feat(api): add resourcepools and claims (#1333)

* feat: functional appsets

* feat(api): add resourcepools api

Signed-off-by: Oliver Bähler <[email protected]>

* chore: fix gomod

Signed-off-by: Oliver Bähler <[email protected]>

* chore: correct webhooks

Signed-off-by: Oliver Bähler <[email protected]>

* chore: fix harpoon image

Signed-off-by: Oliver Bähler <[email protected]>

* chore: improve e2e

Signed-off-by: Oliver Bähler <[email protected]>

* chore: add labels to e2e test

Signed-off-by: Oliver Bähler <[email protected]>

* chore: fix status handling

Signed-off-by: Oliver Bähler <[email protected]>

* chore: fix racing conditions

Signed-off-by: Oliver Bähler <[email protected]>

* chore: make values compatible

Signed-off-by: Oliver Bähler <[email protected]>

* chore: fix custom resources test

Signed-off-by: Oliver Bähler <[email protected]>

* chore: correct metrics

Signed-off-by: Oliver Bähler <[email protected]>

---------

Signed-off-by: Oliver Bähler <[email protected]>

Author: oliverbaehler

.gitignore

@@ -7,6 +7,7 @@
 *.dylib
 bin
 dist/
+config/
 
 # Test binary, build with `go test -c`
 *.test

.golangci.yaml

@@ -56,6 +56,10 @@ linters:
       - third_party$
       - builtin$
       - examples$
+    rules:
+    - path: pkg/meta/
+      linters:
+      - dupl
 formatters:
   enable:
     - gci

.ko.yaml

@@ -4,6 +4,6 @@ defaultPlatforms:
 - linux/arm
 builds:
 - id: capsule
-  main: ./
+  main: ./cmd/
   ldflags:
   - '{{ if index .Env "LD_FLAGS" }}{{ .Env.LD_FLAGS }}{{ end }}'

.pre-commit-config.yaml

@@ -39,3 +39,8 @@ repos:
     entry: make golint
     language: system
     files: \.go$
+  - id: go-test
+    name: Execute go test
+    entry: make test
+    language: system
+    files: \.go$

Dockerfile.tracing

@@ -5,7 +5,7 @@ FROM ${TARGET_IMAGE} AS target
 # Inject Harpoon Image
 FROM ghcr.io/alegrey91/harpoon:latest
 WORKDIR /
-COPY --from=target /ko-app/capsule ./manager
+COPY --from=target /ko-app/cmd ./manager
 RUN chmod +x ./harpoon
 ENTRYPOINT ["/harpoon", \
 		"capture", \

Makefile

@@ -178,7 +178,7 @@ LD_FLAGS        := "-X main.Version=$(VERSION) \
 ko-build-capsule: ko
 	@echo Building Capsule $(KO_TAGS) for $(KO_PLATFORM) >&2
 	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(CAPSULE_IMG) \
-		$(KO) build ./ --bare --tags=$(KO_TAGS) --push=false --local --platform=$(KO_PLATFORM)
+		$(KO) build ./cmd/ --bare --tags=$(KO_TAGS) --push=false --local --platform=$(KO_PLATFORM)
 
 .PHONY: ko-build-all
 ko-build-all: ko-build-capsule
@@ -204,7 +204,7 @@ ko-login: ko
 .PHONY: ko-publish-capsule
 ko-publish-capsule: ko-login ## Build and publish kyvernopre image (with ko)
 	@LD_FLAGS=$(LD_FLAGS) KOCACHE=$(KOCACHE) KO_DOCKER_REPO=$(CAPSULE_IMG) \
-		$(KO) build ./ --bare --tags=$(KO_TAGS)
+		$(KO) build ./cmd/ --bare --tags=$(KO_TAGS)
 
 .PHONY: ko-publish-all
 ko-publish-all: ko-publish-capsule

PROJECT

@@ -1,6 +1,10 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: clastix.io
 layout:
-- go.kubebuilder.io/v3
+- go.kubebuilder.io/v4
 plugins:
   manifests.sdk.operatorframework.io/v2: {}
   scorecard.sdk.operatorframework.io/v2: {}
@@ -44,4 +48,20 @@ resources:
   kind: GlobalTenantResource
   path: github.com/projectcapsule/capsule/api/v1beta2
   version: v1beta2
+- api:
+    crdVersion: v1
+  domain: clastix.io
+  group: capsule
+  kind: ResourcePool
+  path: github.com/projectcapsule/capsule/api/v1beta2
+  version: v1beta2
+- api:
+    crdVersion: v1
+    namespaced: true
+  controller: true
+  domain: clastix.io
+  group: capsule
+  kind: ResourcePoolClaim
+  path: github.com/projectcapsule/capsule/api/v1beta2
+  version: v1beta2
 version: "3"

api/v1beta2/resourcepool_func.go

@@ -0,0 +1,276 @@
+// Copyright 2020-2023 Project Capsule Authors.
+// SPDX-License-Identifier: Apache-2.0
+
+package v1beta2
+
+import (
+	"errors"
+	"sort"
+
+	corev1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+
+	"github.com/projectcapsule/capsule/pkg/api"
+)
+
+func (r *ResourcePool) AssignNamespaces(namespaces []corev1.Namespace) {
+	var l []string
+
+	for _, ns := range namespaces {
+		if ns.Status.Phase == corev1.NamespaceActive && ns.DeletionTimestamp == nil {
+			l = append(l, ns.GetName())
+		}
+	}
+
+	sort.Strings(l)
+
+	r.Status.NamespaceSize = uint(len(l))
+	r.Status.Namespaces = l
+}
+
+func (r *ResourcePool) AssignClaims() {
+	var size uint
+
+	for _, claims := range r.Status.Claims {
+		for range claims {
+			size++
+		}
+	}
+
+	r.Status.ClaimSize = size
+}
+
+func (r *ResourcePool) GetClaimFromStatus(cl *ResourcePoolClaim) *ResourcePoolClaimsItem {
+	ns := cl.Namespace
+
+	claims := r.Status.Claims[ns]
+	if claims == nil {
+		return nil
+	}
+
+	for _, claim := range claims {
+		if claim.UID == cl.UID {
+			return claim
+		}
+	}
+
+	return nil
+}
+
+func (r *ResourcePool) AddClaimToStatus(claim *ResourcePoolClaim) {
+	ns := claim.Namespace
+
+	if r.Status.Claims == nil {
+		r.Status.Claims = ResourcePoolNamespaceClaimsStatus{}
+	}
+
+	if r.Status.Allocation.Claimed == nil {
+		r.Status.Allocation.Claimed = corev1.ResourceList{}
+	}
+
+	claims := r.Status.Claims[ns]
+	if claims == nil {
+		claims = ResourcePoolClaimsList{}
+	}
+
+	scl := &ResourcePoolClaimsItem{
+		StatusNameUID: api.StatusNameUID{
+			UID:  claim.UID,
+			Name: api.Name(claim.Name),
+		},
+		Claims: claim.Spec.ResourceClaims,
+	}
+
+	// Try to update existing entry if UID matches
+	exists := false
+
+	for i, cl := range claims {
+		if cl.UID == claim.UID {
+			claims[i] = scl
+
+			exists = true
+
+			break
+		}
+	}
+
+	if !exists {
+		claims = append(claims, scl)
+	}
+
+	r.Status.Claims[ns] = claims
+
+	r.CalculateClaimedResources()
+}
+
+func (r *ResourcePool) RemoveClaimFromStatus(claim *ResourcePoolClaim) {
+	newClaims := ResourcePoolClaimsList{}
+
+	claims, ok := r.Status.Claims[claim.Namespace]
+	if !ok {
+		return
+	}
+
+	for _, cl := range claims {
+		if cl.UID != claim.UID {
+			newClaims = append(newClaims, cl)
+		}
+	}
+
+	r.Status.Claims[claim.Namespace] = newClaims
+
+	if len(newClaims) == 0 {
+		delete(r.Status.Claims, claim.Namespace)
+	}
+}
+
+func (r *ResourcePool) CalculateClaimedResources() {
+	usage := corev1.ResourceList{}
+
+	for res := range r.Status.Allocation.Hard {
+		usage[res] = resource.MustParse("0")
+	}
+
+	for _, claims := range r.Status.Claims {
+		for _, claim := range claims {
+			for resourceName, qt := range claim.Claims {
+				amount, exists := usage[resourceName]
+				if !exists {
+					amount = resource.MustParse("0")
+				}
+
+				amount.Add(qt)
+				usage[resourceName] = amount
+			}
+		}
+	}
+
+	r.Status.Allocation.Claimed = usage
+
+	r.CalculateAvailableResources()
+}
+
+func (r *ResourcePool) CalculateAvailableResources() {
+	available := corev1.ResourceList{}
+
+	for res, qt := range r.Status.Allocation.Hard {
+		amount, exists := r.Status.Allocation.Claimed[res]
+		if exists {
+			qt.Sub(amount)
+		}
+
+		available[res] = qt
+	}
+
+	r.Status.Allocation.Available = available
+}
+
+func (r *ResourcePool) CanClaimFromPool(claim corev1.ResourceList) []error {
+	claimable := r.GetAvailableClaimableResources()
+	errs := []error{}
+
+	for resourceName, req := range claim {
+		available, exists := claimable[resourceName]
+		if !exists || available.IsZero() || available.Cmp(req) < 0 {
+			errs = append(errs, errors.New("not enough resources"+string(resourceName)+"available"))
+		}
+	}
+
+	return errs
+}
+
+func (r *ResourcePool) GetAvailableClaimableResources() corev1.ResourceList {
+	hard := r.Status.Allocation.Hard.DeepCopy()
+
+	for resourceName, qt := range hard {
+		claimed, exists := r.Status.Allocation.Claimed[resourceName]
+		if !exists {
+			claimed = resource.MustParse("0")
+		}
+
+		qt.Sub(claimed)
+
+		hard[resourceName] = qt
+	}
+
+	return hard
+}
+
+// Gets the Hard specification for the resourcequotas
+// This takes into account the default resources being used. However they don't count towards the claim usage
+// This can be changed in the future, the default is not calculated as usage because this might interrupt the namespace management
+// As we would need to verify if a new namespace with it's defaults still has place in the Pool. Same with attempting to join existing namespaces.
+func (r *ResourcePool) GetResourceQuotaHardResources(namespace string) corev1.ResourceList {
+	_, claimed := r.GetNamespaceClaims(namespace)
+
+	for resourceName, amount := range claimed {
+		if amount.IsZero() {
+			delete(claimed, resourceName)
+		}
+	}
+
+	// Only Consider Default, when enabled
+	for resourceName, amount := range r.Spec.Defaults {
+		usedValue := claimed[resourceName]
+		usedValue.Add(amount)
+
+		claimed[resourceName] = usedValue
+	}
+
+	return claimed
+}
+
+// Gets the total amount of claimed resources for a namespace.
+func (r *ResourcePool) GetNamespaceClaims(namespace string) (claims map[string]*ResourcePoolClaimsItem, claimedResources corev1.ResourceList) {
+	claimedResources = corev1.ResourceList{}
+	claims = map[string]*ResourcePoolClaimsItem{}
+
+	// First, check if quota exists in the status
+	for ns, cl := range r.Status.Claims {
+		if ns != namespace {
+			continue
+		}
+
+		for _, claim := range cl {
+			for resourceName, claimed := range claim.Claims {
+				usedValue, usedExists := claimedResources[resourceName]
+				if !usedExists {
+					usedValue = resource.MustParse("0") // Default to zero if no used value is found
+				}
+
+				// Combine with claim
+				usedValue.Add(claimed)
+				claimedResources[resourceName] = usedValue
+			}
+
+			claims[string(claim.UID)] = claim
+		}
+	}
+
+	return
+}
+
+// Calculate usage for each namespace.
+func (r *ResourcePool) GetClaimedByNamespaceClaims() (claims map[string]corev1.ResourceList) {
+	claims = map[string]corev1.ResourceList{}
+
+	// First, check if quota exists in the status
+	for ns, cl := range r.Status.Claims {
+		claims[ns] = corev1.ResourceList{}
+		nsScope := claims[ns]
+
+		for _, claim := range cl {
+			for resourceName, claimed := range claim.Claims {
+				usedValue, usedExists := nsScope[resourceName]
+				if !usedExists {
+					usedValue = resource.MustParse("0")
+				}
+
+				usedValue.Add(claimed)
+				nsScope[resourceName] = usedValue
+			}
+		}
+	}
+
+	return
+}