-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
multus: add host checking to validation tool
In order to help users check that they have implemented the newly-added Multus host configuration prerequisites, add a check to the validation tool to verify connectivity. Because users who are already running clusters with Multus enabled, add a flag that allows users to only check for host configuration prerequisites. This mode will not start the large number of clients that would normally be started because those clients could disrupt a running Rook cluster negatively. Host checking pods require host network access. Many Kubernetes distributions have pod security features enabled. In order to allow non-Vanilla distros to run this tool, allow specifying a service account that pods will run as, which can be configured by the admin to allow test pods. Signed-off-by: Blaine Gardner <blaine.gardner@ibm.com>
- Loading branch information
Showing
12 changed files
with
455 additions
and
48 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: multus-validation-test-host-checker-{{ .NodeType }} | ||
labels: | ||
app: multus-validation-test-host-checker | ||
nodeType: "{{ .NodeType }}" | ||
app.kubernetes.io/name: "host-checker" | ||
app.kubernetes.io/instance: "host-checker-{{ .NodeType }}" | ||
app.kubernetes.io/component: "host-checker" | ||
app.kubernetes.io/part-of: "multus-validation-test" | ||
app.kubernetes.io/managed-by: "rook-cli" | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: multus-validation-test-host-checker | ||
nodeType: "{{ .NodeType }}" | ||
template: | ||
metadata: | ||
labels: | ||
app: multus-validation-test-host-checker | ||
nodeType: "{{ .NodeType }}" | ||
spec: | ||
nodeSelector: | ||
{{- range $k, $v := .Placement.NodeSelector }} | ||
{{ $k }}: {{ $v }} | ||
{{- end }} | ||
tolerations: | ||
{{- range $idx, $toleration := .Placement.Tolerations }} | ||
- {{ $toleration.ToJSON }} | ||
{{- end }} | ||
securityContext: | ||
runAsNonRoot: true | ||
seccompProfile: | ||
type: RuntimeDefault | ||
hostNetwork: true | ||
containers: | ||
- name: readiness-check-web-server-public-addr | ||
# use nginx image because it's already used for the web server pod and has a non-root user | ||
image: "{{ .NginxImage }}" | ||
command: | ||
- sleep | ||
- infinity | ||
resources: {} | ||
securityContext: | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- "ALL" | ||
# A readiness probe makes validation testing easier than investigate container logs. | ||
# Additionally, readiness probe failures don't result in CrashLoopBackoff -- ideal here, | ||
# where ever-longer back-offs would cause tests to run for much longer than necessary. | ||
readinessProbe: | ||
# Low failure threshold and high success threshold. Intended to be very sensitive to | ||
# failures. If probe fails with any regularity, Ceph OSDs likely won't be stable. | ||
failureThreshold: 1 | ||
successThreshold: 12 | ||
periodSeconds: 5 | ||
# Assumption: a network with a latency more than 4 seconds for this validation test's | ||
# simple client-server response likely won't support acceptable performance for any | ||
# production Ceph cluster. | ||
timeoutSeconds: 4 | ||
# TODO: exec:curl works but httpGet fails. Why? need custom header? | ||
exec: | ||
command: | ||
- "curl" | ||
- "--insecure" | ||
- "{{ .PublicNetworkAddress }}:8080" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.