NETOBSERV-1606: Add PODs tolerations config to ebpf agent, flp and console plugin

apis/flowcollector/v1beta1/flowcollector_webhook.go

@@ -56,25 +56,43 @@ func (r *FlowCollector) ConvertTo(dstRaw conversion.Hub) error {
 		if dst.Spec.Agent.EBPF.Advanced == nil {
 			dst.Spec.Agent.EBPF.Advanced = &v1beta2.AdvancedAgentConfig{}
 		}
-		dst.Spec.Agent.EBPF.Advanced.NodeSelector = restored.Spec.Agent.EBPF.Advanced.NodeSelector
-		dst.Spec.Agent.EBPF.Advanced.Affinity = restored.Spec.Agent.EBPF.Advanced.Affinity
-		dst.Spec.Agent.EBPF.Advanced.PriorityClassName = restored.Spec.Agent.EBPF.Advanced.PriorityClassName
+		if restored.Spec.Agent.EBPF.Advanced.Scheduling != nil {
+			if dst.Spec.Agent.EBPF.Advanced.Scheduling == nil {
+				dst.Spec.Agent.EBPF.Advanced.Scheduling = &v1beta2.SchedulingConfig{}
+			}
+			dst.Spec.Agent.EBPF.Advanced.Scheduling.NodeSelector = restored.Spec.Agent.EBPF.Advanced.Scheduling.NodeSelector
+			dst.Spec.Agent.EBPF.Advanced.Scheduling.Tolerations = restored.Spec.Agent.EBPF.Advanced.Scheduling.Tolerations
+			dst.Spec.Agent.EBPF.Advanced.Scheduling.Affinity = restored.Spec.Agent.EBPF.Advanced.Scheduling.Affinity
+			dst.Spec.Agent.EBPF.Advanced.Scheduling.PriorityClassName = restored.Spec.Agent.EBPF.Advanced.Scheduling.PriorityClassName
+		}
 	}
 	if restored.Spec.Processor.Advanced != nil {
 		if dst.Spec.Processor.Advanced == nil {
 			dst.Spec.Processor.Advanced = &v1beta2.AdvancedProcessorConfig{}
 		}
-		dst.Spec.Processor.Advanced.NodeSelector = restored.Spec.Processor.Advanced.NodeSelector
-		dst.Spec.Processor.Advanced.Affinity = restored.Spec.Processor.Advanced.Affinity
-		dst.Spec.Processor.Advanced.PriorityClassName = restored.Spec.Processor.Advanced.PriorityClassName
+		if restored.Spec.Processor.Advanced.Scheduling != nil {
+			if dst.Spec.Processor.Advanced.Scheduling == nil {
+				dst.Spec.Processor.Advanced.Scheduling = &v1beta2.SchedulingConfig{}
+			}
+			dst.Spec.Processor.Advanced.Scheduling.NodeSelector = restored.Spec.Processor.Advanced.Scheduling.NodeSelector
+			dst.Spec.Processor.Advanced.Scheduling.Tolerations = restored.Spec.Processor.Advanced.Scheduling.Tolerations
+			dst.Spec.Processor.Advanced.Scheduling.Affinity = restored.Spec.Processor.Advanced.Scheduling.Affinity
+			dst.Spec.Processor.Advanced.Scheduling.PriorityClassName = restored.Spec.Processor.Advanced.Scheduling.PriorityClassName
+		}
 	}
 	if restored.Spec.ConsolePlugin.Advanced != nil {
 		if dst.Spec.ConsolePlugin.Advanced == nil {
 			dst.Spec.ConsolePlugin.Advanced = &v1beta2.AdvancedPluginConfig{}
 		}
-		dst.Spec.ConsolePlugin.Advanced.NodeSelector = restored.Spec.ConsolePlugin.Advanced.NodeSelector
-		dst.Spec.ConsolePlugin.Advanced.Affinity = restored.Spec.ConsolePlugin.Advanced.Affinity
-		dst.Spec.ConsolePlugin.Advanced.PriorityClassName = restored.Spec.ConsolePlugin.Advanced.PriorityClassName
+		if restored.Spec.ConsolePlugin.Advanced.Scheduling != nil {
+			if dst.Spec.ConsolePlugin.Advanced.Scheduling == nil {
+				dst.Spec.ConsolePlugin.Advanced.Scheduling = &v1beta2.SchedulingConfig{}
+			}
+			dst.Spec.ConsolePlugin.Advanced.Scheduling.NodeSelector = restored.Spec.ConsolePlugin.Advanced.Scheduling.NodeSelector
+			dst.Spec.ConsolePlugin.Advanced.Scheduling.Tolerations = restored.Spec.ConsolePlugin.Advanced.Scheduling.Tolerations
+			dst.Spec.ConsolePlugin.Advanced.Scheduling.Affinity = restored.Spec.ConsolePlugin.Advanced.Scheduling.Affinity
+			dst.Spec.ConsolePlugin.Advanced.Scheduling.PriorityClassName = restored.Spec.ConsolePlugin.Advanced.Scheduling.PriorityClassName
+		}
 	}
 	ClearDefaultAdvancedConfig(dst)
 

apis/flowcollector/v1beta1/flowcollector_webhook_test.go

@@ -371,7 +371,16 @@ func TestBeta2ConversionRoundtrip_Advanced(t *testing.T) {
 			Agent: v1beta2.FlowCollectorAgent{
 				EBPF: v1beta2.FlowCollectorEBPF{
 					Advanced: &v1beta2.AdvancedAgentConfig{
-						PriorityClassName: "pcn",
+						Scheduling: &v1beta2.SchedulingConfig{
+							PriorityClassName: "pcn",
+							Tolerations: []v1.Toleration{
+								{
+									Key:      "agent",
+									Operator: v1.TolerationOpExists,
+									Effect:   v1.TaintEffectNoSchedule,
+								},
+							},
+						},
 					},
 				},
 			},
@@ -382,14 +391,32 @@ func TestBeta2ConversionRoundtrip_Advanced(t *testing.T) {
 					ConversationEndTimeout:         &metav1.Duration{Duration: time.Second},
 					ConversationHeartbeatInterval:  &metav1.Duration{Duration: time.Minute},
 					ConversationTerminatingTimeout: &metav1.Duration{Duration: time.Hour},
-					NodeSelector:                   map[string]string{"test": "ok"},
+					Scheduling: &v1beta2.SchedulingConfig{
+						NodeSelector: map[string]string{"test": "ok"},
+						Tolerations: []v1.Toleration{
+							{
+								Key:      "processor",
+								Operator: v1.TolerationOpExists,
+								Effect:   v1.TaintEffectNoExecute,
+							},
+						},
+					},
 				},
 			},
 			ConsolePlugin: v1beta2.FlowCollectorConsolePlugin{
 				Advanced: &v1beta2.AdvancedPluginConfig{
 					Register: ptr.To(false),
 					Port:     ptr.To(int32(1000)),
-					Affinity: &affinityExample,
+					Scheduling: &v1beta2.SchedulingConfig{
+						Affinity: &affinityExample,
+						Tolerations: []v1.Toleration{
+							{
+								Key:      "plugin",
+								Operator: v1.TolerationOpExists,
+								Effect:   v1.TaintEffectNoExecute,
+							},
+						},
+					},
 				},
 			},
 			Loki: v1beta2.FlowCollectorLoki{
@@ -423,16 +450,19 @@ func TestBeta2ConversionRoundtrip_Advanced(t *testing.T) {
 	err = converted.ConvertTo(&back)
 	assert.NoError(err)
 
-	assert.Equal("pcn", back.Spec.Agent.EBPF.Advanced.PriorityClassName)
+	assert.Equal("pcn", back.Spec.Agent.EBPF.Advanced.Scheduling.PriorityClassName)
+	assert.Equal(v1.TaintEffectNoSchedule, back.Spec.Agent.EBPF.Advanced.Scheduling.Tolerations[0].Effect)
 	assert.False(*back.Spec.ConsolePlugin.Advanced.Register)
 	assert.Equal(int32(1000), *back.Spec.ConsolePlugin.Advanced.Port)
-	assert.Equal(&affinityExample, back.Spec.ConsolePlugin.Advanced.Affinity)
+	assert.Equal(&affinityExample, back.Spec.ConsolePlugin.Advanced.Scheduling.Affinity)
+	assert.Equal(v1.TaintEffectNoExecute, back.Spec.ConsolePlugin.Advanced.Scheduling.Tolerations[0].Effect)
 	assert.Equal(int32(999), *back.Spec.Processor.Advanced.HealthPort)
 	assert.Equal(int32(998), *back.Spec.Processor.Advanced.ProfilePort)
 	assert.Equal(time.Second, back.Spec.Processor.Advanced.ConversationEndTimeout.Duration)
 	assert.Equal(time.Minute, back.Spec.Processor.Advanced.ConversationHeartbeatInterval.Duration)
 	assert.Equal(time.Hour, back.Spec.Processor.Advanced.ConversationTerminatingTimeout.Duration)
-	assert.Equal(map[string]string{"test": "ok"}, back.Spec.Processor.Advanced.NodeSelector)
+	assert.Equal(map[string]string{"test": "ok"}, back.Spec.Processor.Advanced.Scheduling.NodeSelector)
+	assert.Equal(v1.TaintEffectNoExecute, back.Spec.Processor.Advanced.Scheduling.Tolerations[0].Effect)
 	assert.Equal(time.Minute, back.Spec.Loki.WriteBatchWait.Duration)
 	assert.Equal(time.Minute, back.Spec.Loki.Advanced.WriteMinBackoff.Duration)
 	assert.Equal(time.Hour, back.Spec.Loki.Advanced.WriteMaxBackoff.Duration)

apis/flowcollector/v1beta2/flowcollector_types.go

@@ -930,15 +930,11 @@ type SASLConfig struct {
 	ClientSecretReference FileReference `json:"clientSecretReference,omitempty"`
 }
 
-// `AdvancedAgentConfig` allows tweaking some aspects of the internal configuration of the agent.
-// They are aimed mostly for debugging. Set these values at your own risk.
-type AdvancedAgentConfig struct {
-	// `env` allows passing custom environment variables to underlying components. Useful for passing
-	// some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be
-	// publicly exposed as part of the FlowCollector descriptor, as they are only useful
-	// in edge debug or support scenarios.
+// `SchedulingConfig` defines the scheduling configuration for NetObserv pods
+type SchedulingConfig struct {
+	// tolerations is a list of tolerations that allow the pod to schedule onto nodes with matching taints.
 	//+optional
-	Env map[string]string `json:"env,omitempty"`
+	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
 
 	// NodeSelector is a selector which must be true for the pod to fit on a node.
 	// Selector which must match a node's labels for the pod to be scheduled on that node.
@@ -961,6 +957,21 @@ type AdvancedAgentConfig struct {
 	PriorityClassName string `json:"priorityClassName,omitempty"`
 }
 
+// `AdvancedAgentConfig` allows tweaking some aspects of the internal configuration of the agent.
+// They are aimed mostly for debugging. Set these values at your own risk.
+type AdvancedAgentConfig struct {
+	// `env` allows passing custom environment variables to underlying components. Useful for passing
+	// some very concrete performance-tuning options, such as `GOGC` and `GOMAXPROCS`, that should not be
+	// publicly exposed as part of the FlowCollector descriptor, as they are only useful
+	// in edge debug or support scenarios.
+	//+optional
+	Env map[string]string `json:"env,omitempty"`
+
+	// scheduling controls whether the pod will be scheduled or not.
+	// +optional
+	Scheduling *SchedulingConfig `json:"scheduling,omitempty"`
+}
+
 // `AdvancedProcessorConfig` allows tweaking some aspects of the internal configuration of the processor.
 // They are aimed mostly for debugging. Set these values at your own risk.
 type AdvancedProcessorConfig struct {
@@ -1020,25 +1031,9 @@ type AdvancedProcessorConfig struct {
 	// `conversationTerminatingTimeout` is the time to wait from detected FIN flag to end a conversation. Only relevant for TCP flows.
 	ConversationTerminatingTimeout *metav1.Duration `json:"conversationTerminatingTimeout,omitempty"`
 
-	// NodeSelector is a selector which must be true for the pod to fit on a node.
-	// Selector which must match a node's labels for the pod to be scheduled on that node.
-	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-	// +optional
-	// +mapType=atomic
-	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
-
-	// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
+	// scheduling controls whether the pod will be scheduled or not.
 	// +optional
-	Affinity *corev1.Affinity `json:"affinity,omitempty"`
-
-	// If specified, indicates the pod's priority. "system-node-critical" and
-	// "system-cluster-critical" are two special keywords which indicate the
-	// highest priorities with the former being the highest priority. Any other
-	// name must be defined by creating a PriorityClass object with that name.
-	// If not specified, the pod priority will be default or zero if there is no
-	// default.
-	// +optional
-	PriorityClassName string `json:"priorityClassName,omitempty"`
+	Scheduling *SchedulingConfig `json:"scheduling,omitempty"`
 }
 
 // `AdvancedLokiConfig` allows tweaking some aspects of the Loki clients.
@@ -1097,25 +1092,9 @@ type AdvancedPluginConfig struct {
 	// `port` is the plugin service port. Do not use 9002, which is reserved for metrics.
 	Port *int32 `json:"port,omitempty"`
 
-	// NodeSelector is a selector which must be true for the pod to fit on a node.
-	// Selector which must match a node's labels for the pod to be scheduled on that node.
-	// More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
-	// +optional
-	// +mapType=atomic
-	NodeSelector map[string]string `json:"nodeSelector,omitempty"`
-
-	// If specified, the pod's scheduling constraints. For documentation, refer to https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling
-	// +optional
-	Affinity *corev1.Affinity `json:"affinity,omitempty"`
-
-	// If specified, indicates the pod's priority. "system-node-critical" and
-	// "system-cluster-critical" are two special keywords which indicate the
-	// highest priorities with the former being the highest priority. Any other
-	// name must be defined by creating a PriorityClass object with that name.
-	// If not specified, the pod priority will be default or zero if there is no
-	// default.
+	// scheduling controls whether the pod will be scheduled or not.
 	// +optional
-	PriorityClassName string `json:"priorityClassName,omitempty"`
+	Scheduling *SchedulingConfig `json:"scheduling,omitempty"`
 }
 
 // `SubnetLabels` allows to define custom labels on subnets and IPs or to enable automatic labelling of recognized subnets in OpenShift.