fix: allow coexistence between podoffloadingpolicy and runtimeclass

liqotech · Dec 10, 2024 · ce3a759 · ce3a759
1 parent 896af81
commit ce3a759
Show file tree

Hide file tree

Showing 6 changed files with 23 additions and 28 deletions.
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
@@ -90,8 +90,8 @@ func main() {
 		"Enforce offerer-side that offloaded pods do not exceed offered resources (based on container limits)")
 	refreshInterval := pflag.Duration("resource-validator-refresh-interval",
 		5*time.Minute, "The interval at which the resource validator cache is refreshed")
-	addVirtualNodeTolerationOnOffloadedPods := pflag.Bool("add-virtual-node-toleration-on-offloaded-pods", false,
-		"Automatically add the virtual node toleration on offloaded pods")
+	liqoRuntimeClassName := pflag.String("liqo-runtime-class", "liqo",
+		"Define the Liqo runtime class forcing the pods to be scheduled on virtual nodes")
 
 	flagsutils.InitKlogFlags(pflag.CommandLine)
 	restcfg.InitFlags(pflag.CommandLine)
@@ -192,7 +192,7 @@ func main() {
 	mgr.GetWebhookServer().Register("/validate/shadowpods", &webhook.Admission{Handler: spv})
 	mgr.GetWebhookServer().Register("/mutate/shadowpods", shadowpodswh.NewMutator(mgr.GetClient()))
 	mgr.GetWebhookServer().Register("/validate/namespace-offloading", nsoffwh.New())
-	mgr.GetWebhookServer().Register("/mutate/pod", podwh.New(mgr.GetClient(), *addVirtualNodeTolerationOnOffloadedPods))
+	mgr.GetWebhookServer().Register("/mutate/pod", podwh.New(mgr.GetClient(), *liqoRuntimeClassName))
 	mgr.GetWebhookServer().Register("/mutate/virtualnodes", virtualnodewh.New(
 		mgr.GetClient(), clusterID, *podcidr, *liqoNamespace, vkOptsDefaultTemplateRef))
 	mgr.GetWebhookServer().Register("/validate/resourceslices", resourceslicewh.NewValidator(mgr.GetClient()))

diff --git a/deployments/liqo/templates/liqo-webhook-deployment.yaml b/deployments/liqo/templates/liqo-webhook-deployment.yaml
@@ -53,14 +53,12 @@ spec:
           - --cluster-id=$(CLUSTER_ID)
           - --liqo-namespace=$(POD_NAMESPACE)
           - --secret-name={{ include "liqo.prefixedName" $webhookConfig }}-certs
+          - --liqo-runtime-class={{ .Values.offloading.runtimeClass.enable }}
           - --podcidr={{ .Values.ipam.podCIDR }}
           - --vk-options-default-template={{ .Release.Namespace }}/{{ printf "%s-default" $kubeletConfig.name }}
           {{- if .Values.controllerManager.config.enableResourceEnforcement }}
           - --enable-resource-enforcement
           {{- end }}
-          {{- if not .Values.offloading.runtimeClass.enable }}
-          - --add-virtual-node-toleration-on-offloaded-pods
-          {{- end }}
           {{- if .Values.common.extraArgs }}
           {{- toYaml .Values.common.extraArgs | nindent 10 }}
           {{- end }}

diff --git a/deployments/liqo/templates/runtime-class.yaml b/deployments/liqo/templates/runtime-class.yaml
@@ -1,7 +1,5 @@
 {{- $runtimeConfig := (merge (dict "name" "runtimeclass" "module" "runtimeclass") .) -}}
 
-{{- if .Values.offloading.runtimeClass.enable }}
-
 apiVersion: node.k8s.io/v1
 kind: RuntimeClass
 metadata:
@@ -25,5 +23,3 @@ scheduling:
   tolerations:
     {{- toYaml .Values.offloading.runtimeClass.tolerations.tolerations | nindent 4 }}
   {{- end }}
-
-{{- end }}
diff --git a/deployments/liqo/values.yaml b/deployments/liqo/values.yaml
@@ -184,7 +184,6 @@ offloading:
   # by setting the "disableNetworkCheck" field in the resource Spec.
   disableNetworkCheck: false
   runtimeClass:
-    enable: false
     # -- Name of the runtime class to use for offloading.
     name: liqo
     # -- Annotations for the runtime class.

diff --git a/pkg/webhooks/pod/mutations.go b/pkg/webhooks/pod/mutations.go
@@ -130,7 +130,7 @@ func fillPodWithTheNewNodeSelector(imposedNodeSelector *corev1.NodeSelector, pod
 // chosen in the CR. Two possible modifications:
 // - The VirtualNodeToleration is added to the Pod Toleration if necessary.
 // - The old Pod NodeSelector is substituted with a new one according to the PodOffloadingStrategyType.
-func mutatePod(namespaceOffloading *offloadingv1beta1.NamespaceOffloading, pod *corev1.Pod, addVirtualNodeToleration bool) error {
+func mutatePod(namespaceOffloading *offloadingv1beta1.NamespaceOffloading, pod *corev1.Pod, liqoRuntimeClassName string) error {
 	// The NamespaceOffloading CR contains information about the PodOffloadingStrategy and
 	// the NodeSelector inserted by the user (ClusterSelector field).
 	klog.V(5).Infof("Chosen strategy: %s", namespaceOffloading.Spec.PodOffloadingStrategy)
@@ -140,7 +140,8 @@ func mutatePod(namespaceOffloading *offloadingv1beta1.NamespaceOffloading, pod *
 		return nil
 	}
 
-	if addVirtualNodeToleration {
+	hasRuntimeClass := pod.Spec.RuntimeClassName != nil && *pod.Spec.RuntimeClassName == liqoRuntimeClassName
+	if !hasRuntimeClass {
 		// Create the right Toleration according to the PodOffloadingStrategy case.
 		toleration, err := createTolerationFromNamespaceOffloading(namespaceOffloading.Spec.PodOffloadingStrategy)
 		if err != nil {
@@ -152,19 +153,20 @@ func mutatePod(namespaceOffloading *offloadingv1beta1.NamespaceOffloading, pod *
 
 		// It is necessary to add the just created toleration.
 		pod.Spec.Tolerations = append(pod.Spec.Tolerations, toleration)
-	}
 
-	// Create the right NodeSelector according to the PodOffloadingStrategy case.
-	imposedNodeSelector, err := createNodeSelectorFromNamespaceOffloading(namespaceOffloading)
-	if err != nil {
-		klog.Errorf("The NamespaceOffloading in namespace '%s' has unknown strategy '%s'",
-			namespaceOffloading.Namespace, namespaceOffloading.Spec.PodOffloadingStrategy)
-		return err
+		// Create the right NodeSelector according to the PodOffloadingStrategy case.
+		imposedNodeSelector, err := createNodeSelectorFromNamespaceOffloading(namespaceOffloading)
+		if err != nil {
+			klog.Errorf("The NamespaceOffloading in namespace '%s' has unknown strategy '%s'",
+				namespaceOffloading.Namespace, namespaceOffloading.Spec.PodOffloadingStrategy)
+			return err
+		}
+		klog.V(5).Infof("ImposedNodeSelector: %s", imposedNodeSelector)
+
+		// Enforce the new NodeSelector policy imposed by the NamespaceOffloading creator.
+		fillPodWithTheNewNodeSelector(imposedNodeSelector, pod)
+		klog.V(5).Infof("Pod NodeSelector: %s", imposedNodeSelector)
 	}
-	klog.V(5).Infof("ImposedNodeSelector: %s", imposedNodeSelector)
 
-	// Enforce the new NodeSelector policy imposed by the NamespaceOffloading creator.
-	fillPodWithTheNewNodeSelector(imposedNodeSelector, pod)
-	klog.V(5).Infof("Pod NodeSelector: %s", imposedNodeSelector)
 	return nil
 }
diff --git a/pkg/webhooks/pod/pod.go b/pkg/webhooks/pod/pod.go
@@ -39,16 +39,16 @@ type podwh struct {
 	client  client.Client
 	decoder admission.Decoder
 
-	addVirtualNodeToleration bool
+	runtimeClassName string
 }
 
 // New returns a new PodWebhook instance.
-func New(cl client.Client, addVirtualNodeToleration bool) *webhook.Admission {
+func New(cl client.Client, liqoRuntimeClassName string) *webhook.Admission {
 	return &webhook.Admission{Handler: &podwh{
 		client:  cl,
 		decoder: admission.NewDecoder(runtime.NewScheme()),
 
-		addVirtualNodeToleration: addVirtualNodeToleration,
+		runtimeClassName: liqoRuntimeClassName,
 	}}
 }
 
@@ -91,7 +91,7 @@ func (w *podwh) Handle(ctx context.Context, req admission.Request) admission.Res
 		return admission.Errored(http.StatusInternalServerError, errors.New("failed retrieving NamespaceOffloading"))
 	}
 
-	if err = mutatePod(nsoff, pod, w.addVirtualNodeToleration); err != nil {
+	if err = mutatePod(nsoff, pod, w.runtimeClassName); err != nil {
 		return admission.Errored(http.StatusInternalServerError, errors.New("failed constructing pod mutation"))
 	}