Merge pull request #29 from gary-lgy/webhook-scheduler-plugin

.golangci.yml

@@ -146,38 +146,47 @@ linters-settings:
       - pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
         alias: metav1
 
-      - pkg: k8s.io/api/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
+      # regex for api version:
+      # (?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
+      # e.g. v1alpha2
+      # s1: v1
+      # s2: a
+      # s3: 2
+      - pkg: k8s.io/api/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
         # corev1, appsv1...
-        alias: ${group}${v1}${v2}${v3}
+        alias: ${group}${s1}${s2}${s3}
       - pkg: "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
         alias: apiextensionsv1
-      - pkg: github.com/kubewharf/kubeadmiral/pkg/apis/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
+      - pkg: github.com/kubewharf/kubeadmiral/pkg/apis/schedulerwebhook/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
+        # schedwebhookv1a1
+        alias: schedwebhook${s1}${s2}${s3}
+      - pkg: github.com/kubewharf/kubeadmiral/pkg/apis/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
         # fedcorev1a1
-        alias: fed${group}${v1}${v2}${v3}
+        alias: fed${group}${s1}${s2}${s3}
 
-      - pkg: k8s.io/client-go/kubernetes/typed/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
-        alias: ${group}${v1}${v2}${v3}client
+      - pkg: k8s.io/client-go/kubernetes/typed/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
+        alias: ${group}${s1}${s2}${s3}client
       - pkg: github.com/kubewharf/kubeadmiral/pkg/client/clientset/versioned
         alias: fedclient
       - pkg: github.com/kubewharf/kubeadmiral/pkg/client/clientset/versioned/scheme
         alias: fedscheme
-      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/clientset/versioned/typed/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
+      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/clientset/versioned/typed/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
         # fedcorev1a1client
-        alias: fed${group}${v1}${v2}${v3}client
+        alias: fed${group}${s1}${s2}${s3}client
 
-      - pkg: k8s.io/client-go/informers/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
-        alias: ${group}${v1}${v2}${v3}informers
+      - pkg: k8s.io/client-go/informers/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
+        alias: ${group}${s1}${s2}${s3}informers
       - pkg: github.com/kubewharf/kubeadmiral/pkg/client/informers/externalversions
         alias: fedinformers
-      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/informers/externalversions/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
+      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/informers/externalversions/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
         # fedcorev1a1informers
-        alias: fed${group}${v1}${v2}${v3}informers
+        alias: fed${group}${s1}${s2}${s3}informers
 
-      - pkg: k8s.io/client-go/listers/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
-        alias: ${group}${v1}${v2}${v3}listers
-      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/listers/(?P<group>[\w\d]+)/(?P<v1>v\d+)((?P<v2>\w)\w+(?P<v3>\d+))?
+      - pkg: k8s.io/client-go/listers/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
+        alias: ${group}${s1}${s2}${s3}listers
+      - pkg: github.com/kubewharf/kubeadmiral/pkg/client/listers/(?P<group>[\w\d]+)/(?P<s1>v\d+)((?P<s2>\w)\w+(?P<s3>\d+))?
         # fedcorev1a1listers
-        alias: fed${group}${v1}${v2}${v3}listers
+        alias: fed${group}${s1}${s2}${s3}listers
   govet:
     # Settings per analyzer.
     settings:

cmd/controller-manager/app/core.go

@@ -150,6 +150,7 @@ func startGlobalScheduler(
 		controllerCtx.FedInformerFactory.Core().V1alpha1().ClusterPropagationPolicies(),
 		controllerCtx.FedInformerFactory.Core().V1alpha1().FederatedClusters(),
 		controllerCtx.FedInformerFactory.Core().V1alpha1().SchedulingProfiles(),
+		controllerCtx.FedInformerFactory.Core().V1alpha1().SchedulerPluginWebhookConfigurations(),
 		controllerCtx.Metrics,
 		controllerCtx.WorkerCount,
 	)

config/crds/core.kubeadmiral.io_schedulerpluginwebhookconfigurations.yaml

@@ -0,0 +1,110 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.11.1
+  creationTimestamp: null
+  name: schedulerpluginwebhookconfigurations.core.kubeadmiral.io
+spec:
+  group: core.kubeadmiral.io
+  names:
+    kind: SchedulerPluginWebhookConfiguration
+    listKind: SchedulerPluginWebhookConfigurationList
+    plural: schedulerpluginwebhookconfigurations
+    singular: schedulerpluginwebhookconfiguration
+  scope: Cluster
+  versions:
+  - name: v1alpha1
+    schema:
+      openAPIV3Schema:
+        description: SchedulerPluginWebhookConfiguration is a webhook that can be
+          used as a scheduler plugin.
+        properties:
+          apiVersion:
+            description: 'APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            type: string
+          kind:
+            description: 'Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            type: string
+          metadata:
+            type: object
+          spec:
+            properties:
+              filterPath:
+                description: Path for the filter call, empty if not supported. This
+                  path is appended to the URLPrefix when issuing the filter call to
+                  webhook.
+                type: string
+              httpTimeout:
+                default: 5s
+                description: HTTPTimeout specifies the timeout duration for a call
+                  to the webhook. Timeout fails the scheduling of the workload. Defaults
+                  to 5 seconds.
+                format: duration
+                type: string
+              payloadVersions:
+                description: PayloadVersions is an ordered list of preferred request
+                  and response versions the webhook expects. The scheduler will try
+                  to use the first version in the list which it supports. If none
+                  of the versions specified in this list supported by the scheduler,
+                  scheduling will fail for this object.
+                items:
+                  type: string
+                minItems: 1
+                type: array
+              scorePath:
+                description: Path for the score call, empty if not supported. This
+                  verb is appended to the URLPrefix when issuing the score call to
+                  webhook.
+                type: string
+              selectPath:
+                description: Path for the select call, empty if not supported. This
+                  verb is appended to the URLPrefix when issuing the select call to
+                  webhook.
+                type: string
+              tlsConfig:
+                description: TLSConfig specifies the transport layer security config.
+                properties:
+                  caData:
+                    description: CAData holds PEM-encoded bytes (typically read from
+                      a root certificates bundle).
+                    format: byte
+                    type: string
+                  certData:
+                    description: CertData holds PEM-encoded bytes (typically read
+                      from a client certificate file).
+                    format: byte
+                    type: string
+                  insecure:
+                    description: Server should be accessed without verifying the TLS
+                      certificate. For testing only.
+                    type: boolean
+                  keyData:
+                    description: KeyData holds PEM-encoded bytes (typically read from
+                      a client certificate key file).
+                    format: byte
+                    type: string
+                  serverName:
+                    description: ServerName is passed to the server for SNI and is
+                      used in the client to check server certificates against. If
+                      ServerName is empty, the hostname used to contact the server
+                      is used.
+                    type: string
+                type: object
+              urlPrefix:
+                description: URLPrefix at which the webhook is available
+                type: string
+            required:
+            - payloadVersions
+            - urlPrefix
+            type: object
+        required:
+        - spec
+        type: object
+    served: true
+    storage: true

pkg/apis/core/v1alpha1/register.go

@@ -69,6 +69,8 @@ func addKnownTypes(scheme *runtime.Scheme) error {
 		&OverridePolicyList{},
 		&ClusterOverridePolicy{},
 		&ClusterOverridePolicyList{},
+		&SchedulerPluginWebhookConfiguration{},
+		&SchedulerPluginWebhookConfigurationList{},
 	)
 	metav1.AddToGroupVersion(scheme, SchemeGroupVersion)
 	return nil

pkg/apis/core/v1alpha1/types_schedulerpluginwebhookconfiguration.go

@@ -0,0 +1,92 @@
+/*
+Copyright 2018 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+This file may have been modified by The KubeAdmiral Authors
+("KubeAdmiral Modifications"). All KubeAdmiral Modifications
+are Copyright 2023 The KubeAdmiral Authors.
+*/
+
+package v1alpha1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+// +genclient
+// +genclient:nonNamespaced
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+// +kubebuilder:resource:path=schedulerpluginwebhookconfigurations,singular=schedulerpluginwebhookconfiguration,scope=Cluster
+// +kubebuilder:object:root=true
+
+// SchedulerPluginWebhookConfiguration is a webhook that can be used as a scheduler plugin.
+type SchedulerPluginWebhookConfiguration struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec SchedulerPluginWebhookConfigurationSpec `json:"spec"`
+}
+
+// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
+
+// SchedulerPluginWebhookConfigurationList contains a list of SchedulerPluginWebhookConfiguration.
+type SchedulerPluginWebhookConfigurationList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []SchedulerPluginWebhookConfiguration `json:"items"`
+}
+
+type SchedulerPluginWebhookConfigurationSpec struct {
+	// PayloadVersions is an ordered list of preferred request and response
+	// versions the webhook expects.
+	// The scheduler will try to use the first version in
+	// the list which it supports. If none of the versions specified in this list
+	// supported by the scheduler, scheduling will fail for this object.
+	// +kubebuilder:validation:Required
+	// +kubebuilder:validation:MinItems=1
+	PayloadVersions []string `json:"payloadVersions"`
+	// URLPrefix at which the webhook is available
+	// +kubebuilder:validation:Required
+	URLPrefix string `json:"urlPrefix"`
+	// Path for the filter call, empty if not supported. This path is appended to the URLPrefix when issuing the filter call to webhook.
+	FilterPath string `json:"filterPath,omitempty"`
+	// Path for the score call, empty if not supported. This verb is appended to the URLPrefix when issuing the score call to webhook.
+	ScorePath string `json:"scorePath,omitempty"`
+	// Path for the select call, empty if not supported. This verb is appended to the URLPrefix when issuing the select call to webhook.
+	SelectPath string `json:"selectPath,omitempty"`
+	// TLSConfig specifies the transport layer security config.
+	TLSConfig *WebhookTLSConfig `json:"tlsConfig,omitempty"`
+	// HTTPTimeout specifies the timeout duration for a call to the webhook. Timeout fails the scheduling of the workload.
+	// Defaults to 5 seconds.
+	// +kubebuilder:default:="5s"
+	// +kubebuilder:validation:Format:=duration
+	HTTPTimeout metav1.Duration `json:"httpTimeout,omitempty"`
+}
+
+// WebhookTLSConfig contains settings to enable TLS with the webhook server.
+type WebhookTLSConfig struct {
+	// Server should be accessed without verifying the TLS certificate. For testing only.
+	Insecure bool `json:"insecure,omitempty"`
+	// ServerName is passed to the server for SNI and is used in the client to check server
+	// certificates against. If ServerName is empty, the hostname used to contact the
+	// server is used.
+	ServerName string `json:"serverName,omitempty"`
+
+	// CertData holds PEM-encoded bytes (typically read from a client certificate file).
+	CertData []byte `json:"certData,omitempty"`
+	// KeyData holds PEM-encoded bytes (typically read from a client certificate key file).
+	KeyData []byte `json:"keyData,omitempty"`
+	// CAData holds PEM-encoded bytes (typically read from a root certificates bundle).
+	CAData []byte `json:"caData,omitempty"`
+}