Add support for runtime classes

Runtime classes are added as in internal value on Acorn compute class objects. This allows for using things like Kata Containers. Signed-off-by: Bill Maxwell <[email protected]>
acorn-io · Dec 5, 2023 · 1a1e7fa · 1a1e7fa
1 parent 8691e0d
commit 1a1e7fa
Show file tree

Hide file tree

Showing 7 changed files with 71 additions and 10 deletions.
diff --git a/pkg/apis/internal.acorn.io/v1/appinstance.go b/pkg/apis/internal.acorn.io/v1/appinstance.go
@@ -247,6 +247,7 @@ type Scheduling struct {
 	Affinity          *corev1.Affinity            `json:"affinity,omitempty"`
 	Tolerations       []corev1.Toleration         `json:"tolerations,omitempty"`
 	PriorityClassName string                      `json:"priorityClassName,omitempty"`
+	RuntimeClassName  string                      `json:"runtimeClassName,omitempty"`
 }
 
 type Endpoint struct {

diff --git a/pkg/apis/internal.admin.acorn.io/v1/computeclasses.go b/pkg/apis/internal.admin.acorn.io/v1/computeclasses.go
@@ -52,6 +52,7 @@ type ProjectComputeClassInstance struct {
 	Memory            ComputeClassMemory  `json:"memory,omitempty"`
 	SupportedRegions  []string            `json:"supportedRegions,omitempty"`
 	PriorityClassName string              `json:"priorityClassName,omitempty"`
+	RuntimeClassName  string              `json:"runtimeClassName,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

diff --git a/pkg/controller/appdefinition/deploy.go b/pkg/controller/appdefinition/deploy.go
@@ -778,6 +778,7 @@ func toDeployment(req router.Request, appInstance *v1.AppInstance, tag name.Refe
 					Affinity:                      appInstance.Status.Scheduling[name].Affinity,
 					Tolerations:                   appInstance.Status.Scheduling[name].Tolerations,
 					PriorityClassName:             appInstance.Status.Scheduling[name].PriorityClassName,
+					RuntimeClassName:              z.Pointer[string](appInstance.Status.Scheduling[name].RuntimeClassName),
 					TerminationGracePeriodSeconds: z.Pointer[int64](10),
 					ImagePullSecrets:              pullSecrets.ForContainer(name, append(containers, initContainers...)),
 					EnableServiceLinks:            new(bool),

diff --git a/pkg/controller/scheduling/scheduling.go b/pkg/controller/scheduling/scheduling.go
@@ -10,6 +10,7 @@ import (
 	tl "github.com/acorn-io/runtime/pkg/tolerations"
 	"github.com/acorn-io/z"
 	corev1 "k8s.io/api/core/v1"
+	nodev1 "k8s.io/api/node/v1"
 	schedulingv1 "k8s.io/api/scheduling/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
 )
@@ -78,7 +79,12 @@ func addScheduling(req router.Request, appInstance *v1.AppInstance, workloads ma
 
 		affinity, tolerations = Nodes(req, computeClass)
 
-		priorityClassName, err := PriorityClassName(req, computeClass)
+		priorityClassName, err := priorityClassName(req, computeClass)
+		if err != nil {
+			return err
+		}
+
+		runtimeClassName, err := runtimeClassName(req, computeClass)
 		if err != nil {
 			return err
 		}
@@ -97,6 +103,7 @@ func addScheduling(req router.Request, appInstance *v1.AppInstance, workloads ma
 			Affinity:          affinity,
 			Tolerations:       tolerations,
 			PriorityClassName: priorityClassName,
+			RuntimeClassName:  runtimeClassName,
 		}
 	}
 	return nil
@@ -111,7 +118,7 @@ func Nodes(req router.Request, computeClass *adminv1.ProjectComputeClassInstance
 }
 
 // PriorityClassName checks that a defined PriorityClass exists and returns the name of it
-func PriorityClassName(req router.Request, computeClass *adminv1.ProjectComputeClassInstance) (string, error) {
+func priorityClassName(req router.Request, computeClass *adminv1.ProjectComputeClassInstance) (string, error) {
 	if computeClass == nil || computeClass.PriorityClassName == "" {
 		return "", nil
 	}
@@ -125,6 +132,21 @@ func PriorityClassName(req router.Request, computeClass *adminv1.ProjectComputeC
 	return computeClass.PriorityClassName, nil
 }
 
+// RuntimeClassName checks that a defined RuntimeClass exists and returns the name of it
+func runtimeClassName(req router.Request, computeClass *adminv1.ProjectComputeClassInstance) (string, error) {
+	if computeClass == nil || computeClass.RuntimeClassName == "" {
+		return "", nil
+	}
+
+	// Verify that the RuntimeClass exists
+	runtimeClassName := &nodev1.RuntimeClass{}
+	if err := req.Client.Get(req.Ctx, router.Key("", computeClass.RuntimeClassName), runtimeClassName); err != nil {
+		return "", err
+	}
+
+	return computeClass.RuntimeClassName, nil
+}
+
 // ResourceRequirements determines the cpu and memory amount to be set for the limits/requests of the Pod
 func ResourceRequirements(req router.Request, app *v1.AppInstance, containerName string, container v1.Container, computeClass *adminv1.ProjectComputeClassInstance) (*corev1.ResourceRequirements, error) {
 	cfg, err := config.Get(req.Ctx, req.Client)

diff --git a/pkg/install/role.yaml b/pkg/install/role.yaml
@@ -30,6 +30,10 @@ rules:
     apiGroups: [""]
     resources:
       - nodes
+  - verbs: ["get", "list", "watch"]
+    apiGroups: ["node.k8s.io"]
+    resources:
+      - runtimeclasses
   - verbs: ["*"]
     apiGroups: ["apiextensions.k8s.io"]
     resources:
@@ -46,7 +50,7 @@ rules:
   - verbs: ["get", "list", "watch"]
     apiGroups: ["networking.k8s.io"]
     resources:
-    - ingressclasses
+      - ingressclasses
   - verbs: ["*"]
     apiGroups: ["batch"]
     resources:
@@ -87,11 +91,11 @@ rules:
     verbs: ["updatepsa"]
   - verbs: ["use"]
     apiGroups:
-    - security.openshift.io
+      - security.openshift.io
     resourceNames:
-    - nonroot-v2
+      - nonroot-v2
     resources:
-    - securitycontextconstraints
+      - securitycontextconstraints
 
 ---
 kind: ClusterRoleBinding
@@ -114,11 +118,11 @@ metadata:
 rules:
   - verbs: ["use"]
     apiGroups:
-    - security.openshift.io
+      - security.openshift.io
     resourceNames:
-    - nonroot-v2
+      - nonroot-v2
     resources:
-    - securitycontextconstraints
+      - securitycontextconstraints
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
@@ -131,4 +135,4 @@ roleRef:
 subjects:
   - kind: ServiceAccount
     namespace: acorn-image-system
-    name: acorn-image-system
+    name: acorn-image-system
diff --git a/pkg/openapi/generated/openapi_generated.go b/pkg/openapi/generated/openapi_generated.go
diff --git a/pkg/scheme/scheme.go b/pkg/scheme/scheme.go
@@ -14,6 +14,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	discoveryv1 "k8s.io/api/discovery/v1"
 	networkingv1 "k8s.io/api/networking/v1"
+	nodev1 "k8s.io/api/node/v1"
 	policyv1 "k8s.io/api/policy/v1"
 	rbacv1 "k8s.io/api/rbac/v1"
 	schedulingv1 "k8s.io/api/scheduling/v1"
@@ -45,6 +46,7 @@ func AddToScheme(scheme *runtime.Scheme) error {
 	errs = append(errs, policyv1.AddToScheme(scheme))
 	errs = append(errs, batchv1.AddToScheme(scheme))
 	errs = append(errs, networkingv1.AddToScheme(scheme))
+	errs = append(errs, nodev1.AddToScheme(scheme))
 	errs = append(errs, storagev1.AddToScheme(scheme))
 	errs = append(errs, apiregistrationv1.AddToScheme(scheme))
 	errs = append(errs, rbacv1.AddToScheme(scheme))