feat: Move supported resources from hard-coded to ConfigMap

dana-team · Sep 1, 2024 · 387952b · 387952b
1 parent 5857243
commit 387952b
Show file tree

Hide file tree

Showing 29 changed files with 133 additions and 26 deletions.
diff --git a/.uuid b/.uuid
@@ -0,0 +1 @@
+f3706efb-ea7d-4e78-9c9a-d5412e55edb5
diff --git a/Makefile b/Makefile
@@ -82,7 +82,7 @@ LOCAL_CERT_DIR ?= /tmp/k8s-webhook-server/serving-certs
 
 .PHONY: dev
 dev: manifests kustomize
-	echo HOSTNAME=`hostname` > config/webhook-dev/hostname.env
+	echo HOSTNAME=`hostname`.westeurope.cloudapp.azure.com > config/webhook-dev/hostname.env
 	$(KUSTOMIZE) build config/dev | oc apply -f -
 	mkdir -p $(LOCAL_CERT_DIR)
 	sleep 3

diff --git a/api/.uuid b/api/.uuid
@@ -0,0 +1 @@
+01377e02-87b5-4dfc-b9bf-45ad94210c5c
diff --git a/api/v1/.uuid b/api/v1/.uuid
@@ -0,0 +1 @@
+486815d6-9bf7-43d8-9941-ebbe8df4ebca
diff --git a/chart/.uuid b/chart/.uuid
@@ -0,0 +1 @@
+24694e4e-6f3a-4950-a7b7-07ee167740da
diff --git a/chart/templates/.uuid b/chart/templates/.uuid
@@ -0,0 +1 @@
+47fb98b5-0962-49f4-809c-8373643e362a
diff --git a/cmd/.uuid b/cmd/.uuid
@@ -0,0 +1 @@
+af428c8f-4e9f-42e3-a1de-5be141c95bc4
diff --git a/config/.uuid b/config/.uuid
@@ -0,0 +1 @@
+770b17c3-4aee-4c68-bdfe-86833661fdab
diff --git a/config/configMap.yaml b/config/configMap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sns-quota-resources
+  namespace: sns-system
+data:
+  resources: "basic.storageclass.storage.k8s.io/requests.storage,cpu,memory,pods,requests.nvidia.com/gpu"
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -4,8 +4,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
-  newTag: latest
+  newName: maromcohen/hns
+  newTag: v0.0.2
 configMapGenerator:
 - literals:
   - PERMITTED_GROUPS='test'
@@ -15,3 +15,9 @@ configMapGenerator:
   name: config
   options:
     disableNameSuffixHash: true
+- literals:
+  - resources="basic.storageclass.storage.k8s.io/requests.storage,cpu,memory,pods,requests.nvidia.com/gpu"
+  name: quota-resources
+  namespace: sns-system
+  options:
+    disableNameSuffixHash: true
diff --git a/config/rbac/configmap_role.yaml b/config/rbac/configmap_role.yaml
@@ -0,0 +1,8 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: configmap-role
+rules:
+  - apiGroups: [""]
+    resources: ["configmaps"]
+    verbs: ["get", "list", "watch"]
diff --git a/config/rbac/configmap_role_binding.yaml b/config/rbac/configmap_role_binding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: configmap-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: configmap-role
+subjects:
+  - kind: ServiceAccount
+    name: sns-controller-manager
+    namespace: sns-system
diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml
@@ -4,14 +4,6 @@ kind: ClusterRole
 metadata:
   name: manager-role
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - configmaps
-  verbs:
-  - get
-  - list
-  - watch
 - apiGroups:
   - ""
   resources:
@@ -48,6 +40,18 @@ rules:
   - users
   verbs:
   - impersonate
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - create
+  - delete
+  - get
+  - list
+  - patch
+  - update
+  - watch
 - apiGroups:
   - ""
   resources:

diff --git a/config/webhook-dev/hostname.env b/config/webhook-dev/hostname.env
@@ -1 +1 @@
-HOSTNAME=dana-dev-5
+HOSTNAME=dana-dev-9.westeurope.cloudapp.azure.com
diff --git a/docs/.uuid b/docs/.uuid
@@ -0,0 +1 @@
+0cbeae48-24b6-4ea1-b7ec-a67ed1ce4356
diff --git a/hack/.uuid b/hack/.uuid
@@ -0,0 +1 @@
+2a1947b0-da97-4283-a783-0b8e501a6276
diff --git a/internal/.uuid b/internal/.uuid
@@ -0,0 +1 @@
+7478c10d-0a98-40db-9fa4-4d2c638e8403
diff --git a/internal/quota/default.go b/internal/quota/default.go
@@ -3,6 +3,7 @@ package quota
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -26,7 +27,7 @@ var (
 	templates         = resource.NewQuantity(100, resource.DecimalSI)
 	imagestreams      = resource.NewQuantity(100, resource.DecimalSI)
 
-	configMapName = "quota-resources-config-map"
+	configMap = "sns-quota-resources"
 
 	DefaultQuota = corev1.ResourceQuotaSpec{Hard: DefaultQuotaHard}
 
@@ -37,19 +38,20 @@ var (
 )
 
 // GetConfigMapData loads the config map and it's values and constructs a ResourceQuotaSpec from it.
-func GetConfigMapData(ctx context.Context, client client.Client, namespace string) (corev1.ResourceQuotaSpec, error) {
-	configMap := &corev1.ConfigMap{}
-	if err := client.Get(ctx, types.NamespacedName{Name: configMapName, Namespace: namespace}, configMap); err != nil {
+func GetConfigMapData(ctx context.Context, k8sClient client.Client) (corev1.ResourceQuotaSpec, error) {
+	configMapResource := &corev1.ConfigMap{}
+	if err := k8sClient.Get(ctx, types.NamespacedName{Name: configMap, Namespace: namespaceName}, configMapResource); err != nil {
 		return corev1.ResourceQuotaSpec{}, fmt.Errorf("failed to get ConfigMap: %v", err)
 	}
 
 	resources := corev1.ResourceList{}
-	for key, value := range configMap.Data {
-		quantity, err := resource.ParseQuantity(value)
+	resourceNames := strings.Split(configMapResource.Data["resources"], ",")
+	for _, name := range resourceNames {
+		quantity, err := resource.ParseQuantity("0")
 		if err != nil {
-			return corev1.ResourceQuotaSpec{}, fmt.Errorf("failed to parse quantity for %s: %v", key, err)
+			return corev1.ResourceQuotaSpec{}, fmt.Errorf("failed to parse quantity for %s: %v", name, err)
 		}
-		resources[corev1.ResourceName(key)] = quantity
+		resources[corev1.ResourceName(name)] = quantity
 	}
 
 	return corev1.ResourceQuotaSpec{Hard: resources}, nil

diff --git a/internal/quota/resources.go b/internal/quota/resources.go
@@ -30,9 +30,8 @@ func ResourceListEqual(resourceListA, resourceListB corev1.ResourceList) bool {
 // ResourceQuotaSpecEqual gets two ResourceQuotaSpecs and returns whether their specs are equal.
 func ResourceQuotaSpecEqual(resourceQuotaSpecA, resourceQuotaSpecB corev1.ResourceQuotaSpec, snsObject *objectcontext.ObjectContext) bool {
 	var resources []string
-	namespace := snsObject.Object.GetNamespace()
 
-	configMapData, err := GetConfigMapData(snsObject.Ctx, snsObject.Client, namespace)
+	configMapData, err := GetConfigMapData(snsObject.Ctx, snsObject.Client)
 	if err != nil {
 		return false
 	}

diff --git a/internal/quota/snsquota.go b/internal/quota/snsquota.go
@@ -38,7 +38,7 @@ func EnsureSubnamespaceObject(snsObject *objectcontext.ObjectContext, isRq bool,
 	quotaObjectName := snsObject.Name()
 	quotaSpec := SubnamespaceSpec(snsObject.Object)
 
-	configMapSpec, err := GetConfigMapData(snsObject.Ctx, snsObject.Client, namespace)
+	configMapSpec, err := GetConfigMapData(snsObject.Ctx, snsObject.Client)
 	if err != nil {
 		return ctrl.Result{}, err
 	}

diff --git a/internal/subnamespace/commonvalidator.go b/internal/subnamespace/commonvalidator.go
@@ -16,8 +16,7 @@ import (
 func ValidateResourceQuotaParams(snsObject *objectcontext.ObjectContext, isSNSResourcePool bool) admission.Response {
 	snsQuota := quota.SubnamespaceSpec(snsObject.Object).Hard
 
-	namespace := snsObject.Object.GetNamespace()
-	configMapData, err := quota.GetConfigMapData(snsObject.Ctx, snsObject.Client, namespace)
+	configMapData, err := quota.GetConfigMapData(snsObject.Ctx, snsObject.Client)
 
 	if err != nil {
 		return admission.Errored(1, err)

diff --git a/internal/subnamespace/controller.go b/internal/subnamespace/controller.go
@@ -36,7 +36,7 @@ type snsPhaseFunc func(*objectcontext.ObjectContext, *objectcontext.ObjectContex
 // +kubebuilder:rbac:groups="",resources=resourcequotas,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="quota.openshift.io",resources=clusterresourcequotas,verbs=get;list;watch;create;update;patch;delete
 // +kubebuilder:rbac:groups="",resources=limitranges,verbs=get;list;watch;create;update;patch;delete
-// +kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;
+// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 
 // SetupWithManager sets up the controller by specifying the following: controller is managing the reconciliation
 // of subnamespace objects and is watching for changes to the SNSEvents channel and enqueues requests for the

diff --git a/internal/updatequota/controller.go b/internal/updatequota/controller.go
@@ -31,6 +31,7 @@ type UpdateQuotaReconciler struct {
 // +kubebuilder:rbac:groups=dana.hns.io,resources=updatequota/status,verbs=get;update;patch
 // +kubebuilder:rbac:groups=user.openshift.io,resources=groups,verbs=get;list;watch
 // +kubebuilder:rbac:groups="",resources=users,verbs=impersonate
+// +kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 
 func (r *UpdateQuotaReconciler) SetupWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewControllerManagedBy(mgr).

diff --git a/mh.yaml b/mh.yaml
@@ -0,0 +1,7 @@
+apiVersion: dana.hns.io/v1
+kind: MigrationHierarchy
+metadata:
+  name: 'braziltojapan'
+spec:
+  currentns: 'brazil'
+  tons: 'japan'
diff --git a/ns.yaml b/ns.yaml
@@ -0,0 +1,10 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: brazil
+  labels:
+    dana.hns.io/role: leaf
+    dana.hns.io/subnamespace: 'true'
+    kubernetes.io/metadata.name: brazil
+    dana.hns.io/parent: root-test
+    dana.hns.io/resourcepool: 'false'
diff --git a/rootns.yaml b/rootns.yaml
@@ -0,0 +1,13 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: rootns
+  labels:
+    dana.hns.io/subnamespace: 'true'
+  annotations:
+    dana.hns.io/role: root
+    openshift.io/display-name: rootns
+    dana.hns.io/display-name: rootns
+    dana.hns.io/crq-selector-0: rootns
+    dana.hns.io/depth: '0'
+    dana.hns.io/rq-depth: '1'
diff --git a/sns.yaml b/sns.yaml
@@ -0,0 +1,15 @@
+apiVersion: dana.hns.io/v1
+kind: Subnamespace
+metadata:
+  name: 'brazil'
+  namespace: 'coffee'
+  labels:
+    dana.hns.io/resourcepool: 'false'
+spec:
+  resourcequota:
+    hard:
+      cpu: '1'
+      memory: 1Gi
+      pods: 2
+      basic.storageclass.storage.k8s.io/requests.storage: 0
+      requests.nvidia.com/gpu: '0'
diff --git a/test/.uuid b/test/.uuid
@@ -0,0 +1 @@
+131ae9c2-868d-4961-b347-15bab54837d3
diff --git a/uq.yaml b/uq.yaml
@@ -0,0 +1,13 @@
+apiVersion: dana.hns.io/v1
+kind: Updatequota
+metadata:
+  annotations:
+    dana.hns.io/description: 'Moving resources for this great new project'
+  namespace: brazil
+  name: 'braziltojapan'
+spec:
+  destns: japan
+  resourcequota:
+    hard:
+      pods: '1'
+  sourcens: brazil
Original file line number	Diff line number	Diff line change
		@@ -1 +1 @@
		HOSTNAME=dana-dev-5
		HOSTNAME=dana-dev-9.westeurope.cloudapp.azure.com