From d6b2d7a5f7b94ec695023245537516856f5cc827 Mon Sep 17 00:00:00 2001
From: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Date: Fri, 7 Jun 2019 12:42:26 +0200
Subject: [PATCH] Update CPU-Pooler version

- Update CPU-Pooler and all its requires to the latest available version.
- Extend custom filters with `get_mapped_key`.
- Add CPU mappings to CM config.

Change-Id: I4f948a02c1bf3bf4a05b97af91381baa4bde21e6
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
---
 SPECS/infra-charts.spec                            |  2 +-
 SPECS/instantiate.spec                             |  2 +-
 SPECS/utils.spec                                   |  2 +-
 ansible/filter_plugins/config_helpers.py           | 14 ++++++++++
 cm_config/caas.yaml                                |  7 +++++
 infra-charts/templates/cpu-setter-daemonset.yaml   |  2 +-
 .../templates/webhook-conf-updater-job.yaml        | 30 ++++++++++++++++++++++
 infra-charts/templates/webhook-conf.yaml           | 12 ++-------
 infra-charts/templates/webhook-service.yaml        |  2 +-
 infra-charts/values.yaml.j2                        |  4 +++
 10 files changed, 62 insertions(+), 15 deletions(-)
 create mode 100644 infra-charts/templates/webhook-conf-updater-job.yaml

diff --git a/SPECS/infra-charts.spec b/SPECS/infra-charts.spec
index 0e697f4..9b6e692 100644
--- a/SPECS/infra-charts.spec
+++ b/SPECS/infra-charts.spec
@@ -15,7 +15,7 @@
 %define COMPONENT infra-charts
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MINOR_VERSION 4
 
 Name:           %{RPM_NAME}
 Version:        %{RPM_MAJOR_VERSION}
diff --git a/SPECS/instantiate.spec b/SPECS/instantiate.spec
index ac23e26..e4b6a5c 100644
--- a/SPECS/instantiate.spec
+++ b/SPECS/instantiate.spec
@@ -15,7 +15,7 @@
 %define COMPONENT instantiate
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MINOR_VERSION 4
 
 Name:           %{RPM_NAME}
 Version:        %{RPM_MAJOR_VERSION}
diff --git a/SPECS/utils.spec b/SPECS/utils.spec
index 1e2bc23..1c3efac 100644
--- a/SPECS/utils.spec
+++ b/SPECS/utils.spec
@@ -15,7 +15,7 @@
 %define COMPONENT utils
 %define RPM_NAME caas-%{COMPONENT}
 %define RPM_MAJOR_VERSION 1.0.0
-%define RPM_MINOR_VERSION 3
+%define RPM_MINOR_VERSION 4
 %define KUBELET_PLUGINS_LOGDIR /var/log/kubelet-plugins/
 
 Name:           %{RPM_NAME}
diff --git a/ansible/filter_plugins/config_helpers.py b/ansible/filter_plugins/config_helpers.py
index 8e0ab7a..9ef5601 100755
--- a/ansible/filter_plugins/config_helpers.py
+++ b/ansible/filter_plugins/config_helpers.py
@@ -20,6 +20,7 @@ class FilterModule(object):
     def filters(self):
         return {
             'get_kube_options': get_kube_options,
+            'get_mapped_key': get_mapped_key,
         }
 
 
@@ -31,3 +32,16 @@ def get_kube_options(options):
     formated_options = [option_template.format(option, str(value))
                         for option, value in options.iteritems()]
     return ",".join(formated_options)
+
+
+def get_mapped_key(mapping, search_key, key_name):
+    _validate_dict(mapping)
+    for key, value in mapping.iteritems():
+        if (value.get(search_key, None) and
+           value[search_key] == key_name):
+            return key
+
+
+def _validate_dict(value):
+    if not isinstance(value, dict):
+        raise AnsibleError("Invalid type {}. Options must be dictionary!".format(type(options)))
diff --git a/cm_config/caas.yaml b/cm_config/caas.yaml
index 75c85df..cfb2fa6 100644
--- a/cm_config/caas.yaml
+++ b/cm_config/caas.yaml
@@ -101,3 +101,10 @@ uid:
   chartrepo: 150
   elasticsearch: 202
   flannel: 666
+cpu_allocation_mapping:
+  caas_exclusive:
+    pool_name: exclusive_caas
+  caas_shared:
+    pool_name: shared_caas
+  caas_default:
+    pool_name: default
diff --git a/infra-charts/templates/cpu-setter-daemonset.yaml b/infra-charts/templates/cpu-setter-daemonset.yaml
index f3d02b1..102a3e8 100644
--- a/infra-charts/templates/cpu-setter-daemonset.yaml
+++ b/infra-charts/templates/cpu-setter-daemonset.yaml
@@ -51,7 +51,7 @@ spec:
            name: cpu-pooler-config
          - mountPath: /var/lib/kubelet/device-plugins/kubelet_internal_checkpoint
            name: checkpointfile
-           readOnly: false
+           readOnly: true
         env:
         - name: NODE_NAME
           valueFrom:
diff --git a/infra-charts/templates/webhook-conf-updater-job.yaml b/infra-charts/templates/webhook-conf-updater-job.yaml
new file mode 100644
index 0000000..36a62a6
--- /dev/null
+++ b/infra-charts/templates/webhook-conf-updater-job.yaml
@@ -0,0 +1,30 @@
+{{ if .Values.cpupooler.required }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: webhook-cfg-updater
+  namespace: kube-system
+  labels:
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  template:
+    metadata:
+      annotations:
+        danm.k8s.io/interfaces: |
+          [
+            {
+              "network":"flannel"
+            }
+          ]
+    spec:
+      containers:
+      - name: webhook-cfg-updater
+        image: {{ .Values.registry_url }}/{{ .Values.registry_reponame }}/cpupooler:{{ .Values.cpupooler.container_version }}
+        command: ["sh", "-c", "--"]
+        args: ["RESVER=$(curl -k -H \"Authorization: Bearer $(cat {{ .Values.cpupooler.secret_path }}/token)\" -H 'Accept: application/json' --cacert {{ .Values.cpupooler.secret_path }}/ca.cert https://{{ .Values.apiserver_service_name }}/apis/admissionregistration.k8s.io/v1beta1/mutatingwebhookconfigurations/{{ .Values.cpupooler.webhook_conf_name }} | grep resourceVersion | awk '{print $2}' | tr -d ',' | tr -d '\"'); curl -k -X PUT -H \"Authorization: Bearer $(cat {{ .Values.cpupooler.secret_path }}/token)\" -H 'Accept: application/json' -H 'Content-Type: application/json' --cacert {{ .Values.cpupooler.secret_path }}/ca.cert https://{{ .Values.apiserver_service_name }}/apis/admissionregistration.k8s.io/v1beta1/mutatingwebhookconfigurations/{{ .Values.cpupooler.webhook_conf_name }} -d '{ \"apiVersion\": \"admissionregistration.k8s.io/v1beta1\", \"kind\": \"MutatingWebhookConfiguration\", \"metadata\": { \"name\": \"{{ .Values.cpupooler.webhook_conf_name }}\", \"namespace\": \"kube-system\", \"resourceVersion\": \"'$RESVER'\" }, \"webhooks\": [{\"name\": \"cpu-dev-mutator.nokia.k8s.io\", \"clientConfig\": {\"service\": {\"name\": \"{{ .Values.cpupooler.webhook_svc_name }}\", \"namespace\":\"kube-system\", \"path\":\"/mutating-pods\"}, \"caBundle\": \"{{ .Values.cpupooler.webhook_ca_bundle }}\" }, \"rules\": [{\"operations\": [\"CREATE\", \"UPDATE\"], \"apiGroups\": [\"\"], \"apiVersions\": [\"v1\"], \"resources\": [\"pods\"] }], \"failurePolicy\": \"Fail\" }]}';"]
+        imagePullPolicy: IfNotPresent
+      restartPolicy: Never
+      serviceAccountName: webhookcfg-controller
+{{ end }}
diff --git a/infra-charts/templates/webhook-conf.yaml b/infra-charts/templates/webhook-conf.yaml
index 611f590..8612900 100644
--- a/infra-charts/templates/webhook-conf.yaml
+++ b/infra-charts/templates/webhook-conf.yaml
@@ -18,23 +18,15 @@ limitations under the License.
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: MutatingWebhookConfiguration
 metadata:
-  name: cpu-device-pod-mutator-webhook-config
+  name: {{ .Values.cpupooler.webhook_conf_name }}
   namespace: kube-system
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-delete-policy": hook-failed, before-hook-creation
 webhooks:
   - name: cpu-dev-mutator.nokia.k8s.io
     clientConfig:
       service:
-        name: cpu-dev-pod-mutator-svc
+        name: {{ .Values.cpupooler.webhook_svc_name }}
         namespace: kube-system
         path: "/mutating-pods"
       caBundle: "{{ .Values.cpupooler.webhook_ca_bundle }}"
-    rules:
-      - operations: ["CREATE","UPDATE"]
-        apiGroups: [""]
-        apiVersions: ["v1"]
-        resources: ["pods"]
     failurePolicy: Fail
 {{ end }}
diff --git a/infra-charts/templates/webhook-service.yaml b/infra-charts/templates/webhook-service.yaml
index cf6a332..914a55f 100644
--- a/infra-charts/templates/webhook-service.yaml
+++ b/infra-charts/templates/webhook-service.yaml
@@ -18,7 +18,7 @@ limitations under the License.
 apiVersion: v1
 kind: Service
 metadata:
-  name: cpu-dev-pod-mutator-svc
+  name: {{ .Values.cpupooler.webhook_svc_name }}
   namespace: kube-system
   labels:
     {{ .Values.kubernetes_component_label }}: cpu-dev-pod-mutator
diff --git a/infra-charts/values.yaml.j2 b/infra-charts/values.yaml.j2
index d772e35..e03794c 100644
--- a/infra-charts/values.yaml.j2
+++ b/infra-charts/values.yaml.j2
@@ -18,6 +18,7 @@ kubernetes_component_label: {{ caas.kubernetes_component_label }}
 registry_url: {{ caas.registry_url }}:{{ caas.registry_port }}
 registry_reponame: "{{ caas.registry_repo }}"
 domain: "{{ caas.dns_domain }}"
+apiserver_service_name: {{ caas.apiserver_service_name }}
 
 metrics_server:
   required: true
@@ -49,6 +50,9 @@ netwatcher:
 
 cpupooler:
   required: true
+  webhook_conf_name: cpu-device-pod-mutator-webhook-config
+  webhook_svc_name: cpu-dev-pod-mutator-svc
+  secret_path: /var/run/secrets/kubernetes.io/serviceaccount
   container_version: {{ container_image_names | select('search', '/cpupooler') | list | last | regex_replace('.*:([\\w\\-_\\.]+)$', '\\1') }}
   webhook_ca_bundle: {{ webhooks_ca }}
   webhook_port: {{ caas.webhook_port }}
-- 
2.16.6