Skip to content

Commit

Permalink
Merge pull request #217 from grycap/devel
Browse files Browse the repository at this point in the history
  • Loading branch information
catttam authored Nov 9, 2023
2 parents a21197b + af3f806 commit d2bc0d0
Show file tree
Hide file tree
Showing 5 changed files with 78 additions and 23 deletions.
2 changes: 2 additions & 0 deletions pkg/backends/k8s.go
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ func (k *KubeBackend) CreateService(service types.Service) error {
MaxScale: service.Expose.MaxScale,
MinScale: service.Expose.MinScale,
CpuThreshold: service.Expose.CpuThreshold,
EnableSGX: service.EnableSGX,
}
utils.CreateExpose(exposeConf, k.kubeClientset, *k.config)
}
Expand Down Expand Up @@ -216,6 +217,7 @@ func (k *KubeBackend) UpdateService(service types.Service) error {
MaxScale: service.Expose.MaxScale,
MinScale: service.Expose.MinScale,
CpuThreshold: service.Expose.CpuThreshold,
EnableSGX: service.EnableSGX,
}
utils.UpdateExpose(exposeConf, k.kubeClientset, *k.config)

Expand Down
7 changes: 7 additions & 0 deletions pkg/backends/knative.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,6 +133,7 @@ func (kn *KnativeBackend) CreateService(service types.Service) error {
MaxScale: service.Expose.MaxScale,
MinScale: service.Expose.MinScale,
CpuThreshold: service.Expose.CpuThreshold,
EnableSGX: service.EnableSGX,
}
utils.CreateExpose(exposeConf, kn.kubeClientset, *kn.config)

Expand Down Expand Up @@ -224,6 +225,7 @@ func (kn *KnativeBackend) UpdateService(service types.Service) error {
MaxScale: service.Expose.MaxScale,
MinScale: service.Expose.MinScale,
CpuThreshold: service.Expose.CpuThreshold,
EnableSGX: service.EnableSGX,
}
utils.UpdateExpose(exposeConf, kn.kubeClientset, *kn.config)

Expand Down Expand Up @@ -310,6 +312,11 @@ func (kn *KnativeBackend) createKNServiceDefinition(service *types.Service) (*kn
},
}

if service.EnableSGX {
knSvc.Spec.ConfigurationSpec.Template.ObjectMeta.Annotations["kubernetes.podspec-securitycontext"] = "enabled"
knSvc.Spec.ConfigurationSpec.Template.ObjectMeta.Annotations["kubernetes.containerspec-addcapabilities"] = "enabled"
}

return knSvc, nil
}

Expand Down
26 changes: 26 additions & 0 deletions pkg/types/service.go
Original file line number Diff line number Diff line change
Expand Up @@ -143,6 +143,10 @@ type Service struct {
// Optional. (default: false)
EnableGPU bool `json:"enable_gpu"`

// EnableSGX parameter to use the SCONE k8s plugin
// Optional. (default: false)
EnableSGX bool `json:"enable_sgx"`

// ImagePrefetch parameter to enable the image cache functionality
// Optional. (default: false)
ImagePrefetch bool `json:"image_prefetch"`
Expand Down Expand Up @@ -289,6 +293,10 @@ func (service *Service) ToPodSpec(cfg *Config) (*v1.PodSpec, error) {
// Add the required environment variables for the watchdog
addWatchdogEnvVars(podSpec, cfg, service)

if service.EnableSGX {
SetSecurityContext(podSpec)
}

return podSpec, nil
}

Expand Down Expand Up @@ -327,6 +335,16 @@ func SetImagePullSecrets(secrets []string) []v1.LocalObjectReference {
return objects
}

func SetSecurityContext(podSpec *v1.PodSpec) {
ctx := v1.SecurityContext{
Capabilities: &v1.Capabilities{
Add: []v1.Capability{"SYS_RAWIO"},
},
}

podSpec.Containers[0].SecurityContext = &ctx
}

func createResources(service *Service) (v1.ResourceRequirements, error) {
resources := v1.ResourceRequirements{
Limits: v1.ResourceList{},
Expand Down Expand Up @@ -356,6 +374,14 @@ func createResources(service *Service) (v1.ResourceRequirements, error) {
resources.Limits["nvidia.com/gpu"] = gpu
}

if service.EnableSGX {
sgx, err := resource.ParseQuantity("1")
if err != nil {
return resources, err
}
resources.Limits["sgx.intel.com/enclave"] = sgx
}

return resources, nil
}

Expand Down
1 change: 1 addition & 0 deletions pkg/types/service_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,7 @@ cpu: "1.0"
total_memory: ""
total_cpu: ""
enable_gpu: false
enable_sgx: false
image_prefetch: false
synchronous:
min_scale: 0
Expand Down
65 changes: 42 additions & 23 deletions pkg/utils/expose.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"context"
"fmt"
"log"
"os"

"github.com/grycap/oscar/v2/pkg/types"
apps "k8s.io/api/apps/v1"
Expand All @@ -41,23 +42,28 @@ type Expose struct {
MinScale int32 `default:"1"`
Port int ` binding:"required" default:"80"`
CpuThreshold int32 `default:"80"`
EnableSGX bool
}

// Custom logger
var ExposeLogger = log.New(os.Stdout, "[EXPOSED-SERVICE] ", log.Flags())

// / Main function that creates all the kubernetes components
func CreateExpose(expose Expose, kubeClientset kubernetes.Interface, cfg types.Config) error {
ExposeLogger.Printf("DEBUG: Creating exposed service: \n%v\n", expose)
err := createDeployment(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
err = createService(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
err = createIngress(expose, kubeClientset, cfg)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
return nil
Expand All @@ -67,17 +73,17 @@ func CreateExpose(expose Expose, kubeClientset kubernetes.Interface, cfg types.C
func DeleteExpose(expose Expose, kubeClientset kubernetes.Interface) error {
err := deleteDeployment(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
err = deleteService(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
err = deleteIngress(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
return nil
Expand All @@ -100,12 +106,12 @@ func UpdateExpose(expose Expose, kubeClientset kubernetes.Interface, cfg types.C
}
err := updateDeployment(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
err2 := updateService(expose, kubeClientset)
if err2 != nil {
log.Printf("WARNING: %v\n", err2)
ExposeLogger.Printf("WARNING: %v\n", err2)
return err2
}
return nil
Expand All @@ -119,15 +125,15 @@ func ListExpose(expose Expose, kubeClientset kubernetes.Interface) error {
services, err2 := listServices(expose, kubeClientset)
ingress, err3 := listIngress(expose, kubeClientset)
if err != nil {
log.Printf("WARNING: %v\n", err)
ExposeLogger.Printf("WARNING: %v\n", err)
return err
}
if err2 != nil {
log.Printf("WARNING: %v\n", err2)
ExposeLogger.Printf("WARNING: %v\n", err2)
return err
}
if err3 != nil {
log.Printf("WARNING: %v\n", err3)
ExposeLogger.Printf("WARNING: %v\n", err3)
return err
}
fmt.Println(deploy, hpa, services, ingress)
Expand Down Expand Up @@ -173,6 +179,7 @@ func getDeployment(e Expose) *apps.Deployment {
},
Status: apps.DeploymentStatus{},
}

return deployment
}

Expand Down Expand Up @@ -208,17 +215,7 @@ func getPodTemplateSpec(e Expose) v1.PodTemplateSpec {
ContainerPort: int32(e.Port),
}
cores := resource.NewMilliQuantity(500, resource.DecimalSI)
var container v1.Container = v1.Container{
Name: e.Name,
Image: e.Image,
Env: types.ConvertEnvVars(e.Variables),
Ports: []v1.ContainerPort{ports},
Resources: v1.ResourceRequirements{
Requests: v1.ResourceList{
"cpu": *cores,
},
},
}

template := v1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Name: e.Name,
Expand All @@ -229,9 +226,31 @@ func getPodTemplateSpec(e Expose) v1.PodTemplateSpec {
},
Spec: v1.PodSpec{
InitContainers: []v1.Container{},
Containers: []v1.Container{container},
Containers: []v1.Container{
{
Name: e.Name,
Image: e.Image,
Env: types.ConvertEnvVars(e.Variables),
Ports: []v1.ContainerPort{ports},
Resources: v1.ResourceRequirements{
Requests: v1.ResourceList{
"cpu": *cores,
},
// Empty Limits list initialized in case enabling SGX is needed
Limits: v1.ResourceList{},
},
},
},
},
}

if e.EnableSGX {
ExposeLogger.Printf("DEBUG: Enabling components to use SGX plugin\n")
types.SetSecurityContext(&template.Spec)
sgx, _ := resource.ParseQuantity("1")
template.Spec.Containers[0].Resources.Limits["sgx.intel.com/enclave"] = sgx
}

return template
}

Expand Down

0 comments on commit d2bc0d0

Please sign in to comment.