From 361645e8b67244b339327effc9361e095ddb9a2f Mon Sep 17 00:00:00 2001
From: Florian Ruynat <florian234@hotmail.com>
Date: Fri, 1 May 2020 08:38:05 +0200
Subject: [PATCH] Fix multus missing cni and erroneous CI tests (#6051)

---
 .../multus/files/multus-clusterrole.yml       | 35 ++++++++++++-------
 roles/network_plugin/multus/meta/main.yml     |  3 ++
 .../multus/templates/multus-daemonset.yml.j2  |  4 +--
 tests/testcases/040_check-network-adv.yml     | 21 +++++------
 4 files changed, 38 insertions(+), 25 deletions(-)
 create mode 100644 roles/network_plugin/multus/meta/main.yml

diff --git a/roles/network_plugin/multus/files/multus-clusterrole.yml b/roles/network_plugin/multus/files/multus-clusterrole.yml
index 820678780..ec2ec3a06 100644
--- a/roles/network_plugin/multus/files/multus-clusterrole.yml
+++ b/roles/network_plugin/multus/files/multus-clusterrole.yml
@@ -4,16 +4,25 @@ apiVersion: rbac.authorization.k8s.io/v1
 metadata:
   name: multus
 rules:
-- apiGroups: ["k8s.cni.cncf.io"]
-  resources:
-  - '*'
-  verbs:
-  - '*'
-- apiGroups:
-  - ""
-  resources:
-  - pods
-  - pods/status
-  verbs:
-  - get
-  - update
\ No newline at end of file
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
\ No newline at end of file
diff --git a/roles/network_plugin/multus/meta/main.yml b/roles/network_plugin/multus/meta/main.yml
new file mode 100644
index 000000000..9b7065f18
--- /dev/null
+++ b/roles/network_plugin/multus/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: network_plugin/cni
diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
index 5572feb42..92f21ee15 100644
--- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
+++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2
@@ -43,10 +43,10 @@ spec:
         resources:
           requests:
             cpu: "100m"
-            memory: "50Mi"
+            memory: "90Mi"
           limits:
             cpu: "100m"
-            memory: "50Mi"
+            memory: "90Mi"
         securityContext:
           privileged: true
 {% if container_manager == 'crio' %}
diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml
index 68dfb4a77..07e5a1bab 100644
--- a/tests/testcases/040_check-network-adv.yml
+++ b/tests/testcases/040_check-network-adv.yml
@@ -35,22 +35,20 @@
 
     - name: Wait for netchecker server
       shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server"
-      delegate_to: "{{ groups['kube-master'][0] }}"
-      run_once: true
       register: ncs_pod
       until: ncs_pod.stdout.find('Running') != -1
       retries: 3
       delay: 10
+      when: inventory_hostname == groups['kube-master'][0]
 
     - name: Wait for netchecker agents
       shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'"
-      run_once: true
-      delegate_to: "{{ groups['kube-master'][0] }}"
       register: nca_pod
       until: nca_pod.stdout_lines|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2
       retries: 3
       delay: 10
       failed_when: false
+      when: inventory_hostname == groups['kube-master'][0]
 
     - name: Get netchecker pods
       command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}"
@@ -115,16 +113,16 @@
 
     - name: Get kube-proxy logs
       command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy"
-      run_once: true
-      when: not result is success
-      delegate_to: "{{ groups['kube-master'][0] }}"
       no_log: false
+      when:
+        - inventory_hostname == groups['kube-master'][0]
+        - not result is success
 
     - name: Get logs from other apps
       command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers"
-      run_once: true
-      when: not result is success
-      delegate_to: "{{ groups['kube-master'][0] }}"
+      when:
+        - inventory_hostname == groups['kube-master'][0]
+        - not result is success
       no_log: false
       with_items:
         - kube-router
@@ -189,6 +187,7 @@
           }'
           EOF
       when:
+        - inventory_hostname == groups['kube-master'][0]
         - kube_network_plugin_multus|default(false)
 
     - name: Annotate pod with macvlan network
@@ -212,6 +211,7 @@
               image: dougbtv/centos-network
           EOF
       when:
+        - inventory_hostname == groups['kube-master'][0]
         - kube_network_plugin_multus|default(false)
 
     - name: Check secondary macvlan interface
@@ -221,4 +221,5 @@
       retries: 90
       changed_when: false
       when:
+        - inventory_hostname == groups['kube-master'][0]
         - kube_network_plugin_multus|default(false)
-- 
GitLab