Add more fields to BackendConfig:

- Labels
- NodeSelector
- Affinity
- Tolerations
- Annotations
- SecurityContext
- TerminationGracePeriodSeconds
- ImagePullSecrets
- ServiceAccountName

Author: jiangpengcheng

.ci/clusters/global_backend_config.yaml

@@ -11,3 +11,21 @@ spec:
     liveness:
       initialDelaySeconds: 10
       periodSeconds: 30
+    labels:
+      from: global-backendconfig
+    tolerations:
+      - key: disktype
+        operator: Exists
+        effect: NoExecute
+        tolerationSeconds: 600
+    affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - weight: 100
+              preference:
+                matchExpressions:
+                  - key: disktype
+                    operator: In
+                    values:
+                      - hdd

.ci/clusters/global_backend_config_without_env.yaml

@@ -8,3 +8,21 @@ spec:
     liveness:
       initialDelaySeconds: 10
       periodSeconds: 30
+    labels:
+      from: global-backendconfig
+    tolerations:
+      - key: disktype
+        operator: Exists
+        effect: NoExecute
+        tolerationSeconds: 600
+    affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - weight: 100
+              preference:
+                matchExpressions:
+                  - key: disktype
+                    operator: In
+                    values:
+                      - hdd

.ci/helm.sh

@@ -645,4 +645,41 @@ function ci::verify_liveness_probe() {
     return 1
   fi
   echo "succeeded"
-}
+}
+
+function ci::verify_label() {
+  pod=$1
+  label=$2
+  expected=$3
+  result=$(kubectl get pod $pod -o jsonpath="{.metadata.labels['$label']}")
+  echo "value of $lable is $result"
+  if [[ "$result" != "$expected" ]]; then
+    echo "failed"
+    return 1
+  fi
+  echo "succeeded"
+}
+
+function ci::verify_tolerations() {
+  pod=$1
+  expected=$2
+  result=$(kubectl get pod $pod -o jsonpath='{.spec.tolerations}')
+  echo "tolerations is $result"
+  if [[ "$result" != "$expected" ]]; then
+    echo "failed"
+    return 1
+  fi
+  echo "succeeded"
+}
+
+function ci::verify_affinity() {
+  pod=$1
+  expected=$2
+  result=$(kubectl get pod $pod -o jsonpath='{.spec.affinity}')
+  echo "affinity is $result"
+  if [[ "$result" != "$expected" ]]; then
+    echo "failed"
+    return 1
+  fi
+  echo "succeeded"
+}

.ci/tests/integration/cases/global-and-namespaced-config/mesh-config-kube-system.yaml

@@ -12,3 +12,21 @@ spec:
     liveness:
       initialDelaySeconds: 50
       periodSeconds: 60
+    labels:
+      from: other-namespace-backendconfig
+    tolerations:
+      - key: disktype
+        operator: Exists
+        effect: NoExecute
+        tolerationSeconds: 300
+    affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          nodeSelectorTerms:
+            - weight: 100
+              preference:
+                matchExpressions:
+                  - key: disktype
+                    operator: In
+                    values:
+                      - other-ssd

.ci/tests/integration/cases/global-and-namespaced-config/mesh-config.yaml

@@ -13,3 +13,20 @@ spec:
     liveness:
       initialDelaySeconds: 30
       periodSeconds: 10
+    labels:
+      from: namespace-backendconfig
+    tolerations:
+      - key: disktype
+        operator: Exists
+        effect: NoExecute
+        tolerationSeconds: 300
+    affinity:
+      nodeAffinity:
+        preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            preference:
+              matchExpressions:
+                - key: disktype
+                  operator: In
+                  values:
+                    - ssd

.ci/tests/integration/cases/global-and-namespaced-config/verify.sh

@@ -82,6 +82,33 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
+# verify label
+verify_label_result=$(ci::verify_label "function-sample-env-function-0" from namespace-backendconfig 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_label_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify tolerations
+verify_tolerations_result=$(ci::verify_tolerations function-sample-env-function-0 '[{"effect":"NoExecute","key":"disktype","operator":"Exists","tolerationSeconds":600},{"effect":"NoExecute","key":"disktype","operator":"Exists","tolerationSeconds":300}]' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_tolerations_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify affinity
+verify_affinity_result=$(ci::verify_tolerations function-sample-env-function-0 '{"nodeAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"weight":100,"preference":{"matchExpressions":[{"key":"disktype","operator":"In","values":["ssd"]}]}}]}}' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_affinity_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
 # verify liveness config
 verify_liveness_result=$(ci::verify_liveness_probe function-sample-env-function-0 '{"failureThreshold":3,"httpGet":{"path":"/","port":9094,"scheme":"HTTP"},"initialDelaySeconds":30,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":10}' 2>&1)
 if [ $? -ne 0 ]; then
@@ -115,6 +142,19 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
+# the labels should also be updated
+kubectl patch BackendConfig backend-config --type='json' -p='[{"op": "replace", "path": "/spec/pod/labels/from", "value": "new_label"}]' > /dev/null 2>&1
+sleep 30
+
+# verify label
+verify_label_result=$(ci::verify_label "function-sample-env-function-0" from "new_label" 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_label_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
 # delete the namespaced config, the function should be reconciled without namespaced env injected
 kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
 sleep 30
@@ -147,6 +187,33 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
+# verify label
+verify_label_result=$(ci::verify_label "function-sample-env-function-0" from global-backendconfig 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_label_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify affinity
+verify_affinity_result=$(ci::verify_tolerations function-sample-env-function-0 '{"nodeAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"weight":100,"preference":{"matchExpressions":[{"key":"disktype","operator":"In","values":["hdd"]}]}}]}}' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_affinity_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify tolerations
+verify_tolerations_result=$(ci::verify_tolerations function-sample-env-function-0 '[{"effect":"NoExecute","key":"disktype","operator":"Exists","tolerationSeconds":600}]' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_tolerations_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
 # it should use liveness config from global config
 verify_liveness_result=$(ci::verify_liveness_probe function-sample-env-function-0 '{"failureThreshold":3,"httpGet":{"path":"/","port":9094,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":30,"successThreshold":1,"timeoutSeconds":30}' 2>&1)
 if [ $? -ne 0 ]; then
@@ -173,6 +240,33 @@ if [ $? -ne 0 ]; then
   exit 1
 fi
 
+# verify label
+verify_label_result=$(ci::verify_label "function-sample-env-function-0" from "" 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_label_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify tolerations
+verify_tolerations_result=$(ci::verify_tolerations function-sample-env-function-0 '' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_tolerations_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify affinity
+verify_affinity_result=$(ci::verify_tolerations function-sample-env-function-0 '' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_affinity_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
 # it should has no liveness config
 verify_liveness_result=$(ci::verify_liveness_probe function-sample-env-function-0 "" 2>&1)
 if [ $? -ne 0 ]; then
@@ -209,4 +303,31 @@ else
   exit 1
 fi
 
+# verify label
+verify_label_result=$(ci::verify_label "function-sample-env-function-0" from "" 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_label_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify tolerations
+verify_tolerations_result=$(ci::verify_tolerations function-sample-env-function-0 '' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_tolerations_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
+# verify affinity
+verify_affinity_result=$(ci::verify_tolerations function-sample-env-function-0 '' 2>&1)
+if [ $? -ne 0 ]; then
+  echo "$verify_affinity_result"
+  kubectl delete -f "${mesh_config_file}" > /dev/null 2>&1
+  kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true
+  exit 1
+fi
+
 kubectl delete -f "${manifests_file}" > /dev/null 2>&1 || true

api/compute/v1alpha1/backendconfig_types.go

@@ -18,6 +18,7 @@
 package v1alpha1
 
 import (
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -43,8 +44,39 @@ type BackendConfigSpec struct {
 }
 
 // BackendConfigPodPolicy defines the policy for the pod
-// TODO: Support more fields from PodPolicy
 type BackendConfigPodPolicy struct {
+	// Labels specify the labels to attach to pod the operator creates for the cluster.
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// NodeSelector specifies a map of key-value pairs. For a pod to be eligible to run
+	// on a node, the node must have each of the indicated key-value pairs as labels.
+	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
+
+	// Affinity specifies the scheduling constraints of a pod
+	Affinity *v1.Affinity `json:"affinity,omitempty"`
+
+	// Tolerations specifies the tolerations of a Pod
+	Tolerations []v1.Toleration `json:"tolerations,omitempty"`
+
+	// Annotations specifies the annotations to attach to pods the operator creates
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// SecurityContext specifies the security context for the entire pod
+	// More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context
+	SecurityContext *v1.PodSecurityContext `json:"securityContext,omitempty"`
+
+	// TerminationGracePeriodSeconds is the amount of time that kubernetes will give
+	// for a pod before terminating it.
+	TerminationGracePeriodSeconds *int64 `json:"terminationGracePeriodSeconds,omitempty"`
+
+	// ImagePullSecrets is an optional list of references to secrets in the same
+	// namespace to use for pulling any of the images used by this PodSpec.
+	ImagePullSecrets []v1.LocalObjectReference `json:"imagePullSecrets,omitempty"`
+
+	// ServiceAccountName is the name of the ServiceAccount to use to run this pod.
+	// +optional
+	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+
 	// +kubebuilder:validation:Optional
 	Liveness *Liveness `json:"liveness,omitempty"`
 }