Merge pull request #28613 from jboxman/OSDOCS-1674

OSDOCS#1674 - Add PodNetworkConnectivityCheck documentation

Author: jboxman

_topic_map.yml

@@ -757,6 +757,8 @@ Topics:
 - Name: Understanding the Ingress Operator
   File: ingress-operator
   Distros: openshift-enterprise,openshift-webscale,openshift-origin
+- Name: Verifying connectivity to an endpoint
+  File: verifying-connectivity-endpoint
 - Name: Configuring the node port service range
   File: configuring-node-port-service-range
 - Name: Using SCTP

modules/nw-pod-network-connectivity-check-object.adoc

@@ -0,0 +1,162 @@
+// Module included in the following assemblies:
+//
+// * networking/verifying-connectivity-endpoint.adoc
+
+[id="nw-pod-network-connectivity-check-object_{context}"]
+= PodNetworkConnectivityCheck object fields
+
+The `PodNetworkConnectivityCheck` object fields are described in the following tables.
+
+.PodNetworkConnectivityCheck object fields
+[cols="2,1,3a",options="header"]
+|===
+
+|Field|Type|Description
+
+|`metadata.name`
+|`string`
+|The name of the object in the following format: `<source>-to-<target>`. The destination described by `<target>` includes one of following strings:
+
+* `load-balancer-api-external`
+* `load-balancer-api-internal`
+* `kubernetes-apiserver-endpoint`
+* `kubernetes-apiserver-service-cluster`
+* `network-check-target`
+* `openshift-apiserver-endpoint`
+* `openshift-apiserver-service-cluster`
+
+|`metadata.namespace`
+|`string`
+|The namespace that the object is associated with. This value is always `openshift-network-diagnostics`.
+
+|`spec.sourcePod`
+|`string`
+|The name of the pod where the connection check originates, such as `network-check-source-596b4c6566-rgh92`.
+
+|`spec.targetEndpoint`
+|`string`
+|The target of the connection check, such as `api.devcluster.example.com:6443`.
+
+|`spec.tlsClientCert`
+|`object`
+|Configuration for the TLS certificate to use.
+
+|`spec.tlsClientCert.name`
+|`string`
+|The name of the TLS certificate used, if any. The default value is an empty string.
+
+|`status`
+|`object`
+|An object representing the condition of the connection test and logs of recent connection successes and failures.
+
+|`status.conditions`
+|`array`
+|The latest status of the connection check and any previous statuses.
+
+|`status.failures`
+|`array`
+|Connection test logs from unsuccessful attempts.
+
+|`status.outages`
+|`array`
+|Connect test logs covering the time periods of any outages.
+
+|`status.successes`
+|`array`
+|Connection test logs from successful attempts.
+
+|===
+
+The following table describes the fields for objects in the `status.conditions` array:
+
+.status.conditions
+[cols="2,1,3",options="header"]
+|===
+|Field |Type |Description
+
+|`lastTransitionTime`
+|`string`
+|The time that the condition of the connection transitioned from one status to another.
+
+|`message`
+|`string`
+|The details about last transition in a human readable format.
+
+|`reason`
+|`string`
+|The last status of the transition in a machine readable format.
+
+|`status`
+|`string`
+|The status of the condition.
+
+|`type`
+|`string`
+|The type of the condition.
+
+|===
+
+The following table describes the fields for objects in the `status.conditions` array:
+
+.status.outages
+[cols="2,1,3",options="header"]
+|===
+|Field |Type |Description
+
+|`end`
+|`string`
+|The timestamp from when the connection failure is resolved.
+
+|`endLogs`
+|`array`
+|Connection log entries, including the log entry related to the successful end of the outage.
+
+|`message`
+|`string`
+|A summary of outage details in a human readable format.
+
+|`start`
+|`string`
+|The timestamp from when the connection failure is first detected.
+
+|`startLogs`
+|`array`
+|Connection log entries, including the original failure.
+
+|===
+
+[discrete]
+== Connection log fields
+
+The fields for a connection log entry are described in the following table. The object is used in the the following fields:
+
+* `status.failures[]`
+* `status.successes[]`
+* `status.outages[].startLogs[]`
+* `status.outages[].endLogs[]`
+
+.Connection log object
+[cols="2,1,3",options="header"]
+|===
+|Field |Type |Description
+
+|`latency`
+|`string`
+|Records the duration of the action.
+
+|`message`
+|`string`
+|Provides the status in a human readable format.
+
+|`reason`
+|`string`
+|Provides the reason for status in a machine readable format. The value is one of `TCPConnect`, `TCPConnectError`, `DNSResolve`, `DNSError`.
+
+|`success`
+|`boolean`
+|Indicates if the log entry is a success or failure.
+
+|`time`
+|`string`
+|The start time of connection check.
+|===

modules/nw-pod-network-connectivity-checks.adoc

@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * networking/verifying-connectivity-endpoint.adoc
+
+[id="nw-pod-network-connectivity-checks_{context}"]
+= Connection health checks performed
+
+To verify that cluster resources are reachable, a TCP connection is made to each of the following cluster API services:
+
+* Kubernetes API server service
+* Kubernetes API server endpoints
+* OpenShift API server service
+* OpenShift API server endpoints
+* Load balancers
+
+To verify that services and service endpoints are reachable on every node in the cluster, a TCP connection is made to each of the following targets:
+
+* Health check target service
+* Health check target endpoints

modules/nw-pod-network-connectivity-implementation.adoc

@@ -0,0 +1,14 @@
+// Module included in the following assemblies:
+//
+// * networking/verifying-connectivity-endpoint.adoc
+
+[id="nw-pod-network-connectivity-implementation_{context}"]
+= Implementation of connection health checks
+
+The connectivity check controller orchestrates connection verification checks in your cluster. The results for the connection tests are stored in `PodNetworkConnectivity` objects in the `openshift-network-diagnostics` namespace. Connection tests are performed every minute in parallel.
+
+The Cluster Network Operator (CNO) deploys several resources to the cluster to send and receive connectivity health checks:
+
+Health check source:: This program deploys in a single pod replica set managed by a `Deployment` object. The program consumes `PodNetworkConnectivity` objects and connects to the `spec.targetEndpoint` specified in each object.
+
+Health check target:: A pod deployed as part of a daemon set on every node in the cluster. The pod listens for inbound health checks. The presence of this pod on every node allows for the testing of connectivity to each node.