[WIP] Add support for dedicated chaincode nodes

jt-nti · jt-nti · commit 1f3cd4430076 · 2024-12-17T14:51:20.000Z
See #228 Signed-off-by: James Taylor <jamest@uk.ibm.com>
diff --git a/cmd/run/main.go b/cmd/run/main.go
@@ -9,7 +9,8 @@ import (
 	"github.com/hyperledger-labs/fabric-builder-k8s/internal/builder"
 	"github.com/hyperledger-labs/fabric-builder-k8s/internal/log"
 	"github.com/hyperledger-labs/fabric-builder-k8s/internal/util"
-	"k8s.io/apimachinery/pkg/api/validation"
+	apivalidation "k8s.io/apimachinery/pkg/api/validation"
+	"k8s.io/apimachinery/pkg/util/validation"
 )
 
 const (
@@ -19,22 +20,7 @@ const (
 	maximumKubeNamePrefixLength = 30
 )
 
-func main() {
-	debug := util.GetOptionalEnv(util.DebugVariable, "false")
-	ctx := log.NewCmdContext(context.Background(), debug == "true")
-	logger := log.New(ctx)
-
-	if len(os.Args) != expectedArgsLength {
-		logger.Println("Expected BUILD_OUTPUT_DIR and RUN_METADATA_DIR arguments")
-		os.Exit(1)
-	}
-
-	buildOutputDirectory := os.Args[buildOutputDirectoryArg]
-	runMetadataDirectory := os.Args[runMetadataDirectoryArg]
-
-	logger.Debugf("Build output directory: %s", buildOutputDirectory)
-	logger.Debugf("Run metadata directory: %s", runMetadataDirectory)
-
+func getPeerID(logger *log.CmdLogger) string {
 	peerID, err := util.GetRequiredEnv(util.PeerIDVariable)
 	if err != nil {
 		logger.Printf("Expected %s environment variable\n", util.PeerIDVariable)
@@ -43,41 +29,102 @@ func main() {
 
 	logger.Debugf("%s=%s", util.PeerIDVariable, peerID)
 
+	return peerID
+}
+
+func getKubeconfigPath(logger *log.CmdLogger) string {
 	kubeconfigPath := util.GetOptionalEnv(util.KubeconfigPathVariable, "")
 	logger.Debugf("%s=%s", util.KubeconfigPathVariable, kubeconfigPath)
 
+	return kubeconfigPath
+}
+
+func getKubeNamespace(logger *log.CmdLogger) string {
 	kubeNamespace := util.GetOptionalEnv(util.ChaincodeNamespaceVariable, "")
 	logger.Debugf("%s=%s", util.ChaincodeNamespaceVariable, kubeNamespace)
 
 	if kubeNamespace == "" {
+		var err error
+
 		kubeNamespace, err = util.GetKubeNamespace()
 		if err != nil {
+			logger.Debugf("Error getting namespace: %+v\n", util.DefaultNamespace, err)
 			kubeNamespace = util.DefaultNamespace
 		}
+
+		logger.Debugf("Using default namespace: %s\n", util.DefaultNamespace)
 	}
 
+	return kubeNamespace
+}
+
+func getKubeNodeRole(logger *log.CmdLogger) string {
+	kubeNodeRole := util.GetOptionalEnv(util.ChaincodeNodeRoleVariable, "")
+	logger.Debugf("%s=%s", util.ChaincodeNodeRoleVariable, kubeNodeRole)
+
+	// TODO: are valid taint values the same?!
+	if msgs := validation.IsValidLabelValue(kubeNodeRole); len(msgs) > 0 {
+		logger.Printf("The %s environment variable must be a valid Kubernetes label value: %s", util.ChaincodeNodeRoleVariable, msgs[0])
+		os.Exit(1)
+	}
+
+	return kubeNodeRole
+}
+
+func getKubeServiceAccount(logger *log.CmdLogger) string {
 	kubeServiceAccount := util.GetOptionalEnv(util.ChaincodeServiceAccountVariable, util.DefaultServiceAccountName)
 	logger.Debugf("%s=%s", util.ChaincodeServiceAccountVariable, kubeServiceAccount)
 
+	return kubeServiceAccount
+}
+
+func getKubeNamePrefix(logger *log.CmdLogger) string {
 	kubeNamePrefix := util.GetOptionalEnv(util.ObjectNamePrefixVariable, util.DefaultObjectNamePrefix)
 	logger.Debugf("%s=%s", util.ObjectNamePrefixVariable, kubeNamePrefix)
 
 	if len(kubeNamePrefix) > maximumKubeNamePrefixLength {
-		logger.Printf("The FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX environment variable must be a maximum of 30 characters")
+		logger.Printf("The %s environment variable must be a maximum of 30 characters", util.ObjectNamePrefixVariable)
 		os.Exit(1)
 	}
 
-	if msgs := validation.NameIsDNS1035Label(kubeNamePrefix, true); len(msgs) > 0 {
-		logger.Printf("The FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX environment variable must be a valid DNS-1035 label: %s", msgs[0])
+	if msgs := apivalidation.NameIsDNS1035Label(kubeNamePrefix, true); len(msgs) > 0 {
+		logger.Printf("The %s environment variable must be a valid DNS-1035 label: %s", util.ObjectNamePrefixVariable, msgs[0])
 		os.Exit(1)
 	}
 
+	return kubeNamePrefix
+}
+
+func main() {
+	debug := util.GetOptionalEnv(util.DebugVariable, "false")
+	ctx := log.NewCmdContext(context.Background(), debug == "true")
+	logger := log.New(ctx)
+
+	if len(os.Args) != expectedArgsLength {
+		logger.Println("Expected BUILD_OUTPUT_DIR and RUN_METADATA_DIR arguments")
+		os.Exit(1)
+	}
+
+	buildOutputDirectory := os.Args[buildOutputDirectoryArg]
+	runMetadataDirectory := os.Args[runMetadataDirectoryArg]
+
+	logger.Debugf("Build output directory: %s", buildOutputDirectory)
+	logger.Debugf("Run metadata directory: %s", runMetadataDirectory)
+
+	peerID := getPeerID(logger)
+	kubeconfigPath := getKubeconfigPath(logger)
+	kubeNamespace := getKubeNamespace(logger)
+	kubeNodeRole := getKubeNodeRole(logger)
+	kubeServiceAccount := getKubeServiceAccount(logger)
+	kubeNamePrefix := getKubeNamePrefix(logger)
+
 	run := &builder.Run{
 		BuildOutputDirectory: buildOutputDirectory,
 		RunMetadataDirectory: runMetadataDirectory,
 		PeerID:               peerID,
 		KubeconfigPath:       kubeconfigPath,
 		KubeNamespace:        kubeNamespace,
+		KubeNodeRole:         kubeNodeRole,
 		KubeServiceAccount:   kubeServiceAccount,
 		KubeNamePrefix:       kubeNamePrefix,
 	}
diff --git a/cmd/run/main_test.go b/cmd/run/main_test.go
@@ -45,6 +45,28 @@ var _ = Describe("Main", func() {
 		),
 	)
 
+	DescribeTable("Running the run command produces the correct error for invalid FABRIC_K8S_BUILDER_NODE_ROLE environment variable values",
+		func(kubeNodeRoleValue, expectedErrorMessage string) {
+			args := []string{"BUILD_OUTPUT_DIR", "RUN_METADATA_DIR"}
+			command := exec.Command(runCmdPath, args...)
+			command.Env = append(os.Environ(),
+				"CORE_PEER_ID=core-peer-id-abcdefghijklmnopqrstuvwxyz-0123456789",
+				"FABRIC_K8S_BUILDER_NODE_ROLE="+kubeNodeRoleValue,
+			)
+			session, err := gexec.Start(command, GinkgoWriter, GinkgoWriter)
+			Expect(err).NotTo(HaveOccurred())
+
+			Eventually(session).Should(gexec.Exit(1))
+			Eventually(
+				session.Err,
+			).Should(gbytes.Say(expectedErrorMessage))
+		},
+		Entry("When the FABRIC_K8S_BUILDER_NODE_ROLE is too long", "long-node-role-is-looooooooooooooooooooooooooooooooooooooooooong", `run \[\d+\]: The FABRIC_K8S_BUILDER_NODE_ROLE environment variable must be a valid Kubernetes label value: must be no more than 63 characters`),
+		Entry("When the FABRIC_K8S_BUILDER_NODE_ROLE contains invalid characters", "invalid*value", `run \[\d+\]: The FABRIC_K8S_BUILDER_NODE_ROLE environment variable must be a valid Kubernetes label value: a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '\.', and must start and end with an alphanumeric character`),
+		Entry("When the FABRIC_K8S_BUILDER_NODE_ROLE does not start with an alphanumeric character", ".role", `run \[\d+\]: The FABRIC_K8S_BUILDER_NODE_ROLE environment variable must be a valid Kubernetes label value: a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '\.', and must start and end with an alphanumeric character`),
+		Entry("When the FABRIC_K8S_BUILDER_NODE_ROLE does not end with an alphanumeric character", "role-", `run \[\d+\]: The FABRIC_K8S_BUILDER_NODE_ROLE environment variable must be a valid Kubernetes label value: a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '\.', and must start and end with an alphanumeric character`),
+	)
+
 	DescribeTable("Running the run command produces the correct error for invalid FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX environment variable values",
 		func(kubeNamePrefixValue, expectedErrorMessage string) {
 			args := []string{"BUILD_OUTPUT_DIR", "RUN_METADATA_DIR"}
diff --git a/docs/configuring/dedicated-nodes.md b/docs/configuring/dedicated-nodes.md
@@ -0,0 +1,15 @@
+# Dedicated nodes
+
+TBC
+
+The `FABRIC_K8S_BUILDER_NODE_ROLE` environment variable can be used to...
+
+For example, if `FABRIC_K8S_BUILDER_NODE_ROLE` is set to `chaincode`, ... using the following command.
+
+```shell
+kubectl label nodes node1 fabric-builder-k8s-role=chaincode
+kubectl taint nodes node1 fabric-builder-k8s-role=chaincode:NoSchedule
+```
+
+More complex requirements should be handled with Dynamic Admission Control using a Mutating Webhook.
+For example, it looks like the namespace-node-affinity webhook could be used to assign node affinity and tolerations to all pods in the FABRIC_K8S_BUILDER_NAMESPACE namespace.
diff --git a/docs/configuring/overview.md b/docs/configuring/overview.md
@@ -14,6 +14,7 @@ External builders are configured in the `core.yaml` file, for example:
         - CORE_PEER_ID
         - FABRIC_K8S_BUILDER_DEBUG
         - FABRIC_K8S_BUILDER_NAMESPACE
+        - FABRIC_K8S_BUILDER_NODE_ROLE
         - FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX
         - FABRIC_K8S_BUILDER_SERVICE_ACCOUNT
         - KUBERNETES_SERVICE_HOST
@@ -30,6 +31,7 @@ The k8s builder is configured using the following environment variables.
 | ------------------------------------- | -------------------------------- | ---------------------------------------------------- |
 | CORE_PEER_ID                          |                                  | The Fabric peer ID (required)                        |
 | FABRIC_K8S_BUILDER_NAMESPACE          | The peer namespace or `default`  | The Kubernetes namespace to run chaincode with       |
+| FABRIC_K8S_BUILDER_NODE_ROLE          |                                  | TBC                                                  |
 | FABRIC_K8S_BUILDER_OBJECT_NAME_PREFIX | `hlfcc`                          | Eye-catcher prefix for Kubernetes object names       |
 | FABRIC_K8S_BUILDER_SERVICE_ACCOUNT    | `default`                        | The Kubernetes service account to run chaincode with |
 | FABRIC_K8S_BUILDER_DEBUG              | `false`                          | Set to `true` to enable k8s builder debug messages   |
diff --git a/internal/builder/run.go b/internal/builder/run.go
@@ -16,6 +16,7 @@ type Run struct {
 	PeerID               string
 	KubeconfigPath       string
 	KubeNamespace        string
+	KubeNodeRole         string
 	KubeServiceAccount   string
 	KubeNamePrefix       string
 }
@@ -73,6 +74,7 @@ func (r *Run) Run(ctx context.Context) error {
 		kubeObjectName,
 		r.KubeNamespace,
 		r.KubeServiceAccount,
+		r.KubeNodeRole,
 		r.PeerID,
 		chaincodeData,
 		imageData,
diff --git a/internal/util/env.go b/internal/util/env.go
@@ -10,6 +10,7 @@ import (
 const (
 	builderVariablePrefix           = "FABRIC_K8S_BUILDER_"
 	ChaincodeNamespaceVariable      = builderVariablePrefix + "NAMESPACE"
+	ChaincodeNodeRoleVariable       = builderVariablePrefix + "NODE_ROLE"
 	ObjectNamePrefixVariable        = builderVariablePrefix + "OBJECT_NAME_PREFIX"
 	ChaincodeServiceAccountVariable = builderVariablePrefix + "SERVICE_ACCOUNT"
 	DebugVariable                   = builderVariablePrefix + "DEBUG"
diff --git a/internal/util/k8s.go b/internal/util/k8s.go
@@ -365,7 +365,7 @@ func CreateChaincodeJob(
 	ctx context.Context,
 	logger *log.CmdLogger,
 	jobsClient typedBatchv1.JobInterface,
-	objectName, namespace, serviceAccount, peerID string,
+	objectName, namespace, serviceAccount, nodeRole, peerID string,
 	chaincodeData *ChaincodeJSON,
 	imageData *ImageJSON,
 ) (*batchv1.Job, error) {
@@ -381,6 +381,41 @@ func CreateChaincodeJob(
 		return nil, fmt.Errorf("error getting chaincode job definition for chaincode ID %s: %w", chaincodeData.ChaincodeID, err)
 	}
 
+	if nodeRole != "" {
+		logger.Debugf(
+			"Adding node affinity and toleration to job definition for chaincode ID %s: %s",
+			chaincodeData.ChaincodeID,
+			nodeRole,
+		)
+
+		jobDefinition.Spec.Template.Spec.Affinity = &apiv1.Affinity{
+			NodeAffinity: &apiv1.NodeAffinity{
+				RequiredDuringSchedulingIgnoredDuringExecution: &apiv1.NodeSelector{
+					NodeSelectorTerms: []apiv1.NodeSelectorTerm{
+						{
+							MatchExpressions: []apiv1.NodeSelectorRequirement{
+								{
+									Key:      "fabric-builder-k8s-role",
+									Operator: apiv1.NodeSelectorOpIn,
+									Values:   []string{nodeRole},
+								},
+							},
+						},
+					},
+				},
+			},
+		}
+
+		jobDefinition.Spec.Template.Spec.Tolerations = []apiv1.Toleration{
+			{
+				Key:      "fabric-builder-k8s-role",
+				Operator: apiv1.TolerationOpEqual,
+				Value:    nodeRole,
+				Effect:   apiv1.TaintEffectNoSchedule,
+			},
+		}
+	}
+
 	jobName := jobDefinition.ObjectMeta.Name
 
 	logger.Debugf(
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -106,6 +106,7 @@ nav:
     - Kubernetes permissions: configuring/kubernetes-permissions.md
     - Kubernetes namespace: configuring/kubernetes-namespace.md
     - Kubernetes service account: configuring/kubernetes-service-account.md
+    - Dedicated nodes: configuring/dedicated-nodes.md
   - Tutorials:
     - Developing and debuging chaincode: tutorials/develop-chaincode.md
     - Creating a chaincode package: tutorials/package-chaincode.md
