webhook: automatically insert the rdma resource to pod by DRA claim

Makefile

@@ -281,6 +281,8 @@ unittest-tests: check_test_label
 		--cover --coverprofile=./coverage.out --covermode set \
 		--json-report unittestreport.json \
 		-randomize-suites -randomize-all --keep-going  --timeout=1h  -p \
+		--output-interceptor-mode=none \
+		--label-filter=$(E2E_GINKGO_LABELS) \ 
 		-vv  -r $(ROOT_DIR)/pkg $(ROOT_DIR)/cmd
 	$(QUIET) go tool cover -html=./coverage.out -o coverage-all.html
 

charts/spiderpool/README.md

@@ -209,11 +209,10 @@ helm install spiderpool spiderpool/spiderpool --wait --namespace kube-system \
 
 ### dra parameters
 
-| Name                 | Description                | Value          |
-| -------------------- | -------------------------- | -------------- |
-| `dra.enabled`        | to enable dra feature      | `false`        |
-| `dra.cdiRootPath`    | the dir of cdi root        | `/var/run/cdi` |
-| `dra.hostDevicePath` | the dir path of the device | `""`           |
+| Name              | Description           | Value          |
+| ----------------- | --------------------- | -------------- |
+| `dra.enabled`     | to enable dra feature | `false`        |
+| `dra.cdiRootPath` | the dir of cdi root   | `/var/run/cdi` |
 
 ### plugins parameters
 

charts/spiderpool/templates/configmap.yaml

@@ -29,7 +29,6 @@ data:
     dra:
       enabled: {{ .Values.dra.enabled }}
       cdiRootPath: {{ .Values.dra.cdiRootPath }}
-      hostDevicePath: {{ .Values.dra.hostDevicePath }}
     tuneSysctlConfig: {{ .Values.spiderpoolAgent.tuneSysctlConfig }}
 {{- if .Values.multus.multusCNI.install }}
 ---

charts/spiderpool/templates/tls.yaml

@@ -144,6 +144,40 @@ webhooks:
     - spidercoordinators
   sideEffects: None
 {{- end }}
+{{- if .Values.dra.enabled }}
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }}
+      namespace: {{ .Release.Namespace }}
+      path: /mutate--v1-pods
+      port: {{ .Values.spiderpoolController.webhookPort }}
+    {{- if (eq .Values.spiderpoolController.tls.method "provided") }}
+    caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }}
+    {{- else if (eq .Values.spiderpoolController.tls.method "auto") }}
+    caBundle: {{ .ca.Cert | b64enc }}
+    {{- end }}
+  failurePolicy: Ignore
+  name: pod.spidernet.io
+  objectSelector: 
+    matchExpressions:
+    - key: app.kubernetes.io/name
+      operator: NotIn
+      values:
+      - {{ include "spiderpool.name" . }}
+  rules:
+  - apiGroups:
+    - ""
+    apiVersions:
+    - v1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - pods
+  sideEffects: None
+{{- end }}
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

charts/spiderpool/values.yaml

@@ -271,8 +271,6 @@ dra:
   enabled: false
   ## @param dra.cdiRootPath the dir of cdi root
   cdiRootPath: "/var/run/cdi"
-  ## @param dra.hostDevicePath the dir path of the device
-  hostDevicePath: ""
 
 ## @section plugins parameters
 ##

cmd/spiderpool-agent/cmd/config.go

@@ -23,9 +23,9 @@ import (
 	"github.com/spidernet-io/spiderpool/pkg/ippoolmanager"
 	"github.com/spidernet-io/spiderpool/pkg/kubevirtmanager"
 	"github.com/spidernet-io/spiderpool/pkg/logutils"
+	"github.com/spidernet-io/spiderpool/pkg/manager/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/namespacemanager"
 	"github.com/spidernet-io/spiderpool/pkg/nodemanager"
-	"github.com/spidernet-io/spiderpool/pkg/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/reservedipmanager"
 	"github.com/spidernet-io/spiderpool/pkg/statefulsetmanager"
 	"github.com/spidernet-io/spiderpool/pkg/subnetmanager"

cmd/spiderpool-agent/cmd/daemon.go

@@ -29,11 +29,11 @@ import (
 	"github.com/spidernet-io/spiderpool/pkg/ippoolmanager"
 	"github.com/spidernet-io/spiderpool/pkg/kubevirtmanager"
 	"github.com/spidernet-io/spiderpool/pkg/logutils"
+	"github.com/spidernet-io/spiderpool/pkg/manager/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/namespacemanager"
 	"github.com/spidernet-io/spiderpool/pkg/networking/sysctl"
 	"github.com/spidernet-io/spiderpool/pkg/nodemanager"
 	"github.com/spidernet-io/spiderpool/pkg/openapi"
-	"github.com/spidernet-io/spiderpool/pkg/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/reservedipmanager"
 	"github.com/spidernet-io/spiderpool/pkg/statefulsetmanager"
 	"github.com/spidernet-io/spiderpool/pkg/subnetmanager"
@@ -250,7 +250,7 @@ func DaemonMain() {
 
 	if agentContext.Cfg.DraEnabled {
 		logger.Info("Begin to start dra-plugin Server")
-		agentContext.DraPlugin, err = draplugin.StartDRAPlugin(logger, agentContext.Cfg.DraCdiRootPath, agentContext.Cfg.DraHostDevicePath)
+		agentContext.DraPlugin, err = draplugin.StartDRAPlugin(logger, agentContext.Cfg.DraCdiRootPath)
 		if err != nil {
 			logger.Fatal("failed to start dra-plugin server", zap.Error(err))
 		}
@@ -364,9 +364,10 @@ func initAgentServiceManagers(ctx context.Context) {
 	agentContext.NSManager = nsManager
 
 	logger.Debug("Begin to initialize Pod manager")
-	podManager, err := podmanager.NewPodManager(
+	podManager, err := podmanager.NewPodManager(false,
 		agentContext.CRDManager.GetClient(),
 		agentContext.CRDManager.GetAPIReader(),
+		nil,
 	)
 	if err != nil {
 		logger.Fatal(err.Error())

cmd/spiderpool-controller/cmd/config.go

@@ -25,9 +25,9 @@ import (
 	"github.com/spidernet-io/spiderpool/pkg/ippoolmanager"
 	"github.com/spidernet-io/spiderpool/pkg/kubevirtmanager"
 	"github.com/spidernet-io/spiderpool/pkg/logutils"
+	"github.com/spidernet-io/spiderpool/pkg/manager/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/namespacemanager"
 	"github.com/spidernet-io/spiderpool/pkg/nodemanager"
-	"github.com/spidernet-io/spiderpool/pkg/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/reservedipmanager"
 	"github.com/spidernet-io/spiderpool/pkg/statefulsetmanager"
 	"github.com/spidernet-io/spiderpool/pkg/subnetmanager"

cmd/spiderpool-controller/cmd/daemon.go

@@ -33,12 +33,12 @@ import (
 	crdclientset "github.com/spidernet-io/spiderpool/pkg/k8s/client/clientset/versioned"
 	"github.com/spidernet-io/spiderpool/pkg/kubevirtmanager"
 	"github.com/spidernet-io/spiderpool/pkg/logutils"
+	"github.com/spidernet-io/spiderpool/pkg/manager/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/manager/spidercliamparameter"
 	"github.com/spidernet-io/spiderpool/pkg/multuscniconfig"
 	"github.com/spidernet-io/spiderpool/pkg/namespacemanager"
 	"github.com/spidernet-io/spiderpool/pkg/nodemanager"
 	"github.com/spidernet-io/spiderpool/pkg/openapi"
-	"github.com/spidernet-io/spiderpool/pkg/podmanager"
 	"github.com/spidernet-io/spiderpool/pkg/reservedipmanager"
 	"github.com/spidernet-io/spiderpool/pkg/statefulsetmanager"
 	"github.com/spidernet-io/spiderpool/pkg/subnetmanager"
@@ -260,12 +260,15 @@ func initControllerServiceManagers(ctx context.Context) {
 
 	logger.Debug("Begin to initialize Pod manager")
 	podManager, err := podmanager.NewPodManager(
+		controllerContext.Cfg.DraEnabled,
 		controllerContext.CRDManager.GetClient(),
 		controllerContext.CRDManager.GetAPIReader(),
+		controllerContext.CRDManager,
 	)
 	if err != nil {
 		logger.Fatal(err.Error())
 	}
+
 	controllerContext.PodManager = podManager
 
 	logger.Info("Begin to initialize StatefulSet manager")

pkg/dra/dra-plugin/device_state.go

@@ -6,7 +6,6 @@ package draPlugin
 import (
 	"context"
 	"fmt"
-	"os"
 
 	"github.com/spidernet-io/spiderpool/pkg/constant"
 	v2beta1 "github.com/spidernet-io/spiderpool/pkg/k8s/apis/spiderpool.spidernet.io/v2beta1"
@@ -20,17 +19,17 @@ type NodeDeviceState struct {
 	preparedClaims map[string]struct{}
 }
 
-func NewDeviceState(logger *zap.Logger, cdiRoot, so string) (*NodeDeviceState, error) {
-	_, err := os.Stat(so)
-	if err != nil {
-		return nil, fmt.Errorf("failed to stat draHostDevicePath %s: %v", so, err)
-	}
+func NewDeviceState(logger *zap.Logger, cdiRoot string) (*NodeDeviceState, error) {
+	// _, err := os.Stat(so)
+	// if err != nil {
+	// 	return nil, fmt.Errorf("failed to stat draHostDevicePath %s: %v", so, err)
+	// }
 
 	cdi, err := NewCDIHandler(logger,
 		WithCDIRoot(cdiRoot),
 		WithClass(constant.DRACDIClass),
 		WithVendor(constant.DRACDIVendor),
-		WithSoPath(so),
+		//WithSoPath(so),
 	)
 	if err != nil {
 		return nil, err

pkg/dra/dra-plugin/driver.go

@@ -24,9 +24,9 @@ type driver struct {
 	SpiderClientSet clientset.Interface
 }
 
-func NewDriver(logger *zap.Logger, cdiRoot string, so string) (*driver, error) {
+func NewDriver(logger *zap.Logger, cdiRoot string) (*driver, error) {
 	restConfig := ctrl.GetConfigOrDie()
-	state, err := NewDeviceState(logger, cdiRoot, so)
+	state, err := NewDeviceState(logger, cdiRoot)
 	if err != nil {
 		return nil, err
 	}

pkg/dra/dra-plugin/plugin.go

@@ -11,7 +11,7 @@ import (
 	"k8s.io/dynamic-resource-allocation/kubeletplugin"
 )
 
-func StartDRAPlugin(logger *zap.Logger, cdiRoot string, so string) (kubeletplugin.DRAPlugin, error) {
+func StartDRAPlugin(logger *zap.Logger, cdiRoot string) (kubeletplugin.DRAPlugin, error) {
 	err := os.MkdirAll(constant.DRADriverPluginPath, 0750)
 	if err != nil {
 		return nil, err
@@ -29,7 +29,7 @@ func StartDRAPlugin(logger *zap.Logger, cdiRoot string, so string) (kubeletplugi
 		return nil, fmt.Errorf("cdi path %s isn't a directory", cdiRoot)
 	}
 
-	driver, err := NewDriver(logger.Named("DRA"), cdiRoot, so)
+	driver, err := NewDriver(logger.Named("DRA"), cdiRoot)
 	if err != nil {
 		return nil, err
 	}

pkg/dra/utils/utils.go

@@ -0,0 +1,121 @@
+// Copyright 2024 Authors of spidernet-io
+// SPDX-License-Identifier: Apache-2.0
+package utils
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	init_cmd "github.com/spidernet-io/spiderpool/cmd/spiderpool-init/cmd"
+	"github.com/spidernet-io/spiderpool/pkg/constant"
+	spiderpoolv2beta1 "github.com/spidernet-io/spiderpool/pkg/k8s/apis/spiderpool.spidernet.io/v2beta1"
+	corev1 "k8s.io/api/core/v1"
+	resourcev1alpha2 "k8s.io/api/resource/v1alpha2"
+	k8s_resource "k8s.io/apimachinery/pkg/api/resource"
+	apitypes "k8s.io/apimachinery/pkg/types"
+	"sigs.k8s.io/controller-runtime/pkg/client"
+)
+
+func GetStaticNicsFromSpiderClaimParameter(ctx context.Context, apiReader client.Reader, pod *corev1.Pod) ([]spiderpoolv2beta1.MultusConfig, error) {
+	for _, rc := range pod.Spec.ResourceClaims {
+		if rc.Source.ResourceClaimTemplateName != nil {
+			var rct resourcev1alpha2.ResourceClaimTemplate
+			if err := apiReader.Get(ctx, apitypes.NamespacedName{Namespace: pod.Namespace, Name: *rc.Source.ResourceClaimTemplateName}, &rct); err != nil {
+				return nil, err
+			}
+
+			if rct.Spec.Spec.ResourceClassName == constant.DRADriverName && rct.Spec.Spec.ParametersRef.APIGroup == constant.SpiderpoolAPIGroup &&
+				rct.Spec.Spec.ParametersRef.Kind == constant.KindSpiderClaimParameter {
+
+				var scp spiderpoolv2beta1.SpiderClaimParameter
+				if err := apiReader.Get(ctx, apitypes.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}, &scp); err != nil {
+					return nil, fmt.Errorf("failed to get spiderClaimParameter for pod %s/%s: %v", pod.Namespace, pod.Name, err)
+				}
+
+				var multusConfigs []spiderpoolv2beta1.MultusConfig
+				if scp.Spec.DefaultNic != nil {
+					multusConfigs = append(multusConfigs, *scp.Spec.DefaultNic)
+				}
+				multusConfigs = append(multusConfigs, scp.Spec.SecondaryNics...)
+
+				return multusConfigs, nil
+			}
+		}
+	}
+	return []spiderpoolv2beta1.MultusConfig{}, nil
+}
+
+func GetRdmaResourceMapFromStaticNics(ctx context.Context, apiReader client.Reader, staticNics []spiderpoolv2beta1.MultusConfig) (map[string]bool, error) {
+	resourceMap := make(map[string]bool)
+	for _, nic := range staticNics {
+		if nic.Namespace == "" {
+			nic.Namespace = os.Getenv(init_cmd.ENVNamespace)
+		}
+
+		var smc spiderpoolv2beta1.SpiderMultusConfig
+		if err := apiReader.Get(ctx, apitypes.NamespacedName{Namespace: nic.Namespace, Name: nic.MultusName}, &smc); err != nil {
+			return nil, fmt.Errorf("failed to get spiderClaimParameter: %v", err)
+		}
+
+		resourceName := resourceName(&smc)
+		if resourceName == "" {
+			continue
+		}
+
+		if _, ok := resourceMap[resourceName]; !ok {
+			resourceMap[resourceName] = false
+		}
+	}
+	return resourceMap, nil
+}
+
+// resourceName return the resourceName for given spiderMultusConfig
+func resourceName(smc *spiderpoolv2beta1.SpiderMultusConfig) string {
+	switch *smc.Spec.CniType {
+	case constant.MacvlanCNI:
+		if smc.Spec.MacvlanConfig != nil && smc.Spec.MacvlanConfig.EnableRdma {
+			return smc.Spec.MacvlanConfig.RdmaResourceName
+		}
+	case constant.IPVlanCNI:
+		if smc.Spec.IPVlanConfig != nil && smc.Spec.IPVlanConfig.EnableRdma {
+			return smc.Spec.IPVlanConfig.RdmaResourceName
+		}
+	case constant.SriovCNI:
+		if smc.Spec.SriovConfig != nil {
+			return smc.Spec.SriovConfig.ResourceName
+		}
+	case constant.IBSriovCNI:
+		if smc.Spec.IbSriovConfig != nil {
+			return smc.Spec.IbSriovConfig.ResourceName
+		}
+	}
+	return ""
+}
+
+func InjectRdmaResourceToPod(resourceMap map[string]bool, pod *corev1.Pod) {
+	for _, c := range pod.Spec.Containers {
+		for resource := range resourceMap {
+			if resourceMap[resource] {
+				// the resource has found in pod, skip
+				continue
+			}
+
+			// try to find the resource in container resources.requests
+			if _, ok := c.Resources.Requests[corev1.ResourceName(resource)]; ok {
+				resourceMap[resource] = true
+			} else {
+				if _, ok := c.Resources.Limits[corev1.ResourceName(resource)]; ok {
+					resourceMap[resource] = true
+				}
+			}
+		}
+	}
+
+	for resource, found := range resourceMap {
+		if !found {
+			// inject the resource to the pod.containers[0].resources.requests
+			pod.Spec.Containers[0].Resources.Requests[corev1.ResourceName(resource)] = k8s_resource.MustParse("1")
+		}
+	}
+}