netchecker-agent-hostnet when: not nca_pod is success - debug: # noqa unnamed-task var: nca_pod.stdout_lines when: inventory_hostname == groups['kube_control_plane'][0] - name: Get netchecker agents uri: url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/agents/" return_content: yes run_once: true delegate_to: "{{ groups['kube_control_plane'][0] }}" register: agents retries: 18 delay: "{{ agent_report_interval }}" until: agents.content|length > 0 and agents.content[0] == '{' and agents.content|from_json|length >= groups['k8s_cluster']|intersect(ansible_play_hosts)|length * 2 failed_when: false no_log: false - name: Check netchecker status uri: url: "http://{{ ansible_default_ipv4.address }}:{{ netchecker_port }}/api/v1/connectivity_check" status_code: 200 return_content: yes delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true register: connectivity_check retries: 3 delay: "{{ agent_report_interval }}" until: connectivity_check.content|length > 0 and connectivity_check.content[0] == '{' no_log: false failed_when: false when: - agents.content != '{}' - debug: # noqa unnamed-task var: ncs_pod run_once: true - name: Get kube-proxy logs command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy" no_log: false when: - inventory_hostname == groups['kube_control_plane'][0] - not connectivity_check is success - name: Get logs from other apps command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers" when: - inventory_hostname == groups['kube_control_plane'][0] - not connectivity_check is success no_log: false with_items: - kube-router - flannel - canal-node - calico-node - cilium - name: Parse agents list set_fact: agents_check_result: "{{ agents.content | from_json }}" delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: - agents is success - agents.content is defined - agents.content[0] == '{' - debug: # noqa unnamed-task var: agents_check_result delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: - agents_check_result is defined - name: Parse connectivity check set_fact: connectivity_check_result: "{{ connectivity_check.content | from_json }}" delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: - connectivity_check is success - connectivity_check.content is defined - connectivity_check.content[0] == '{' - debug: # noqa unnamed-task var: connectivity_check_result delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true when: - connectivity_check_result is defined - name: Check connectivity with all netchecker agents assert: that: - agents_check_result is defined - connectivity_check_result is defined - agents_check_result.keys() | length > 0 - not connectivity_check_result.Absent - not connectivity_check_result.Outdated msg: "Connectivity check to netchecker agents failed" delegate_to: "{{ groups['kube_control_plane'][0] }}" run_once: true - name: Create macvlan network conf # We cannot use only shell: below because Ansible will render the text # with leading spaces, which means the shell will never find the string # EOF at the beginning of a line. We can avoid Ansible's unhelpful # heuristics by using the cmd parameter like this: shell: cmd: | cat <<EOF | {{ bin_dir }}/kubectl create -f - apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: macvlan-conf spec: config: '{ "cniVersion": "0.4.0", "type": "macvlan", "master": "eth0", "mode": "bridge", "ipam": { "type": "host-local", "subnet": "192.168.1.0/24", "rangeStart": "192.168.1.200", "rangeEnd": "192.168.1.216", "routes": [ { "dst": "0.0.0.0/0" } ], "gateway": "192.168.1.1" } }' EOF when: - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool - name: Annotate pod with macvlan network # We cannot use only shell: below because Ansible will render the text # with leading spaces, which means the shell will never find the string # EOF at the beginning of a line. We can avoid Ansible's unhelpful # heuristics by using the cmd parameter like this: shell: cmd: | cat <<EOF | {{ bin_dir }}/kubectl create -f - apiVersion: v1 kind: Pod metadata: name: samplepod annotations: k8s.v1.cni.cncf.io/networks: macvlan-conf spec: containers: - name: samplepod command: ["/bin/bash", "-c", "sleep 2000000000000"] image: dougbtv/centos-network EOF when: - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool - name: Check secondary macvlan interface command: "{{ bin_dir }}/kubectl exec samplepod -- ip addr show dev net1" register: output until: output.rc == 0 retries: 90 changed_when: false when: - inventory_hostname == groups['kube_control_plane'][0] - kube_network_plugin_multus|default(false)|bool