Merge pull request kubevirt#7803 from maiqueb/move-pod-template-func-…

…to-container-renderer

Move pod template func to container renderer

pkg/virt-controller/services/rendercontainer.go

@@ -1,10 +1,13 @@
 package services
 
 import (
+	"strconv"
+
 	k8sv1 "k8s.io/api/core/v1"
 
 	v1 "kubevirt.io/api/core/v1"
 	"kubevirt.io/kubevirt/pkg/util"
+	"kubevirt.io/kubevirt/pkg/virt-launcher/virtwrap/api"
 )
 
 const (
@@ -83,7 +86,7 @@ func WithPrivileged() Option {
 func WithCapabilities(vmi *v1.VirtualMachineInstance) Option {
 	return func(renderer *ContainerSpecRenderer) {
 		renderer.capabilities = &k8sv1.Capabilities{
-			Add:  getRequiredCapabilities(vmi),
+			Add:  requiredCapabilities(vmi),
 			Drop: []k8sv1.Capability{CAP_NET_RAW},
 		}
 	}
@@ -109,7 +112,7 @@ func WithResourceRequirements(resources k8sv1.ResourceRequirements) Option {
 
 func WithPorts(vmi *v1.VirtualMachineInstance) Option {
 	return func(renderer *ContainerSpecRenderer) {
-		renderer.ports = getPortsFromVMI(vmi)
+		renderer.ports = containerPortsFromVMI(vmi)
 	}
 }
 
@@ -167,3 +170,85 @@ func securityContext(userId int64, privileged bool, requiredCapabilities *k8sv1.
 	}
 	return context
 }
+
+func containerPortsFromVMI(vmi *v1.VirtualMachineInstance) []k8sv1.ContainerPort {
+	var ports []k8sv1.ContainerPort
+
+	for _, iface := range vmi.Spec.Domain.Devices.Interfaces {
+		if iface.Ports != nil {
+			for _, port := range iface.Ports {
+				if port.Protocol == "" {
+					port.Protocol = "TCP"
+				}
+
+				ports = append(ports, k8sv1.ContainerPort{Protocol: k8sv1.Protocol(port.Protocol), Name: port.Name, ContainerPort: port.Port})
+			}
+		}
+	}
+
+	return ports
+}
+
+func updateReadinessProbe(vmi *v1.VirtualMachineInstance, computeProbe *k8sv1.Probe) {
+	if vmi.Spec.ReadinessProbe.GuestAgentPing != nil {
+		wrapGuestAgentPingWithVirtProbe(vmi, computeProbe)
+		computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
+		return
+	}
+	wrapExecProbeWithVirtProbe(vmi, computeProbe)
+	computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
+}
+
+func updateLivenessProbe(vmi *v1.VirtualMachineInstance, computeProbe *k8sv1.Probe) {
+	if vmi.Spec.LivenessProbe.GuestAgentPing != nil {
+		wrapGuestAgentPingWithVirtProbe(vmi, computeProbe)
+		computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
+		return
+	}
+	wrapExecProbeWithVirtProbe(vmi, computeProbe)
+	computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
+}
+
+func wrapExecProbeWithVirtProbe(vmi *v1.VirtualMachineInstance, probe *k8sv1.Probe) {
+	if probe == nil || probe.ProbeHandler.Exec == nil {
+		return
+	}
+
+	originalCommand := probe.ProbeHandler.Exec.Command
+	if len(originalCommand) < 1 {
+		return
+	}
+
+	wrappedCommand := []string{
+		"virt-probe",
+		"--domainName", api.VMINamespaceKeyFunc(vmi),
+		"--timeoutSeconds", strconv.FormatInt(int64(probe.TimeoutSeconds), 10),
+		"--command", originalCommand[0],
+		"--",
+	}
+	wrappedCommand = append(wrappedCommand, originalCommand[1:]...)
+
+	probe.ProbeHandler.Exec.Command = wrappedCommand
+	// we add 1s to the pod probe to compensate for the additional steps in probing
+	probe.TimeoutSeconds += 1
+}
+
+func requiredCapabilities(vmi *v1.VirtualMachineInstance) []k8sv1.Capability {
+	// These capabilies are always required because we set them on virt-launcher binary
+	// add CAP_SYS_PTRACE capability needed by libvirt + swtpm
+	// TODO: drop SYS_PTRACE after updating libvirt to a release containing:
+	// https://github.com/libvirt/libvirt/commit/a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe
+	capabilities := []k8sv1.Capability{CAP_NET_BIND_SERVICE, CAP_SYS_PTRACE}
+
+	if !util.IsNonRootVMI(vmi) {
+		// add a CAP_SYS_NICE capability to allow setting cpu affinity
+		capabilities = append(capabilities, CAP_SYS_NICE)
+		// add CAP_SYS_ADMIN capability to allow virtiofs
+		if util.IsVMIVirtiofsEnabled(vmi) {
+			capabilities = append(capabilities, CAP_SYS_ADMIN)
+			capabilities = append(capabilities, getVirtiofsCapabilities()...)
+		}
+	}
+
+	return capabilities
+}

pkg/virt-controller/services/template.go

@@ -1767,26 +1767,6 @@ func getVirtiofsCapabilities() []k8sv1.Capability {
 	}
 }
 
-func getRequiredCapabilities(vmi *v1.VirtualMachineInstance) []k8sv1.Capability {
-	// These capabilies are always required because we set them on virt-launcher binary
-	// add CAP_SYS_PTRACE capability needed by libvirt + swtpm
-	// TODO: drop SYS_PTRACE after updating libvirt to a release containing:
-	// https://github.com/libvirt/libvirt/commit/a9c500d2b50c5c041a1bb6ae9724402cf1cec8fe
-	capabilities := []k8sv1.Capability{CAP_NET_BIND_SERVICE, CAP_SYS_PTRACE}
-
-	if !util.IsNonRootVMI(vmi) {
-		// add a CAP_SYS_NICE capability to allow setting cpu affinity
-		capabilities = append(capabilities, CAP_SYS_NICE)
-		// add CAP_SYS_ADMIN capability to allow virtiofs
-		if util.IsVMIVirtiofsEnabled(vmi) {
-			capabilities = append(capabilities, CAP_SYS_ADMIN)
-			capabilities = append(capabilities, getVirtiofsCapabilities()...)
-		}
-	}
-
-	return capabilities
-}
-
 func getRequiredResources(vmi *v1.VirtualMachineInstance, allowEmulation bool) k8sv1.ResourceList {
 	res := k8sv1.ResourceList{}
 	if util.NeedTunDevice(vmi) {
@@ -1938,48 +1918,6 @@ func addProbeOverhead(probe *v1.Probe, to *resource.Quantity) bool {
 	return false
 }
 
-func updateReadinessProbe(vmi *v1.VirtualMachineInstance, computeProbe *k8sv1.Probe) {
-	if vmi.Spec.ReadinessProbe.GuestAgentPing != nil {
-		wrapGuestAgentPingWithVirtProbe(vmi, computeProbe)
-		computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
-		return
-	}
-	wrapExecProbeWithVirtProbe(vmi, computeProbe)
-	computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
-}
-
-func updateLivenessProbe(vmi *v1.VirtualMachineInstance, computeProbe *k8sv1.Probe) {
-	if vmi.Spec.LivenessProbe.GuestAgentPing != nil {
-		wrapGuestAgentPingWithVirtProbe(vmi, computeProbe)
-		computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
-		return
-	}
-	wrapExecProbeWithVirtProbe(vmi, computeProbe)
-	computeProbe.InitialDelaySeconds = computeProbe.InitialDelaySeconds + LibvirtStartupDelay
-}
-
-func getPortsFromVMI(vmi *v1.VirtualMachineInstance) []k8sv1.ContainerPort {
-	ports := make([]k8sv1.ContainerPort, 0)
-
-	for _, iface := range vmi.Spec.Domain.Devices.Interfaces {
-		if iface.Ports != nil {
-			for _, port := range iface.Ports {
-				if port.Protocol == "" {
-					port.Protocol = "TCP"
-				}
-
-				ports = append(ports, k8sv1.ContainerPort{Protocol: k8sv1.Protocol(port.Protocol), Name: port.Name, ContainerPort: port.Port})
-			}
-		}
-	}
-
-	if len(ports) == 0 {
-		return nil
-	}
-
-	return ports
-}
-
 func HaveMasqueradeInterface(interfaces []v1.Interface) bool {
 	for _, iface := range interfaces {
 		if iface.Masquerade != nil {
@@ -2095,30 +2033,6 @@ func wrapGuestAgentPingWithVirtProbe(vmi *v1.VirtualMachineInstance, probe *k8sv
 	return
 }
 
-func wrapExecProbeWithVirtProbe(vmi *v1.VirtualMachineInstance, probe *k8sv1.Probe) {
-	if probe == nil || probe.ProbeHandler.Exec == nil {
-		return
-	}
-
-	originalCommand := probe.ProbeHandler.Exec.Command
-	if len(originalCommand) < 1 {
-		return
-	}
-
-	wrappedCommand := []string{
-		"virt-probe",
-		"--domainName", api.VMINamespaceKeyFunc(vmi),
-		"--timeoutSeconds", strconv.FormatInt(int64(probe.TimeoutSeconds), 10),
-		"--command", originalCommand[0],
-		"--",
-	}
-	wrappedCommand = append(wrappedCommand, originalCommand[1:]...)
-
-	probe.ProbeHandler.Exec.Command = wrappedCommand
-	// we add 1s to the pod probe to compensate for the additional steps in probing
-	probe.TimeoutSeconds += 1
-}
-
 func alignPodMultiCategorySecurity(pod *k8sv1.Pod, selinuxType string) {
 	pod.Spec.SecurityContext.SELinuxOptions = &k8sv1.SELinuxOptions{Type: selinuxType}
 	// more info on https://github.com/kubernetes/kubernetes/issues/90759