Modify daemon and config to only manage listed resource names

Author: Part-TimeWizard

deployment/ib-kubernetes-configmap.yaml

@@ -11,3 +11,4 @@ data:
   # DEFAULT_LIMITED_PARTITION: "0x0001" # optional
   ENABLE_IP_OVER_IB: "false" # default false
   ENABLE_INDEX0_FOR_PRIMARY_PKEY: "true" # default true
+  MANAGED_RESOURCE_NAMES: "" # required to be non-empty

pkg/config/config.go

@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"strings"
 
 	"github.com/caarlos0/env/v11"
 	"github.com/rs/zerolog/log"
@@ -21,6 +22,9 @@ type DaemonConfig struct {
 	EnableIPOverIB bool `env:"ENABLE_IP_OVER_IB" envDefault:"false"`
 	// Enable index0 for primary pkey GUID additions
 	EnableIndex0ForPrimaryPkey bool `env:"ENABLE_INDEX0_FOR_PRIMARY_PKEY" envDefault:"true"`
+	// Managed resource names
+	ManagedResourcesString string `env:"MANAGED_RESOURCE_NAMES"`
+	ManagedResources       map[string]bool
 }
 
 type GUIDPoolConfig struct {
@@ -55,6 +59,17 @@ func (dc *DaemonConfig) ReadConfig() error {
 		log.Info().Msg("Default limited partition is not set.")
 	}
 
+	// If managed resource names is set - log at startup
+	log.Info().Msgf("ib-kubernetes will manage the following resources: %s.", dc.ManagedResourcesString)
+	// Parse the managed resource names string into a set
+	dc.ManagedResources = make(map[string]bool)
+	for _, resource := range strings.Split(dc.ManagedResourcesString, ",") {
+		if resource == "" {
+			continue
+		}
+		dc.ManagedResources[resource] = true // TODO(Nik) either bool or empty interface{}
+	}
+
 	return err
 }
 
@@ -67,5 +82,14 @@ func (dc *DaemonConfig) ValidateConfig() error {
 	if dc.Plugin == "" {
 		return fmt.Errorf("no plugin selected")
 	}
+
+	if len(dc.ManagedResources) == 0 {
+		return fmt.Errorf("no managed resources names were provided")
+	}
 	return nil
 }
+
+func (dc *DaemonConfig) IsManagedResource(resourceName string) bool {
+	_, ok := dc.ManagedResources[resourceName]
+	return ok
+}

pkg/daemon/daemon.go

@@ -112,9 +112,9 @@ func NewDaemon() (Daemon, error) {
 
 	// Pass configuration from daemon to the plugin
 	pluginConfig := map[string]interface{}{
-		"ENABLE_IP_OVER_IB":                 daemonConfig.EnableIPOverIB,
-		"DEFAULT_LIMITED_PARTITION":         daemonConfig.DefaultLimitedPartition,
-		"ENABLE_INDEX0_FOR_PRIMARY_PKEY":    daemonConfig.EnableIndex0ForPrimaryPkey,
+		"ENABLE_IP_OVER_IB":              daemonConfig.EnableIPOverIB,
+		"DEFAULT_LIMITED_PARTITION":      daemonConfig.DefaultLimitedPartition,
+		"ENABLE_INDEX0_FOR_PRIMARY_PKEY": daemonConfig.EnableIndex0ForPrimaryPkey,
 	}
 	if err := smClient.SetConfig(pluginConfig); err != nil {
 		log.Warn().Msgf("Failed to set configuration on subnet manager plugin: %v", err)
@@ -206,6 +206,14 @@ func (d *daemon) getIbSriovNetwork(networkID string) (string, *utils.IbSriovCniS
 	}
 	log.Debug().Msgf("networkName attachment %v", netAttInfo)
 
+	// Check if this network's resource is managed by this daemon
+	resourceName := netAttInfo.Annotations["k8s.v1.cni.cncf.io/resourceName"]
+	if resourceName == "" || !d.config.IsManagedResource(resourceName) {
+		// TODO(Nik) dev qol, check if someone else manages this resource or if it is orphan
+		// checkResourceOwner(networkNamespace, networkName)
+		return "", nil, fmt.Errorf("network %s uses resource %s which is not managed by this daemon", networkName, resourceName)
+	}
+
 	networkSpec := make(map[string]interface{})
 	err = json.Unmarshal([]byte(netAttInfo.Spec.Config), &networkSpec)
 	if err != nil {
@@ -245,9 +253,10 @@ func getPodNetworkInfo(netName string, pod *kapi.Pod, netMap networksMap) (*podN
 }
 
 // addPodFinalizer adds the GUID cleanup finalizer to a pod
-func (d *daemon) addPodFinalizer(pod *kapi.Pod) error {
+func (d *daemon) addPodFinalizer(pod *kapi.Pod, networkName string) error {
 	return wait.ExponentialBackoff(backoffValues, func() (bool, error) {
-		if err := d.kubeClient.AddFinalizerToPod(pod, PodGUIDFinalizer); err != nil {
+		podFinalizer := fmt.Sprintf("%s-%s", PodGUIDFinalizer, networkName)
+		if err := d.kubeClient.AddFinalizerToPod(pod, podFinalizer); err != nil {
 			log.Warn().Msgf("failed to add finalizer to pod %s/%s: %v",
 				pod.Namespace, pod.Name, err)
 			return false, nil
@@ -257,9 +266,10 @@ func (d *daemon) addPodFinalizer(pod *kapi.Pod) error {
 }
 
 // removePodFinalizer removes the GUID cleanup finalizer from a pod
-func (d *daemon) removePodFinalizer(pod *kapi.Pod) error {
+func (d *daemon) removePodFinalizer(pod *kapi.Pod, networkName string) error {
 	return wait.ExponentialBackoff(backoffValues, func() (bool, error) {
-		if err := d.kubeClient.RemoveFinalizerFromPod(pod, PodGUIDFinalizer); err != nil {
+		podFinalizer := fmt.Sprintf("%s-%s", PodGUIDFinalizer, networkName)
+		if err := d.kubeClient.RemoveFinalizerFromPod(pod, podFinalizer); err != nil {
 			log.Warn().Msgf("failed to remove finalizer from pod %s/%s: %v",
 				pod.Namespace, pod.Name, err)
 			return false, nil
@@ -557,7 +567,7 @@ func (d *daemon) AddPeriodicUpdate() {
 			}
 
 			// Add finalizer to pod since it now has a GUID that needs cleanup
-			if err = d.addPodFinalizer(pi.pod); err != nil {
+			if err = d.addPodFinalizer(pi.pod, networkName); err != nil {
 				log.Error().Msgf("failed to add finalizer to pod %s/%s: %v", pi.pod.Namespace, pi.pod.Name, err)
 				continue
 			} else {
@@ -728,7 +738,7 @@ func (d *daemon) DeletePeriodicUpdate() {
 
 			// Remove finalizer from pod after successfully cleaning up GUID
 			if pod, exists := podGUIDMap[guidAddr.String()]; exists {
-				if err = d.removePodFinalizer(pod); err != nil {
+				if err = d.removePodFinalizer(pod, networkName); err != nil {
 					log.Error().Msgf("failed to remove finalizer from pod %s/%s: %v", pod.Namespace, pod.Name, err)
 				} else {
 					log.Info().Msgf("removed finalizer %s from pod %s/%s",