Updated the MCM controller to work with the new MIC implementation.

The MCM controller doesn't have to create build/sign pods manually
anymore, all it needs to do is to create 1 MIC object in the cluster per
MCM object per managed cluster.

If all images in an MIC are ready, then the controller can proceed with
creating the manifestWork because it guarantees that the targeted managed
cluster can pull all kmod images successfully.

Signed-off-by: Yoni Bettan <yonibettan@gmail.com>

Author: ybettan

cmd/manager-hub/main.go

@@ -21,6 +21,9 @@ import (
 
 	"github.com/kubernetes-sigs/kernel-module-management/internal/config"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/controllers"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/mbsc"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/mic"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/pod"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -35,7 +38,6 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	"github.com/kubernetes-sigs/kernel-module-management/api-hub/v1beta1"
-	buildpod "github.com/kubernetes-sigs/kernel-module-management/internal/build/pod"
 	buildsignpod "github.com/kubernetes-sigs/kernel-module-management/internal/buildsign/pod"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/cluster"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/cmd"
@@ -47,7 +49,6 @@ import (
 	"github.com/kubernetes-sigs/kernel-module-management/internal/module"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/nmc"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/registry"
-	signpod "github.com/kubernetes-sigs/kernel-module-management/internal/sign/pod"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/statusupdater"
 	//+kubebuilder:scaffold:imports
 )
@@ -109,21 +110,11 @@ func main() {
 
 	registryAPI := registry.NewRegistry()
 	buildSignCombiner := module.NewCombiner()
-	buildSignPodAPI := buildsignpod.NewBuildSignPodManager(client, buildSignCombiner, scheme)
 
-	buildAPI := buildpod.NewBuildManager(
-		client,
-		buildpod.NewMaker(client, buildSignCombiner, buildSignPodAPI, scheme),
-		buildSignPodAPI,
-		registryAPI,
-	)
-
-	signAPI := signpod.NewSignPodManager(
-		client,
-		signpod.NewSigner(client, scheme, buildSignPodAPI),
-		buildSignPodAPI,
-		registryAPI,
-	)
+	micAPI := mic.New(client, scheme)
+	mbscAPI := mbsc.New(client, scheme)
+	imagePullerAPI := pod.NewImagePuller(client, scheme)
+	builSignAPI := buildsignpod.NewManager(client, buildSignCombiner, scheme)
 
 	kernelAPI := module.NewKernelMapper(buildSignCombiner)
 
@@ -135,11 +126,20 @@ func main() {
 	mcmr := hub.NewManagedClusterModuleReconciler(
 		client,
 		manifestwork.NewCreator(client, scheme, kernelAPI, registryAPI, operatorNamespace),
-		cluster.NewClusterAPI(client, kernelAPI, buildAPI, signAPI, operatorNamespace),
+		cluster.NewClusterAPI(client, kernelAPI, operatorNamespace),
 		statusupdater.NewManagedClusterModuleStatusUpdater(client),
 		filterAPI,
+		micAPI,
 	)
 
+	if err = controllers.NewMICReconciler(client, micAPI, mbscAPI, imagePullerAPI, scheme).SetupWithManager(mgr); err != nil {
+		cmd.FatalError(setupLogger, err, "unable to create controller", "name", controllers.MICReconcilerName)
+	}
+
+	if err = controllers.NewMBSCReconciler(client, builSignAPI, mbscAPI).SetupWithManager(mgr); err != nil {
+		cmd.FatalError(setupLogger, err, "unable to create controller", "name", controllers.MBSCReconcilerName)
+	}
+
 	if err = mcmr.SetupWithManager(mgr); err != nil {
 		cmd.FatalError(ctrlLogger, err, "unable to create controller")
 	}

config/crd-hub/kustomization.yml

@@ -3,6 +3,8 @@ kind: Kustomization
 
 resources:
   - bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml
+  - bases/kmm.sigs.x-k8s.io_moduleimagesconfigs.yaml
+  - bases/kmm.sigs.x-k8s.io_modulebuildsignconfigs.yaml
 
 patches: []
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.

internal/cluster/cluster.go

@@ -3,71 +3,46 @@ package cluster
 import (
 	"context"
 	"errors"
-	"fmt"
 	"sort"
 	"strings"
 
 	hubv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api-hub/v1beta1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
-	"k8s.io/apimachinery/pkg/types"
 	clusterv1 "open-cluster-management.io/api/cluster/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	kmmv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/api"
-	"github.com/kubernetes-sigs/kernel-module-management/internal/build"
-	"github.com/kubernetes-sigs/kernel-module-management/internal/buildsign/pod"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/constants"
 	"github.com/kubernetes-sigs/kernel-module-management/internal/module"
-	"github.com/kubernetes-sigs/kernel-module-management/internal/sign"
 )
 
 //go:generate mockgen -source=cluster.go -package=cluster -destination=mock_cluster.go
 
 type ClusterAPI interface {
-	RequestedManagedClusterModule(ctx context.Context, namespacedName types.NamespacedName) (*hubv1beta1.ManagedClusterModule, error)
 	SelectedManagedClusters(ctx context.Context, mcm *hubv1beta1.ManagedClusterModule) (*clusterv1.ManagedClusterList, error)
-	BuildAndSign(ctx context.Context, mcm hubv1beta1.ManagedClusterModule, cluster clusterv1.ManagedCluster) (bool, error)
-	GarbageCollectBuildsAndSigns(ctx context.Context, mcm hubv1beta1.ManagedClusterModule) ([]string, error)
 	KernelVersions(cluster clusterv1.ManagedCluster) ([]string, error)
+	GetModuleLoaderDataForKernel(mcm *hubv1beta1.ManagedClusterModule, kernelVersion string) (*api.ModuleLoaderData, error)
 }
 
 type clusterAPI struct {
 	client    client.Client
 	kernelAPI module.KernelMapper
-	buildAPI  build.Manager
-	signAPI   sign.SignManager
 	namespace string
 }
 
 func NewClusterAPI(
 	client client.Client,
 	kernelAPI module.KernelMapper,
-	buildAPI build.Manager,
-	signAPI sign.SignManager,
 	defaultPodNamespace string) ClusterAPI {
 	return &clusterAPI{
 		client:    client,
 		kernelAPI: kernelAPI,
-		buildAPI:  buildAPI,
-		signAPI:   signAPI,
 		namespace: defaultPodNamespace,
 	}
 }
 
-func (c *clusterAPI) RequestedManagedClusterModule(
-	ctx context.Context,
-	namespacedName types.NamespacedName) (*hubv1beta1.ManagedClusterModule, error) {
-
-	mcm := hubv1beta1.ManagedClusterModule{}
-	if err := c.client.Get(ctx, namespacedName, &mcm); err != nil {
-		return nil, fmt.Errorf("failed to get the ManagedClusterModule %s: %w", namespacedName, err)
-	}
-	return &mcm, nil
-}
-
 func (c *clusterAPI) SelectedManagedClusters(
 	ctx context.Context,
 	mcm *hubv1beta1.ManagedClusterModule) (*clusterv1.ManagedClusterList, error) {
@@ -85,76 +60,6 @@ func (c *clusterAPI) SelectedManagedClusters(
 	return clusterList, err
 }
 
-func (c *clusterAPI) BuildAndSign(
-	ctx context.Context,
-	mcm hubv1beta1.ManagedClusterModule,
-	cluster clusterv1.ManagedCluster) (bool, error) {
-
-	modSpec := mcm.Spec.ModuleSpec
-	mod := kmmv1beta1.Module{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      mcm.Name,
-			Namespace: c.namespace,
-		},
-		Spec: modSpec,
-	}
-	mldMappings, err := c.kernelMappingsByKernelVersion(ctx, &mod, cluster)
-	if err != nil {
-		return false, err
-	}
-
-	// if no mappings were found, return not completed
-	if len(mldMappings) == 0 {
-		return false, nil
-	}
-
-	logger := log.FromContext(ctx)
-
-	completedSuccessfully := true
-	for kernelVersion, mld := range mldMappings {
-		buildCompleted, err := c.build(ctx, mld, &mcm)
-		if err != nil {
-			return false, err
-		}
-
-		kernelVersionLogger := logger.WithValues(
-			"kernel version", kernelVersion,
-		)
-
-		if !buildCompleted {
-			kernelVersionLogger.Info("Build for mapping has not completed yet, skipping Sign")
-			completedSuccessfully = false
-			continue
-		}
-
-		signCompleted, err := c.sign(ctx, mld, &mcm)
-		if err != nil {
-			return false, err
-		}
-
-		if !signCompleted {
-			kernelVersionLogger.Info("Sign for mapping has not completed yet")
-			completedSuccessfully = false
-			continue
-		}
-	}
-
-	return completedSuccessfully, nil
-}
-
-func (c *clusterAPI) GarbageCollectBuildsAndSigns(ctx context.Context, mcm hubv1beta1.ManagedClusterModule) ([]string, error) {
-	deletedBuilds, err := c.buildAPI.GarbageCollect(ctx, mcm.Name, c.namespace, &mcm)
-	if err != nil {
-		return nil, fmt.Errorf("failed to garbage collect build object: %v", err)
-	}
-
-	deletedSigns, err := c.signAPI.GarbageCollect(ctx, mcm.Name, c.namespace, &mcm)
-	if err != nil {
-		return nil, fmt.Errorf("failed to garbage collect sign object: %v", err)
-	}
-	return append(deletedBuilds, deletedSigns...), nil
-}
-
 func (c *clusterAPI) KernelVersions(cluster clusterv1.ManagedCluster) ([]string, error) {
 	for _, clusterClaim := range cluster.Status.ClusterClaims {
 		if clusterClaim.Name != constants.KernelVersionsClusterClaimName {
@@ -169,109 +74,15 @@ func (c *clusterAPI) KernelVersions(cluster clusterv1.ManagedCluster) ([]string,
 	return nil, errors.New("KMM kernel version ClusterClaim not found")
 }
 
-func (c *clusterAPI) kernelMappingsByKernelVersion(
-	ctx context.Context,
-	mod *kmmv1beta1.Module,
-	cluster clusterv1.ManagedCluster) (map[string]*api.ModuleLoaderData, error) {
-
-	kernelVersions, err := c.KernelVersions(cluster)
-	if err != nil {
-		return nil, err
-	}
-
-	mldMappings := make(map[string]*api.ModuleLoaderData)
-	logger := log.FromContext(ctx)
-
-	for _, kernelVersion := range kernelVersions {
-		kernelVersion := strings.TrimSuffix(kernelVersion, "+")
-
-		kernelVersionLogger := logger.WithValues(
-			"kernel version", kernelVersion,
-		)
-
-		if mld, ok := mldMappings[kernelVersion]; ok {
-			kernelVersionLogger.V(1).Info("Using cached mld mapping", "mld", mld)
-			continue
-		}
-
-		mld, err := c.kernelAPI.GetModuleLoaderDataForKernel(mod, kernelVersion)
-		if err != nil {
-			kernelVersionLogger.Info("no suitable container image found; skipping kernel version")
-			continue
-		}
-
-		kernelVersionLogger.V(1).Info("Found a valid mapping",
-			"image", mld.ContainerImage,
-			"build", mld.Build != nil,
-		)
-
-		mldMappings[kernelVersion] = mld
-	}
-
-	return mldMappings, nil
-}
-
-func (c *clusterAPI) build(
-	ctx context.Context,
-	mld *api.ModuleLoaderData,
-	mcm *hubv1beta1.ManagedClusterModule) (bool, error) {
-
-	shouldSync, err := c.buildAPI.ShouldSync(ctx, mld)
-	if err != nil {
-		return false, fmt.Errorf("could not check if build synchronization is needed: %v", err)
-	}
-	if !shouldSync {
-		return true, nil
-	}
-
-	logger := log.FromContext(ctx).WithValues(
-		"kernel version", mld.KernelVersion,
-		"image", mld.ContainerImage)
-	buildCtx := log.IntoContext(ctx, logger)
-
-	buildStatus, err := c.buildAPI.Sync(buildCtx, mld, true, mcm)
-	if err != nil {
-		return false, fmt.Errorf("could not synchronize the build: %w", err)
-	}
-
-	if buildStatus == pod.StatusCompleted {
-		return true, nil
-	}
-	return false, nil
-}
-
-func (c *clusterAPI) sign(
-	ctx context.Context,
-	mld *api.ModuleLoaderData,
-	mcm *hubv1beta1.ManagedClusterModule) (bool, error) {
+func (c *clusterAPI) GetModuleLoaderDataForKernel(mcm *hubv1beta1.ManagedClusterModule,
+	kernelVersion string) (*api.ModuleLoaderData, error) {
 
-	shouldSync, err := c.signAPI.ShouldSync(ctx, mld)
-	if err != nil {
-		return false, fmt.Errorf("could not check if signing synchronization is needed: %v", err)
-	}
-	if !shouldSync {
-		return true, nil
-	}
-
-	// if we need to sign AND we've built, then we must have built
-	// the intermediate image so must figure out its name
-	previousImage := ""
-	if module.ShouldBeBuilt(mld) {
-		previousImage = module.IntermediateImageName(mld.Name, mld.Namespace, mld.ContainerImage)
-	}
-
-	logger := log.FromContext(ctx).WithValues(
-		"kernel version", mld.KernelVersion,
-		"image", mld.ContainerImage)
-	signCtx := log.IntoContext(ctx, logger)
-
-	signStatus, err := c.signAPI.Sync(signCtx, mld, previousImage, true, mcm)
-	if err != nil {
-		return false, fmt.Errorf("could not synchronize the signing: %w", err)
-	}
-
-	if signStatus == pod.StatusCompleted {
-		return true, nil
+	mod := &kmmv1beta1.Module{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      mcm.Name,
+			Namespace: mcm.Namespace,
+		},
+		Spec: mcm.Spec.ModuleSpec,
 	}
-	return false, nil
+	return c.kernelAPI.GetModuleLoaderDataForKernel(mod, kernelVersion)
 }