Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add connectivity checker controller #856

Merged
merged 1 commit into from Dec 5, 2020
Merged

Add connectivity checker controller #856

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 4 additions & 0 deletions bindata/network-diagnostics/000-ns.yaml
View file
Open in desktop
@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: openshift-network-diagnostics
115 changes: 115 additions & 0 deletions bindata/network-diagnostics/001-rbac.yaml
View file
Open in desktop
@@ -0,0 +1,115 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: network-diagnostics
namespace: openshift-network-diagnostics

---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: network-diagnostics
namespace: openshift-network-diagnostics
rules:
- apiGroups: [""]
resources:
- secrets
verbs:
- get
- list
- watch

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: network-diagnostics
namespace: openshift-network-diagnostics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: network-diagnostics
namespace: openshift-network-diagnostics
subjects:
- kind: ServiceAccount
name: network-diagnostics
namespace: openshift-network-diagnostics

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: network-diagnostics
rules:
- apiGroups: [""]
resources:
- endpoints
- namespaces
- pods
- services
- nodes
verbs:
- get
- list
- watch
- apiGroups: [""]
resources:
- events
verbs:
- get
- list
- watch
- create
- apiGroups: ["apps"]
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups: ["apiextensions.k8s.io"]
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups: ['controlplane.operator.openshift.io']
resources: ['podnetworkconnectivitychecks']
verbs:
- get
- list
- watch
- apiGroups: ['controlplane.operator.openshift.io']
resources: ['podnetworkconnectivitychecks/status']
verbs: ['update']

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: network-diagnostics
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: network-diagnostics
subjects:
- kind: ServiceAccount
name: network-diagnostics
namespace: openshift-network-diagnostics

---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: network-diagnostics
namespace: kube-system
rcarrillocruz marked this conversation as resolved.
Show resolved Hide resolved
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: network-diagnostics
namespace: openshift-network-diagnostics
94 changes: 94 additions & 0 deletions bindata/network-diagnostics/network-check-source.yaml
View file
Open in desktop
@@ -0,0 +1,94 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: network-check-source
namespace: openshift-network-diagnostics
annotations:
kubernetes.io/description: |
This deployment deploys the network-check-source pod that performs
pod network connectivity checks
release.openshift.io/version: "{{.ReleaseVersion}}"
spec:
replicas: 1
selector:
matchLabels:
app: network-check-source
strategy:
type: Recreate
template:
metadata:
labels:
app: network-check-source
spec:
serviceAccountName: network-diagnostics
containers:
- name: check-endpoints
image: "{{.NetworkCheckSourceImage}}"
imagePullPolicy: IfNotPresent
terminationMessagePolicy: FallbackToLogsOnError
command:
- cluster-network-check-endpoints
args:
- --listen
- 0.0.0.0:17698
- --namespace
- $(POD_NAMESPACE)
rcarrillocruz marked this conversation as resolved.
Show resolved Hide resolved
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: check-endpoints
containerPort: 17698
protocol: TCP
resources:
requests:
memory: 50Mi
cpu: 10m

---
apiVersion: v1
rcarrillocruz marked this conversation as resolved.
Show resolved Hide resolved
kind: Service
metadata:
name: network-check-source
namespace: openshift-network-diagnostics
annotations:
include.release.openshift.io/self-managed-high-availability: "true"
spec:
clusterIP: None
ports:
- name: check-endpoints
port: 17698
targetPort: 17698
selector:
app: network-check-source
type: ClusterIP

---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: network-check-source
namespace: openshift-network-diagnostics
annotations:
include.release.openshift.io/self-managed-high-availability: "true"
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
interval: 30s
port: check-endpoints
scheme: https
tlsConfig:
insecureSkipVerify: true
jobLabel: component
namespaceSelector:
matchNames:
- openshift-network-diagnostics
selector:
matchLabels:
app: network-check-source
54 changes: 54 additions & 0 deletions bindata/network-diagnostics/network-check-target.yaml
View file
Open in desktop
@@ -0,0 +1,54 @@
apiVersion: apps/v1
kind: DaemonSet
squeed marked this conversation as resolved.
Show resolved Hide resolved
metadata:
name: network-check-target
namespace: openshift-network-diagnostics
annotations:
kubernetes.io/description: |
This daemonset deploys the network-check-target pods that run
a dummy hello-openshift app to be checked by network-check-source pod
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FTR if you set RESPONSE in the pod's environment, you can make it respond something other than "Hello OpenShift!".

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

oh nice, didn't know that

release.openshift.io/version: "{{.ReleaseVersion}}"
spec:
selector:
matchLabels:
app: network-check-target
template:
rcarrillocruz marked this conversation as resolved.
Show resolved Hide resolved
metadata:
labels:
app: network-check-target
spec:
containers:
- image: "{{.NetworkCheckTargetImage}}"
imagePullPolicy: IfNotPresent
name: network-check-target-container
ports:
- containerPort: 8080
protocol: TCP
resources:
requests:
cpu: 10m
memory: 150Mi
readinessProbe:
httpGet:
port: 8080
path: /
initialDelaySeconds: 30
timeoutSeconds: 10
serviceAccount: default
terminationGracePeriodSeconds: 10
tolerations:
rcarrillocruz marked this conversation as resolved.
Show resolved Hide resolved
- operator: "Exists"

---
apiVersion: v1
kind: Service
metadata:
name: network-check-target
namespace: openshift-network-diagnostics
spec:
selector:
app: network-check-target
ports:
- protocol: TCP
port: 80
targetPort: 8080
4 changes: 0 additions & 4 deletions go.sum
View file
Open in desktop
Expand Up @@ -150,8 +150,6 @@ github.com/go-logr/logr v0.1.0 h1:M1Tv3VzNlEHg6uyACnRdtrploV2P7wZqH8BoQMtz0cg=
github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas=
github.com/go-logr/logr v0.2.0 h1:QvGt2nLcHH0WK9orKa+ppBPAxREcH364nPUedEpK0TY=
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v0.2.1 h1:fV3MLmabKIZ383XifUjFSwcoGee0v9qgPp8wy5svibE=
github.com/go-logr/logr v0.2.1/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v0.3.0 h1:q4c+kbcR0d5rSurhBR8dIgieOaYpXtsdTYfx22Cu6rs=
github.com/go-logr/logr v0.3.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/zapr v0.1.0 h1:h+WVe9j6HAA01niTJPA/kKH0i7e0rLZBCwauQFcRE54=
Expand Down Expand Up @@ -393,8 +391,6 @@ github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zM
github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U=
github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267 h1:d6qOoblJz8DjQ44PRT0hYt3qLqJ/Lnvipk1vXr0gpfo=
github.com/openshift/api v0.0.0-20201019163320-c6a5ec25f267/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM=
github.com/openshift/api v0.0.0-20201130121019-19e3831bc513 h1:kjg7HNFGXTvxwV9NFtAm+WFRgJPGOazenElEulEDWWc=
github.com/openshift/api v0.0.0-20201130121019-19e3831bc513/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM=
github.com/openshift/api v0.0.0-20201201210054-c6debb38648f h1:M7qMmULhN07e4brHTZia3lNZTPwh4lAGRxs8R3HpnhI=
github.com/openshift/api v0.0.0-20201201210054-c6debb38648f/go.mod h1:RDvBcRQMGLa3aNuDuejVBbTEQj/2i14NXdpOLqbNBvM=
github.com/openshift/build-machinery-go v0.0.0-20200917070002-f171684f77ab h1:lBrojddP6C9C2p67EMs2vcdpC8eF+H0DDom+fgI2IF0=
Expand Down
4 changes: 4 additions & 0 deletions manifests/0000_70_cluster-network-operator_03_deployment.yaml
View file
Open in desktop
Expand Up @@ -68,6 +68,10 @@ spec:
value: "quay.io/openshift/origin-kuryr-controller:latest"
- name: NETWORK_METRICS_DAEMON_IMAGE
value: "quay.io/openshift/origin-network-metrics-daemon:latest"
- name: NETWORK_CHECK_SOURCE_IMAGE
value: "quay.io/openshift/origin-cluster-network-operator:latest"
- name: NETWORK_CHECK_TARGET_IMAGE
value: "quay.io/openshift/origin-hello-openshift:latest"
- name: POD_NAME
valueFrom:
fieldRef:
Expand Down
5 changes: 4 additions & 1 deletion manifests/image-references
View file
Open in desktop
Expand Up @@ -58,4 +58,7 @@ spec:
from:
kind: DockerImage
name: quay.io/openshift/origin-network-metrics-daemon:latest

- name: hello-openshift
from:
kind: DockerImage
name: quay.io/openshift/origin-hello-openshift:latest
squeed marked this conversation as resolved.
Show resolved Hide resolved