netchecker: update images to 1.2.2 from Mirantis (#8074)

* netchecker: update images to 1.2.2 from Mirantis which is slightly less ancinet than the l23networks images

* Netchecker: use local etcd instead of kubernetes v1beta1 crds which are no longer suported by kube 1.22+
pull/8099/head
Cristian Calin 2021-10-19 20:17:04 +03:00 committed by GitHub
parent 6aac59394e
commit 6a5b87dda4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 41 additions and 15 deletions

View File

@ -1,7 +1,7 @@
# Network Checker Application # Network Checker Application
With the ``deploy_netchecker`` var enabled (defaults to false), Kubespray deploys a With the ``deploy_netchecker`` var enabled (defaults to false), Kubespray deploys a
Network Checker Application from the 3rd side `l23network/k8s-netchecker` docker Network Checker Application from the 3rd side `mirantis/k8s-netchecker` docker
images. It consists of the server and agents trying to reach the server by usual images. It consists of the server and agents trying to reach the server by usual
for Kubernetes applications network connectivity meanings. Therefore, this for Kubernetes applications network connectivity meanings. Therefore, this
automatically verifies a pod to pod connectivity via the cluster IP and checks automatically verifies a pod to pod connectivity via the cluster IP and checks

View File

@ -479,11 +479,12 @@ pod_infra_image_repo: "{{ kube_image_repo }}/pause"
pod_infra_image_tag: "{{ pod_infra_version }}" pod_infra_image_tag: "{{ pod_infra_version }}"
install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat" install_socat_image_repo: "{{ docker_image_repo }}/xueshanf/install-socat"
install_socat_image_tag: "latest" install_socat_image_tag: "latest"
netcheck_version: "v1.0" netcheck_version: "v1.2.2"
netcheck_agent_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-agent" netcheck_agent_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-agent"
netcheck_agent_image_tag: "{{ netcheck_version }}" netcheck_agent_image_tag: "{{ netcheck_version }}"
netcheck_server_image_repo: "{{ quay_image_repo }}/l23network/k8s-netchecker-server" netcheck_server_image_repo: "{{ docker_image_repo }}/mirantis/k8s-netchecker-server"
netcheck_server_image_tag: "{{ netcheck_version }}" netcheck_server_image_tag: "{{ netcheck_version }}"
netcheck_etcd_image_tag: "v3.4.17"
weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube" weave_kube_image_repo: "{{ docker_image_repo }}/weaveworks/weave-kube"
weave_kube_image_tag: "{{ weave_version }}" weave_kube_image_tag: "{{ weave_version }}"
weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc" weave_npc_image_repo: "{{ docker_image_repo }}/weaveworks/weave-npc"

View File

@ -38,6 +38,10 @@ netchecker_server_cpu_limit: 100m
netchecker_server_memory_limit: 256M netchecker_server_memory_limit: 256M
netchecker_server_cpu_requests: 50m netchecker_server_cpu_requests: 50m
netchecker_server_memory_requests: 64M netchecker_server_memory_requests: 64M
netchecker_etcd_cpu_limit: 200m
netchecker_etcd_memory_limit: 256M
netchecker_etcd_cpu_requests: 100m
netchecker_etcd_memory_requests: 128M
# SecurityContext when PodSecurityPolicy is enabled # SecurityContext when PodSecurityPolicy is enabled
netchecker_agent_user: 1000 netchecker_agent_user: 1000

View File

@ -6,10 +6,4 @@ metadata:
rules: rules:
- apiGroups: [""] - apiGroups: [""]
resources: ["pods"] resources: ["pods"]
verbs: ["list"] verbs: ["list", "get"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ['*']
- apiGroups: ["network-checker.ext"]
resources: ["agents"]
verbs: ['*']

View File

@ -17,6 +17,9 @@ spec:
app: netchecker-server app: netchecker-server
spec: spec:
priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}} priorityClassName: {% if netcheck_namespace == 'kube-system' %}system-cluster-critical{% else %}k8s-cluster-critical{% endif %}{{''}}
volumes:
- name: etcd-data
emptyDir: {}
containers: containers:
- name: netchecker-server - name: netchecker-server
image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}" image: "{{ netcheck_server_image_repo }}:{{ netcheck_server_image_tag }}"
@ -34,10 +37,34 @@ spec:
ports: ports:
- containerPort: 8081 - containerPort: 8081
args: args:
- "-v=5" - -v=5
- "-logtostderr" - -logtostderr
- "-kubeproxyinit" - -kubeproxyinit=false
- "-endpoint=0.0.0.0:8081" - -endpoint=0.0.0.0:8081
- -etcd-endpoints=http://127.0.0.1:2379
- name: etcd
image: "{{ etcd_image_repo }}:{{ netcheck_etcd_image_tag }}"
imagePullPolicy: {{ k8s_image_pull_policy }}
command:
- etcd
- --listen-client-urls=http://127.0.0.1:2379
- --advertise-client-urls=http://127.0.0.1:2379
- --data-dir=/var/lib/etcd
- --enable-v2
- --force-new-cluster
volumeMounts:
- mountPath: /var/lib/etcd
name: etcd-data
resources:
limits:
cpu: {{ netchecker_etcd_cpu_limit }}
memory: {{ netchecker_etcd_memory_limit }}
requests:
cpu: {{ netchecker_etcd_cpu_requests }}
memory: {{ netchecker_etcd_memory_requests }}
securityContext:
runAsUser: {{ netchecker_server_user | default('0') }}
runAsGroup: {{ netchecker_server_group | default('0') }}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
operator: Exists operator: Exists