Skip to content

Commit

Permalink
Implement DaemonSet which runs ip monitor on all nodes
Browse files Browse the repository at this point in the history
  • Loading branch information
simu committed May 30, 2024
1 parent fd84dd9 commit 6e8d9a6
Show file tree
Hide file tree
Showing 8 changed files with 564 additions and 0 deletions.
1 change: 1 addition & 0 deletions class/openshift4-nodes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,6 @@ parameters:
- openshift4-nodes/component/oc-debug-node.jsonnet
- openshift4-nodes/component/aggregated-clusterroles.jsonnet
- openshift4-nodes/component/egress-interfaces.jsonnet
- openshift4-nodes/component/ip-monitor-daemonset.jsonnet
input_type: jsonnet
output_path: openshift4-nodes/
77 changes: 77 additions & 0 deletions component/ip-monitor-daemonset.jsonnet
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
local kap = import 'lib/kapitan.libjsonnet';
local kube = import 'lib/kube.libjsonnet';

local inv = kap.inventory();
local params = inv.parameters.openshift4_nodes;

local command = 'ip -ts monitor address link mroute netconf nexthop nsid prefix route rule';

// what do we need:
// namespace
// serviceaccount
// rolebinding for scc hostnetwork
// daemonset which has hostNetwork: true and which runs the comment

local namespace = 'appuio-ip-monitor';

local ns = kube.Namespace('appuio-ip-monitor') {
metadata+: {
annotations+: {
'openshift.io/node-selector': '',
},
labels+: {
'openshift.io/cluster-monitoring': 'true',
},
},
};

local sa = kube.ServiceAccount('ip-monitor') {
metadata+: {
namespace: namespace,
},
};

local sccRoleBinding = kube.RoleBinding('ip-monitor-scc-hostnetwork') {
metadata+: {
namespace: namespace,
},
subjects_: [ sa ],
roleRef: {
kind: 'ClusterRole',
name: 'system:openshift:scc:hostnetwork-v2',
},
};

local ds = kube.DaemonSet('ip-monitor') {
metadata+: {
namespace: namespace,
},
spec+: {
template+: {
spec+: {
containers_+: {
ipmon: kube.Container('ip-monitor') {
image: 'image-registry.openshift-image-registry.svc:5000/openshift/tools:latest',
command: [ '/bin/sh', '-c', 'trap : TERM INT; %s & wait' % command ],
},
},
hostNetwork: true,
priorityClassName: 'system-node-critical',
// run on all nodes
tolerations: [
{ operator: 'Exists' },
],
serviceAccountName: sa.metadata.name,
},
},
},
};

{
'40_ip_monitor': [
ns,
sa,
sccRoleBinding,
ds,
],
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/node-selector: ''
labels:
name: appuio-ip-monitor
openshift.io/cluster-monitoring: 'true'
name: appuio-ip-monitor
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: ip-monitor-scc-hostnetwork
name: ip-monitor-scc-hostnetwork
namespace: appuio-ip-monitor
roleRef:
kind: ClusterRole
name: system:openshift:scc:hostnetwork-v2
subjects:
- kind: ServiceAccount
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
spec:
selector:
matchLabels:
name: ip-monitor
template:
metadata:
annotations: {}
labels:
name: ip-monitor
spec:
containers:
- args: []
command:
- /bin/sh
- -c
- 'trap : TERM INT; ip -ts monitor address link mroute netconf nexthop
nsid prefix route rule & wait'
env: []
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest
imagePullPolicy: Always
name: ip-monitor
ports: []
stdin: false
tty: false
volumeMounts: []
hostNetwork: true
imagePullSecrets: []
initContainers: []
priorityClassName: system-node-critical
serviceAccountName: ip-monitor
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
volumes: []
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/node-selector: ''
labels:
name: appuio-ip-monitor
openshift.io/cluster-monitoring: 'true'
name: appuio-ip-monitor
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: ip-monitor-scc-hostnetwork
name: ip-monitor-scc-hostnetwork
namespace: appuio-ip-monitor
roleRef:
kind: ClusterRole
name: system:openshift:scc:hostnetwork-v2
subjects:
- kind: ServiceAccount
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
spec:
selector:
matchLabels:
name: ip-monitor
template:
metadata:
annotations: {}
labels:
name: ip-monitor
spec:
containers:
- args: []
command:
- /bin/sh
- -c
- 'trap : TERM INT; ip -ts monitor address link mroute netconf nexthop
nsid prefix route rule & wait'
env: []
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest
imagePullPolicy: Always
name: ip-monitor
ports: []
stdin: false
tty: false
volumeMounts: []
hostNetwork: true
imagePullSecrets: []
initContainers: []
priorityClassName: system-node-critical
serviceAccountName: ip-monitor
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
volumes: []
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
apiVersion: v1
kind: Namespace
metadata:
annotations:
openshift.io/node-selector: ''
labels:
name: appuio-ip-monitor
openshift.io/cluster-monitoring: 'true'
name: appuio-ip-monitor
---
apiVersion: v1
kind: ServiceAccount
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations: {}
labels:
name: ip-monitor-scc-hostnetwork
name: ip-monitor-scc-hostnetwork
namespace: appuio-ip-monitor
roleRef:
kind: ClusterRole
name: system:openshift:scc:hostnetwork-v2
subjects:
- kind: ServiceAccount
name: ip-monitor
namespace: appuio-ip-monitor
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
annotations: {}
labels:
name: ip-monitor
name: ip-monitor
namespace: appuio-ip-monitor
spec:
selector:
matchLabels:
name: ip-monitor
template:
metadata:
annotations: {}
labels:
name: ip-monitor
spec:
containers:
- args: []
command:
- /bin/sh
- -c
- 'trap : TERM INT; ip -ts monitor address link mroute netconf nexthop
nsid prefix route rule & wait'
env: []
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest
imagePullPolicy: Always
name: ip-monitor
ports: []
stdin: false
tty: false
volumeMounts: []
hostNetwork: true
imagePullSecrets: []
initContainers: []
priorityClassName: system-node-critical
serviceAccountName: ip-monitor
terminationGracePeriodSeconds: 30
tolerations:
- operator: Exists
volumes: []
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
Loading

0 comments on commit 6e8d9a6

Please sign in to comment.