Create namespace/sa/rolebinding (#133)

Caving and finally adding the code to create the namespace, service account and role binding to allow for `hostNetwork`. Signed-off-by: Joe Talerico <[email protected]> Co-authored-by: Joe Talerico <[email protected]>
cloud-bulldozer · Feb 29, 2024 · f29a9f9 · f29a9f9
1 parent c99337e
commit f29a9f9
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 2 deletions.
diff --git a/cmd/k8s-netperf/k8s-netperf.go b/cmd/k8s-netperf/k8s-netperf.go
@@ -140,6 +140,13 @@ var rootCmd = &cobra.Command{
 			log.Warn("😥 Prometheus is not available")
 		}
 
+		// Build the namespace and create the sa account
+		err = k8s.BuildInfra(client)
+		if err != nil {
+			log.Error(err)
+			os.Exit(1)
+		}
+
 		// Build the SUT (Deployments)
 		err = k8s.BuildSUT(client, &s)
 		if err != nil {
@@ -324,7 +331,11 @@ func cleanup(client *kubernetes.Clientset) {
 			log.Fatal(err)
 		}
 	}
-
+	err = k8s.DestroyNamespace(client)
+	if err != nil {
+		log.Error(err)
+		os.Exit(1)
+	}
 }
 
 // executeWorkload executes the workload and returns the result data.

diff --git a/pkg/k8s/kubernetes.go b/pkg/k8s/kubernetes.go
@@ -9,6 +9,7 @@ import (
 	"github.com/cloud-bulldozer/k8s-netperf/pkg/metrics"
 	appsv1 "k8s.io/api/apps/v1"
 	apiv1 "k8s.io/api/core/v1"
+	v1 "k8s.io/api/rbac/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/intstr"
 	"k8s.io/apimachinery/pkg/watch"
@@ -41,6 +42,7 @@ type ServiceParams struct {
 }
 
 const sa string = "netperf"
+const namespace string = "netperf"
 
 // NetperfServerCtlPort control port for the service
 const NetperfServerCtlPort = 12865
@@ -67,6 +69,56 @@ const clientAcrossRole = "client-across"
 const hostNetServerRole = "host-server"
 const hostNetClientRole = "host-client"
 
+func BuildInfra(client *kubernetes.Clientset) error {
+	_, err := client.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{})
+	if err == nil {
+		log.Infof("♻️ Namespace already exists, reusing it")
+	} else {
+		log.Infof("🔨 Creating namespace : %s", namespace)
+		_, err := client.CoreV1().Namespaces().Create(context.TODO(), &apiv1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: namespace}}, metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("😥 Unable to create namespace - %s", err)
+		}
+	}
+	_, err = client.CoreV1().ServiceAccounts(namespace).Get(context.TODO(), sa, metav1.GetOptions{})
+	if err == nil {
+		log.Infof("♻️ Service account already exists, reusing it")
+	} else {
+		log.Infof("🔨 Creating service account : %s", sa)
+		_, err = client.CoreV1().ServiceAccounts(namespace).Create(context.TODO(), &apiv1.ServiceAccount{ObjectMeta: metav1.ObjectMeta{Name: sa}}, metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("😥 Unable to create service account")
+		}
+	}
+	rBinding := &v1.RoleBinding{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      sa,
+			Namespace: namespace,
+		},
+		RoleRef: v1.RoleRef{
+			Kind: "ClusterRole",
+			Name: "system:openshift:scc:hostnetwork",
+		},
+		Subjects: []v1.Subject{
+			{
+				Namespace: namespace,
+				Name:      sa,
+				Kind:      "ServiceAccount",
+			},
+		},
+	}
+	_, err = client.RbacV1().RoleBindings(namespace).Get(context.TODO(), sa, metav1.GetOptions{})
+	if err == nil {
+		log.Infof("♻️ Role binding already exists, reusing it")
+	} else {
+		_, err = client.RbacV1().RoleBindings(namespace).Create(context.TODO(), rBinding, metav1.CreateOptions{})
+		if err != nil {
+			return fmt.Errorf("😥 Unable to create role-binding")
+		}
+	}
+	return nil
+}
+
 // BuildSUT Build the k8s env to run network performance tests
 func BuildSUT(client *kubernetes.Clientset, s *config.PerfScenarios) error {
 	// Check if nodes have the zone label to keep the netperf test
@@ -654,6 +706,18 @@ func DestroyService(client *kubernetes.Clientset, serv apiv1.Service) error {
 	})
 }
 
+// DestroyNamespace cleans up the namespace k8s-netperf created
+func DestroyNamespace(client *kubernetes.Clientset) error {
+	_, err := client.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{})
+	if err == nil {
+		deletePolicy := metav1.DeletePropagationForeground
+		return client.CoreV1().Namespaces().Delete(context.TODO(), namespace, metav1.DeleteOptions{
+			PropagationPolicy: &deletePolicy,
+		})
+	}
+	return nil
+}
+
 // DestroyDeployment cleans up a specific deployment from a namespace
 func DestroyDeployment(client *kubernetes.Clientset, dp appsv1.Deployment) error {
 	deletePolicy := metav1.DeletePropagationForeground

diff --git a/testing/kind-config.yaml b/testing/kind-config.yaml
@@ -4,4 +4,3 @@ apiVersion: kind.x-k8s.io/v1alpha4
 nodes:
 - role: control-plane
 - role: worker
-- role: worker