Merge pull request #219 from yevgeny-shnaidman/yevgeny/gc-deployment

Adding GC deployment implementation
kubernetes-sigs · Apr 3, 2024 · d52ef64 · d52ef64
2 parents 51efc77 + 35ccf7d
commit d52ef64
Show file tree

Hide file tree

Showing 9 changed files with 269 additions and 35 deletions.
diff --git a/internal/configmap/mock_configmap.go b/internal/configmap/mock_configmap.go
diff --git a/internal/controllers/mock_nodefeaturediscovery_reconciler.go b/internal/controllers/mock_nodefeaturediscovery_reconciler.go
diff --git a/internal/controllers/nodefeaturediscovery_reconciler.go b/internal/controllers/nodefeaturediscovery_reconciler.go
@@ -174,7 +174,7 @@ func (nfdh *nodeFeatureDiscoveryHelper) handleMaster(ctx context.Context, nfdIns
 		ObjectMeta: metav1.ObjectMeta{Name: "nfd-master", Namespace: nfdInstance.Namespace},
 	}
 	opRes, err := controllerutil.CreateOrPatch(ctx, nfdh.client, &masterDep, func() error {
-		return nfdh.deploymentAPI.SetMasterDeploymentAsDesired(ctx, nfdInstance, &masterDep)
+		return nfdh.deploymentAPI.SetMasterDeploymentAsDesired(nfdInstance, &masterDep)
 	})
 
 	if err != nil {
@@ -232,6 +232,17 @@ func (nfdh *nodeFeatureDiscoveryHelper) handleTopology(ctx context.Context, nfdI
 }
 
 func (nfdh *nodeFeatureDiscoveryHelper) handleGC(ctx context.Context, nfdInstance *nfdv1.NodeFeatureDiscovery) error {
+	gcDep := appsv1.Deployment{
+		ObjectMeta: metav1.ObjectMeta{Name: "nfd-gc", Namespace: nfdInstance.Namespace},
+	}
+	opRes, err := controllerutil.CreateOrPatch(ctx, nfdh.client, &gcDep, func() error {
+		return nfdh.deploymentAPI.SetGCDeploymentAsDesired(nfdInstance, &gcDep)
+	})
+
+	if err != nil {
+		return fmt.Errorf("failed to reconcile nfd-gc deployment %s/%s: %w", nfdInstance.Namespace, nfdInstance.Name, err)
+	}
+	ctrl.LoggerFrom(ctx).Info("reconciled nfd-gc deployment", "namespace", nfdInstance.Namespace, "name", nfdInstance.Name, "result", opRes)
 	return nil
 }
 

diff --git a/internal/controllers/nodefeaturediscovery_reconciler_test.go b/internal/controllers/nodefeaturediscovery_reconciler_test.go
@@ -162,7 +162,7 @@ var _ = Describe("handleMaster", func() {
 		nfdCR := nfdv1.NodeFeatureDiscovery{}
 		gomock.InOrder(
 			clnt.EXPECT().Get(ctx, gomock.Any(), gomock.Any()).Return(apierrors.NewNotFound(schema.GroupResource{}, "whatever")),
-			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(ctx, &nfdCR, gomock.Any()).Return(nil),
+			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(&nfdCR, gomock.Any()).Return(nil),
 			clnt.EXPECT().Create(ctx, gomock.Any()).Return(nil),
 		)
 
@@ -188,7 +188,7 @@ var _ = Describe("handleMaster", func() {
 					return nil
 				},
 			),
-			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(ctx, &nfdCR, &existingDeployment).Return(nil),
+			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(&nfdCR, &existingDeployment).Return(nil),
 		)
 
 		err := nfdh.handleMaster(ctx, &nfdCR)
@@ -199,7 +199,7 @@ var _ = Describe("handleMaster", func() {
 		nfdCR := nfdv1.NodeFeatureDiscovery{}
 		gomock.InOrder(
 			clnt.EXPECT().Get(ctx, gomock.Any(), gomock.Any()).Return(apierrors.NewNotFound(schema.GroupResource{}, "whatever")),
-			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(ctx, &nfdCR, gomock.Any()).Return(fmt.Errorf("some error")),
+			mockDeployment.EXPECT().SetMasterDeploymentAsDesired(&nfdCR, gomock.Any()).Return(fmt.Errorf("some error")),
 		)
 
 		err := nfdh.handleMaster(ctx, &nfdCR)
@@ -291,3 +291,70 @@ var _ = Describe("handleTopology", func() {
 		Expect(err).To(BeNil())
 	})
 })
+
+var _ = Describe("handleGC", func() {
+	var (
+		ctrl           *gomock.Controller
+		clnt           *client.MockClient
+		mockDeployment *deployment.MockDeploymentAPI
+		nfdh           nodeFeatureDiscoveryHelperAPI
+	)
+
+	BeforeEach(func() {
+		ctrl = gomock.NewController(GinkgoT())
+		clnt = client.NewMockClient(ctrl)
+		mockDeployment = deployment.NewMockDeploymentAPI(ctrl)
+
+		nfdh = newNodeFeatureDiscoveryHelperAPI(clnt, mockDeployment, nil, nil, scheme)
+	})
+
+	ctx := context.Background()
+
+	It("should create new nfd-gc deployment if it does not exist", func() {
+		nfdCR := nfdv1.NodeFeatureDiscovery{}
+		gomock.InOrder(
+			clnt.EXPECT().Get(ctx, gomock.Any(), gomock.Any()).Return(apierrors.NewNotFound(schema.GroupResource{}, "whatever")),
+			mockDeployment.EXPECT().SetGCDeploymentAsDesired(&nfdCR, gomock.Any()).Return(nil),
+			clnt.EXPECT().Create(ctx, gomock.Any()).Return(nil),
+		)
+
+		err := nfdh.handleGC(ctx, &nfdCR)
+		Expect(err).To(BeNil())
+	})
+
+	It("nfd-gc deployment exists, no need to create it, update is not executed", func() {
+		nfdCR := nfdv1.NodeFeatureDiscovery{
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "nfd-cr",
+				Namespace: "test-namespace",
+			},
+		}
+		existingDeployment := appsv1.Deployment{
+			ObjectMeta: metav1.ObjectMeta{Namespace: nfdCR.Namespace, Name: "nfd-gc"},
+		}
+		gomock.InOrder(
+			clnt.EXPECT().Get(ctx, gomock.Any(), gomock.Any()).DoAndReturn(
+				func(_ interface{}, _ interface{}, dp *appsv1.Deployment, _ ...ctrlclient.GetOption) error {
+					dp.SetName(existingDeployment.Name)
+					dp.SetNamespace(existingDeployment.Namespace)
+					return nil
+				},
+			),
+			mockDeployment.EXPECT().SetGCDeploymentAsDesired(&nfdCR, &existingDeployment).Return(nil),
+		)
+
+		err := nfdh.handleGC(ctx, &nfdCR)
+		Expect(err).To(BeNil())
+	})
+
+	It("error flow, failed to populate nfd-gc deployment object", func() {
+		nfdCR := nfdv1.NodeFeatureDiscovery{}
+		gomock.InOrder(
+			clnt.EXPECT().Get(ctx, gomock.Any(), gomock.Any()).Return(apierrors.NewNotFound(schema.GroupResource{}, "whatever")),
+			mockDeployment.EXPECT().SetGCDeploymentAsDesired(&nfdCR, gomock.Any()).Return(fmt.Errorf("some error")),
+		)
+
+		err := nfdh.handleGC(ctx, &nfdCR)
+		Expect(err).To(HaveOccurred())
+	})
+})
diff --git a/internal/daemonset/mock_daemonset.go b/internal/daemonset/mock_daemonset.go
diff --git a/internal/deployment/deployment.go b/internal/deployment/deployment.go
@@ -17,7 +17,6 @@ limitations under the License.
 package deployment
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
@@ -38,7 +37,8 @@ const (
 //go:generate mockgen -source=deployment.go -package=deployment -destination=mock_deployment.go DeploymentAPI
 
 type DeploymentAPI interface {
-	SetMasterDeploymentAsDesired(ctx context.Context, nfdInstance *nfdv1.NodeFeatureDiscovery, masterDep *v1.Deployment) error
+	SetMasterDeploymentAsDesired(nfdInstance *nfdv1.NodeFeatureDiscovery, masterDep *v1.Deployment) error
+	SetGCDeploymentAsDesired(nfdInstance *nfdv1.NodeFeatureDiscovery, gcDep *v1.Deployment) error
 }
 
 type deployment struct {
@@ -51,7 +51,7 @@ func NewDeploymentAPI(scheme *runtime.Scheme) DeploymentAPI {
 	}
 }
 
-func (d *deployment) SetMasterDeploymentAsDesired(ctx context.Context, nfdInstance *nfdv1.NodeFeatureDiscovery, masterDep *v1.Deployment) error {
+func (d *deployment) SetMasterDeploymentAsDesired(nfdInstance *nfdv1.NodeFeatureDiscovery, masterDep *v1.Deployment) error {
 	standartLabels := map[string]string{"app": "nfd-master"}
 	masterDep.ObjectMeta.Labels = standartLabels
 
@@ -80,7 +80,7 @@ func (d *deployment) SetMasterDeploymentAsDesired(ctx context.Context, nfdInstan
 						},
 						Args:            getArgs(nfdInstance),
 						Env:             getEnvs(),
-						SecurityContext: getSecurityContext(),
+						SecurityContext: getMasterSecurityContext(),
 						LivenessProbe:   getLivenessProbe(),
 						ReadinessProbe:  getReadinessProbe(),
 					},
@@ -91,6 +91,40 @@ func (d *deployment) SetMasterDeploymentAsDesired(ctx context.Context, nfdInstan
 	return controllerutil.SetControllerReference(nfdInstance, masterDep, d.scheme)
 }
 
+func (d *deployment) SetGCDeploymentAsDesired(nfdInstance *nfdv1.NodeFeatureDiscovery, gcDep *v1.Deployment) error {
+	gcDep.ObjectMeta.Labels = map[string]string{"app": "nfd"}
+	matchLabels := map[string]string{"app": "nfd-gc"}
+	gcDep.Spec = v1.DeploymentSpec{
+		Replicas: ptr.To[int32](1),
+		Selector: &metav1.LabelSelector{
+			MatchLabels: matchLabels,
+		},
+		Template: corev1.PodTemplateSpec{
+			ObjectMeta: metav1.ObjectMeta{
+				Labels: matchLabels,
+			},
+			Spec: corev1.PodSpec{
+				ServiceAccountName: "nfd-gc",
+				DNSPolicy:          corev1.DNSClusterFirstWithHostNet,
+				RestartPolicy:      corev1.RestartPolicyAlways,
+				Containers: []corev1.Container{
+					{
+						Name:            "nfd-gc",
+						Image:           nfdInstance.Spec.Operand.ImagePath(),
+						ImagePullPolicy: corev1.PullAlways,
+						Command: []string{
+							"nfd-gc",
+						},
+						Env:             getEnvs(),
+						SecurityContext: getGCSecurityContext(),
+					},
+				},
+			},
+		},
+	}
+	return controllerutil.SetControllerReference(nfdInstance, gcDep, d.scheme)
+}
+
 func getPodsTolerations() []corev1.Toleration {
 	return []corev1.Toleration{
 		{
@@ -180,7 +214,7 @@ func getEnvs() []corev1.EnvVar {
 	}
 }
 
-func getSecurityContext() *corev1.SecurityContext {
+func getMasterSecurityContext() *corev1.SecurityContext {
 	return &corev1.SecurityContext{
 		RunAsNonRoot: ptr.To(true),
 		SeccompProfile: &corev1.SeccompProfile{
@@ -194,6 +228,17 @@ func getSecurityContext() *corev1.SecurityContext {
 	}
 }
 
+func getGCSecurityContext() *corev1.SecurityContext {
+	return &corev1.SecurityContext{
+		RunAsNonRoot:           ptr.To(true),
+		ReadOnlyRootFilesystem: ptr.To(true),
+		Capabilities: &corev1.Capabilities{
+			Drop: []corev1.Capability{"ALL"},
+		},
+		AllowPrivilegeEscalation: ptr.To(false),
+	}
+}
+
 func getLivenessProbe() *corev1.Probe {
 	return &corev1.Probe{
 		InitialDelaySeconds: 10,