Azure CNI networkmonitor addon

[jackfrancis]

What this PR does / why we need it: Installs an Azure CNI "networkmonitor" addon whenever Azure CNI is present

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Special notes for your reviewer:

If applicable:

• documentation
• unit tests
• tested backward compatibility (ie. deploy with previous version, upgrade with this branch)

Release note:

Azure CNI networkmonitor addon

[acs-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jackfrancis

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [jackfrancis]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[jackfrancis]

This is a working PR, confirmed:

azureuser@k8s-master-60752213-0:~$ kubectl describe pod azure-cni-networkmonitor-l6s7g -n kube-system
Name:           azure-cni-networkmonitor-l6s7g
Namespace:      kube-system
Node:           k8s-agentpool1-60752213-0/10.240.0.4
Start Time:     Wed, 06 Jun 2018 20:12:56 +0000
Labels:         controller-revision-hash=906399850
                k8s-app=azure-cnms
                pod-template-generation=1
Annotations:    kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"DaemonSet","namespace":"kube-system","name":"azure-cni-networkmonitor","uid":"004459e9-69c6-11e8-ab44-000d...
                scheduler.alpha.kubernetes.io/critical-pod=
Status:         Running
IP:             10.240.0.4
Created By:     DaemonSet/azure-cni-networkmonitor
Controlled By:  DaemonSet/azure-cni-networkmonitor
Containers:
  azure-cnms:
    Container ID:   docker://b04ba3bbab92692d9eb3866c3f80aa56470154b9b1b1c014d215900ccb41387d
    Image:          containernetworking/networkmonitor:v0.0.4
    Image ID:       docker-pullable://containernetworking/networkmonitor@sha256:705a6401aaa5f7890f31c19cd8c178aa7a62a52c16c847949391b49f364f0a8f
    Port:           <none>
    State:          Running
      Started:      Wed, 06 Jun 2018 20:13:09 +0000
    Ready:          True
    Restart Count:  0
    Environment:
      HOSTNAME:   (v1:spec.nodeName)
    Mounts:
      /var/log from log (rw)
      /var/run from ebtables-rule-repo (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-2z5pg (ro)
Conditions:
  Type           Status
  Initialized    True 
  Ready          True 
  PodScheduled   True 
Volumes:
  log:
    Type:  HostPath (bare host directory volume)
    Path:  /var/log
  ebtables-rule-repo:
    Type:  HostPath (bare host directory volume)
    Path:  /var/run/
  default-token-2z5pg:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-2z5pg
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     CriticalAddonsOnly
                 node.alpha.kubernetes.io/notReady:NoExecute
                 node.alpha.kubernetes.io/unreachable:NoExecute
                 node.kubernetes.io/disk-pressure:NoSchedule
                 node.kubernetes.io/memory-pressure:NoSchedule
Events:
  Type    Reason                 Age   From                                Message
  ----    ------                 ----  ----                                -------
  Normal  SuccessfulMountVolume  5m    kubelet, k8s-agentpool1-60752213-0  MountVolume.SetUp succeeded for volume "log"
  Normal  SuccessfulMountVolume  5m    kubelet, k8s-agentpool1-60752213-0  MountVolume.SetUp succeeded for volume "ebtables-rule-repo"
  Normal  SuccessfulMountVolume  5m    kubelet, k8s-agentpool1-60752213-0  MountVolume.SetUp succeeded for volume "default-token-2z5pg"
  Normal  Pulling                5m    kubelet, k8s-agentpool1-60752213-0  pulling image "containernetworking/networkmonitor:v0.0.4"
  Normal  Pulled                 5m    kubelet, k8s-agentpool1-60752213-0  Successfully pulled image "containernetworking/networkmonitor:v0.0.4"
  Normal  Created                5m    kubelet, k8s-agentpool1-60752213-0  Created container
  Normal  Started                5m    kubelet, k8s-agentpool1-60752213-0  Started container

[jackfrancis]

@sharmasushant Can you confirm the above pod description is what you want to see on a k8s cluster?

[CecileRobertMichon]

lgtm

[jackfrancis]

@sharmasushant @tamilmani1989 for an lgtm from Azure CNI team

[codecov]

Codecov Report

Merging #3198 into master will decrease coverage by 0.26%.
The diff coverage is 97.61%.

@@            Coverage Diff             @@
##           master    #3198      +/-   ##
==========================================
- Coverage   52.66%   52.39%   -0.27%     
==========================================
  Files         103      103              
  Lines       15505    15486      -19     
==========================================
- Hits         8165     8114      -51     
- Misses       6600     6643      +43     
+ Partials      740      729      -11

[sharmasushant]

@jackfrancis Thanks for this. We were thinking that may be we can make it part of the CNI itself. So when CNI is used on the node, it can start the monitoring service in case it is not already running. Let me get back to you on this.

[jackfrancis]

@sharmasushant I'm going to merge this in in the meantime as we've seen this addon help in our testing. We can remove it later if we have the same monitoring functionality baked into the binaries.

Thanks!

[sharmasushant]

@jackfrancis sounds good. Please be aware that this right now is considered experimental. So, let's not enable by default. We would like to go through some more testing on this.