Add the NodeModulesConfig controller (#513)

Reconcile NodeModulesConfig resources by creating and monitoring worker
Pods.
Use the NodeModulesConfig status to maintain the state of modules on
nodes.

Author: qbarrand

api/v1beta1/nodemodulesconfig_types.go

@@ -31,9 +31,10 @@ type ModuleConfig struct {
 }
 
 type NodeModuleSpec struct {
-	Name      string       `json:"name"`
-	Namespace string       `json:"namespace"`
-	Config    ModuleConfig `json:"config"`
+	Name               string       `json:"name"`
+	Namespace          string       `json:"namespace"`
+	Config             ModuleConfig `json:"config"`
+	ServiceAccountName string       `json:"serviceAccountName"`
 }
 
 // NodeModulesConfigSpec describes the desired state of modules on the node

cmd/manager/main.go

@@ -22,8 +22,6 @@ import (
 	"os"
 	"strconv"
 
-	"github.com/kubernetes-sigs/kernel-module-management/internal/build/pod"
-	"github.com/kubernetes-sigs/kernel-module-management/internal/config"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -40,7 +38,9 @@ import (
 	v1beta12 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
 	"github.com/kubernetes-sigs/kernel-module-management/controllers"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/build"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/build/pod"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/cmd"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/config"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/constants"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/daemonset"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/filter"
@@ -86,6 +86,7 @@ func main() {
 	}
 
 	operatorNamespace := cmd.GetEnvOrFatalError(constants.OperatorNamespaceEnvVar, setupLogger)
+	workerImage := cmd.GetEnvOrFatalError("RELATED_IMAGES_WORKER", setupLogger)
 
 	managed, err := GetBoolEnv("KMM_MANAGED")
 	if err != nil {
@@ -163,6 +164,17 @@ func main() {
 		cmd.FatalError(setupLogger, err, "unable to create controller", "name", controllers.ModuleNMCReconcilerName)
 	}
 
+	workerHelper := controllers.NewWorkerHelper(
+		client,
+		controllers.NewPodManager(client, workerImage, scheme),
+	)
+
+	ctx := ctrl.SetupSignalHandler()
+
+	if err = controllers.NewNodeModulesConfigReconciler(client, workerHelper).SetupWithManager(ctx, mgr); err != nil {
+		cmd.FatalError(setupLogger, err, "unable to create controller", "name", controllers.NodeModulesConfigReconcilerName)
+	}
+
 	nodeKernelReconciler := controllers.NewNodeKernelReconciler(client, constants.KernelLabel, filterAPI)
 
 	if err = nodeKernelReconciler.SetupWithManager(mgr); err != nil {
@@ -210,7 +222,7 @@ func main() {
 	}
 
 	setupLogger.Info("starting manager")
-	if err = mgr.Start(ctrl.SetupSignalHandler()); err != nil {
+	if err = mgr.Start(ctx); err != nil {
 		cmd.FatalError(setupLogger, err, "problem running manager")
 	}
 }

config/crd/bases/kmm.sigs.x-k8s.io_nodemodulesconfigs.yaml

@@ -149,10 +149,13 @@ spec:
                       type: string
                     namespace:
                       type: string
+                    serviceAccountName:
+                      type: string
                   required:
                   - config
                   - name
                   - namespace
+                  - serviceAccountName
                   type: object
                 type: array
             type: object

config/manager/kustomization.yaml

@@ -4,10 +4,16 @@ kind: Kustomization
 resources:
 - ../manager-base
 
+patches:
+- path: manager_worker_image_patch.yaml
+
 images:
 - name: controller
   newName: gcr.io/k8s-staging-kmm/kernel-module-management-operator
   newTag: latest
+- name: worker
+  newName: gcr.io/k8s-staging-kmm/kernel-module-management-worker
+  newTag: latest
 
 configMapGenerator:
 - files:

config/manager/manager_worker_image_patch.yaml

@@ -0,0 +1,13 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: controller-manager
+  namespace: system
+spec:
+  template:
+    spec:
+      containers:
+        - name: manager
+          env:
+            - name: RELATED_IMAGES_WORKER
+              value: worker

config/rbac/role.yaml

@@ -98,6 +98,12 @@ rules:
   - list
   - patch
   - watch
+- apiGroups:
+  - kmm.sigs.x-k8s.io
+  resources:
+  - nodemodulesconfigs/status
+  verbs:
+  - patch
 - apiGroups:
   - kmm.sigs.x-k8s.io
   resources:

controllers/mock_nodemodulesconfig_reconciler.go

@@ -231,6 +231,10 @@ func (mnrh *moduleNMCReconcilerHelper) enableModuleOnNode(ctx context.Context, m
 		Modprobe:             mld.Modprobe,
 	}
 
+	if tls := mld.RegistryTLS; tls != nil {
+		moduleConfig.InsecurePull = tls.Insecure || tls.InsecureSkipTLSVerify
+	}
+
 	nmc := &kmmv1beta1.NodeModulesConfig{
 		ObjectMeta: metav1.ObjectMeta{Name: nodeName},
 	}