From 6a5b87dda41fa050e52b44535013972b13cb8b7c Mon Sep 17 00:00:00 2001
From: Cristian Calin <6627509+cristicalin@users.noreply.github.com>
Date: Tue, 19 Oct 2021 20:17:04 +0300
Subject: [PATCH] netchecker: update images to 1.2.2 from Mirantis (#8074)
* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images
* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
---
docs/netcheck.md | 2 +-
roles/download/defaults/main.yml | 7 ++--
.../kubernetes-apps/ansible/defaults/main.yml | 4 +++
.../netchecker-server-clusterrole.yml.j2 | 8 +----
.../netchecker-server-deployment.yml.j2 | 35 ++++++++++++++++---
5 files changed, 41 insertions(+), 15 deletions(-)
diff --git a/docs/netcheck.md b/docs/netcheck.md
index 9db5e37ac..6a1bf8046 100644
--- a/docs/netcheck.md
+++ b/docs/netcheck.md
@@ -1,7 +1,7 @@
# Network Checker Application
With the ``deploy_netchecker`` var enabled (defaults to false), Kubespray deploys a
-Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker
+Network Checker Application from the 3rd side `mirantis/k8s-netchecker` docker
images. It consists of the server and agents trying to reach the server by usual
for Kubernetes applications network connectivity meanings. Therefore, this
automatically verifies a pod to pod connectivity via the cluster IP and checks
diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml
index 87171e4ed..394a19e33 100644
--- a/roles/download/defaults/main.yml
+++ b/roles/download/defaults/main.yml
@@ -479,11 +479,12 @@ pod_infra_image_repo: "{{ kube_image_repo }}/pause"
pod_infra_image_tag: "{{ pod_infra_version }}"
install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat"
install_socat_image_tag: "latest"
-netcheck_version: "v1.0"
-netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent"
+netcheck_version: "v1.2.2"
+netcheck_agent_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-agent"
netcheck_agent_image_tag: "{{ netcheck_version }}"
-netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server"
+netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server"
netcheck_server_image_tag: "{{ netcheck_version }}"
+netcheck_etcd_image_tag: "v3.4.17"
weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube"
weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc"
diff --git a/roles/kubernetes-apps/ansible/defaults/main.yml b/roles/kubernetes-apps/ansible/defaults/main.yml
index b3067e771..c07dc9044 100644
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@@ -38,6 +38,10 @@ netchecker_server_cpu_limit: 100m
netchecker_server_memory_limit: 256M
netchecker_server_cpu_requests: 50m
netchecker_server_memory_requests: 64M
+netchecker_etcd_cpu_limit: 200m
+netchecker_etcd_memory_limit: 256M
+netchecker_etcd_cpu_requests: 100m
+netchecker_etcd_memory_requests: 128M
# SecurityContext when PodSecurityPolicy is enabled
netchecker_agent_user: 1000
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2
index 50b4e1b91..290dec350 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-clusterrole.yml.j2
@@ -6,10 +6,4 @@ metadata:
rules:
- apiGroups: [""]
resources: ["pods"]
- verbs: ["list"]
- - apiGroups: ["apiextensions.k8s.io"]
- resources: ["customresourcedefinitions"]
- verbs: ['*']
- - apiGroups: ["network-checker.ext"]
- resources: ["agents"]
- verbs: ['*']
+ verbs: ["list", "get"]
diff --git a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2 b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
index 0be97e0db..bd36af8d0 100644
--- a/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/netchecker-server-deployment.yml.j2
@@ -17,6 +17,9 @@ spec:
app: netchecker-server
spec:
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
+ volumes:
+ - name: etcd-data
+ emptyDir: {}
containers:
- name: netchecker-server
image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}"
@@ -34,10 +37,34 @@ spec:
ports:
- containerPort: 8081
args:
- - "-v=5"
- - "-logtostderr"
- - "-kubeproxyinit"
- - "-endpoint=0.0.0.0:8081"
+ - -v=5
+ - -logtostderr
+ - -kubeproxyinit=false
+ - -endpoint=0.0.0.0:8081
+ - -etcd-endpoints=http://127.0.0.1:2379
+ - name: etcd
+ image: "{{ etcd_image_repo }}:{{ netcheck_etcd_image_tag }}"
+ imagePullPolicy: {{ k8s_image_pull_policy }}
+ command:
+ - etcd
+ - --listen-client-urls=http://127.0.0.1:2379
+ - --advertise-client-urls=http://127.0.0.1:2379
+ - --data-dir=/var/lib/etcd
+ - --enable-v2
+ - --force-new-cluster
+ volumeMounts:
+ - mountPath: /var/lib/etcd
+ name: etcd-data
+ resources:
+ limits:
+ cpu: {{ netchecker_etcd_cpu_limit }}
+ memory: {{ netchecker_etcd_memory_limit }}
+ requests:
+ cpu: {{ netchecker_etcd_cpu_requests }}
+ memory: {{ netchecker_etcd_memory_requests }}
+ securityContext:
+ runAsUser: {{ netchecker_server_user | default('0') }}
+ runAsGroup: {{ netchecker_server_group | default('0') }}
tolerations:
- effect: NoSchedule
operator: Exists
--
GitLab