diff --git a/roles/network_plugin/multus/files/multus-clusterrole.yml b/roles/network_plugin/multus/files/multus-clusterrole.yml index 820678780..ec2ec3a06 100644 --- a/roles/network_plugin/multus/files/multus-clusterrole.yml +++ b/roles/network_plugin/multus/files/multus-clusterrole.yml @@ -4,16 +4,25 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: multus rules: -- apiGroups: ["k8s.cni.cncf.io"] - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - pods - - pods/status - verbs: - - get - - update \ No newline at end of file + - apiGroups: ["k8s.cni.cncf.io"] + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - pods + - pods/status + verbs: + - get + - update + - apiGroups: + - "" + - events.k8s.io + resources: + - events + verbs: + - create + - patch + - update \ No newline at end of file diff --git a/roles/network_plugin/multus/meta/main.yml b/roles/network_plugin/multus/meta/main.yml new file mode 100644 index 000000000..9b7065f18 --- /dev/null +++ b/roles/network_plugin/multus/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: network_plugin/cni diff --git a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 index 5572feb42..92f21ee15 100644 --- a/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 +++ b/roles/network_plugin/multus/templates/multus-daemonset.yml.j2 @@ -43,10 +43,10 @@ spec: resources: requests: cpu: "100m" - memory: "50Mi" + memory: "90Mi" limits: cpu: "100m" - memory: "50Mi" + memory: "90Mi" securityContext: privileged: true {% if container_manager == 'crio' %} diff --git a/tests/testcases/040_check-network-adv.yml b/tests/testcases/040_check-network-adv.yml index 68dfb4a77..07e5a1bab 100644 --- a/tests/testcases/040_check-network-adv.yml +++ b/tests/testcases/040_check-network-adv.yml @@ -35,22 +35,20 @@ - name: Wait for netchecker server shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep ^netchecker-server" - delegate_to: "{{ groups['kube-master'][0] }}" - run_once: true register: ncs_pod until: ncs_pod.stdout.find('Running') != -1 retries: 3 delay: 10 + when: inventory_hostname == groups['kube-master'][0] - name: Wait for netchecker agents shell: "{{ bin_dir }}/kubectl get pods -o wide --namespace {{ netcheck_namespace }} | grep '^netchecker-agent-.*Running'" - run_once: true - delegate_to: "{{ groups['kube-master'][0] }}" register: nca_pod until: nca_pod.stdout_lines|length >= groups['k8s-cluster']|intersect(ansible_play_hosts)|length * 2 retries: 3 delay: 10 failed_when: false + when: inventory_hostname == groups['kube-master'][0] - name: Get netchecker pods command: "{{ bin_dir }}/kubectl -n {{ netcheck_namespace }} describe pod -l app={{ item }}" @@ -115,16 +113,16 @@ - name: Get kube-proxy logs command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app=kube-proxy" - run_once: true - when: not result is success - delegate_to: "{{ groups['kube-master'][0] }}" no_log: false + when: + - inventory_hostname == groups['kube-master'][0] + - not result is success - name: Get logs from other apps command: "{{ bin_dir }}/kubectl -n kube-system logs -l k8s-app={{ item }} --all-containers" - run_once: true - when: not result is success - delegate_to: "{{ groups['kube-master'][0] }}" + when: + - inventory_hostname == groups['kube-master'][0] + - not result is success no_log: false with_items: - kube-router @@ -189,6 +187,7 @@ }' EOF when: + - inventory_hostname == groups['kube-master'][0] - kube_network_plugin_multus|default(false) - name: Annotate pod with macvlan network @@ -212,6 +211,7 @@ image: dougbtv/centos-network EOF when: + - inventory_hostname == groups['kube-master'][0] - kube_network_plugin_multus|default(false) - name: Check secondary macvlan interface @@ -221,4 +221,5 @@ retries: 90 changed_when: false when: + - inventory_hostname == groups['kube-master'][0] - kube_network_plugin_multus|default(false)