Merge pull request #7016 from kwoodson/daemonset_monitoring

Automatic merge from submit-queue.

daemonset config modifications to allow monitoring.

Modifications that allow custom secrets, configmaps, and shared setup between containers for config and monitoring.

roles/openshift_daemonset_config/defaults/main.yml

@@ -1,16 +1,19 @@
 ---
-openshift_daemonset_config_namespace: openshift-node
-openshift_daemonset_config_daemonset_name: ops-node-config
-openshift_daemonset_config_configmap_name: "{{ openshift_daemonset_config_daemonset_name }}"
+openshift_daemonset_config_image: "centos:7"
+openshift_daemonset_config_monitoring_image: "openshifttools/oso-centos7-host-monitoring:latest"
+openshift_daemonset_config_namespace: openshift-config
+openshift_daemonset_config_daemonset_name: node-config
+openshift_daemonset_config_configmap_name: "{{ openshift_daemonset_config_daemonset_name }}-configmap"
+openshift_daemonset_config_monitoring_pos: "false"
 openshift_daemonset_config_node_selector:
   config: config
-openshift_daemonset_config_sa_name: ops
+openshift_daemonset_config_sa_name: configurator
 openshift_daemonset_config_configmap_files: {}
 openshift_daemonset_config_configmap_literals: {}
 openshift_daemonset_config_monitoring: False
 openshift_daemonset_config_interval: 300
 openshift_daemonset_config_script: config.sh
-openshift_daemonset_config_secret_name: operations-config-secret
+openshift_daemonset_config_secret_name: "{{ openshift_daemonset_config_daemonset_name }}-secret"
 openshift_daemonset_config_secrets: {}
 openshift_daemonset_config_runasuser: 0
 openshift_daemonset_config_privileged: True

roles/openshift_daemonset_config/tasks/main.yml

@@ -1,4 +1,9 @@
 ---
+- name: create the namespace
+  oc_project:
+    state: present
+    name: "{{ openshift_daemonset_config_namespace }}"
+
 - name: add a sa
   oc_serviceaccount:
     name: "{{ openshift_daemonset_config_sa_name }}"
@@ -25,11 +30,6 @@
     dest: "{{ item.value }}"
   with_dict: "{{ openshift_daemonset_config_configmap_files }}"
 
-- name: create the namespace
-  oc_project:
-    state: present
-    name: "{{ openshift_daemonset_config_namespace }}"
-
 - name: lay down secrets
   oc_secret:
     state: present
@@ -39,6 +39,7 @@
     contents: "{{ openshift_daemonset_config_secrets }}"
   when:
   - openshift_daemonset_config_secrets != {}
+  register: secout
 
 - name: create the configmap
   oc_configmap:
@@ -47,6 +48,7 @@
     namespace: "{{ openshift_daemonset_config_namespace }}"
     from_literal: "{{ openshift_daemonset_config_configmap_literals }}"
     from_file: "{{ openshift_daemonset_config_configmap_files }}"
+  register: cmout
 
 - name: deploy daemonset
   oc_obj:
@@ -56,3 +58,4 @@
     kind: daemonset
     files:
     - /tmp/daemonset.yml
+    force: "{{ True if cmout.changed or secout.changed else False | bool }}"

roles/openshift_daemonset_config/templates/daemonset.yml.j2

@@ -33,7 +33,7 @@ spec:
       hostIPC: true
       containers:
       - name: config
-        image: centos:7
+        image: "{{ openshift_daemonset_config_image }}"
         env:
         - name: RESYNC_INTERVAL
           value: "{{ openshift_daemonset_config_interval }}"
@@ -50,8 +50,8 @@ spec:
             sh /opt/config/{{ openshift_daemonset_config_script }}
 
             # sleep for ${RESYNC_INTERVAL} minutes, then loop. if we fail Kubelet will restart us again
-            echo "Success, sleeping for ${RESYNC_INTERVAL}s"
-            exec sleep ${RESYNC_INTERVAL}
+            echo "Success, sleeping for ${RESYNC_INTERVAL}s. Date: $(date)"
+            sleep ${RESYNC_INTERVAL}
 
           # Return to perform the config
           done
@@ -68,6 +68,8 @@ spec:
         # Our node configuration
         - mountPath: /opt/config
           name: config
+        - mountPath: /opt/tmp_shared_config
+          name: tmp-shared-dir
 {% if openshift_daemonset_config_secrets != {} %}
         # Our delivered secrets
         - mountPath: /opt/secrets
@@ -79,12 +81,14 @@ spec:
             memory: {{ openshift_daemonset_config_resources.memory }}
 {% if openshift_daemonset_config_monitoring %}
       - name: monitoring
-        image: openshifttools/oso-centos7-host-monitoring:latest
+        image: "{{ openshift_daemonset_config_monitoring_image }}"
+        env:
+        - name: OO_PAUSE_ON_START
+          value: "{{ openshift_daemonset_config_monitoring_pos }}"
         securityContext:
           # Must be root to read content
           runAsUser: 0
           privileged: true
-
         volumeMounts:
         - mountPath: /host
           name: host
@@ -118,17 +122,23 @@ spec:
         - mountPath: /host/var/cache/yum
           subPath: var/cache/yum
           name: host
-        - mountPath: /container_setup/monitoring-config.yml
-          subPath: monitoring-config.yaml
-          name: config
+          readOnly: true
+        - mountPath: /container_setup
+          name: tmp-shared-dir
         - mountPath: /opt/config
           name: config
+{% if openshift_daemonset_config_secrets != {} %}
+        - mountPath: /opt/secrets
+          name: secrets
+{% endif %}
         resources:
           requests:
             cpu: 10m
             memory: 10Mi
 {% endif %}
       volumes:
+      - name: tmp-shared-dir
+        emptyDir: {}
       - name: config
         configMap:
           name: {{ openshift_daemonset_config_configmap_name }}