controller: Add overhead annotation using pod mutating webhook

In order for the Kata runtime to correctly deal with hot plugging and
set a VM size that is compatible with the host cgroup size [1], we
need to pass the known overhead (from the RuntimeClass) to the runtime
using an annotation.

This code implements a mutating web hook to modify the pod so that the
annotation is added when the runtime class is Kata.

Signed-off-by: Christophe de Dinechin <[email protected]>

Author: c3d

api/v1/kataconfig_types.go

@@ -44,6 +44,12 @@ type KataConfigSpec struct {
 	// +optional
 	// +kubebuilder:default:=false
 	EnablePeerPods bool `json:"enablePeerPods"`
+
+	// +optional
+	// +kubebuilder:default:=350
+	// +kubebuilder:validation:Minimum=1
+	// +kubebuilder:validation:Maximum=2048
+	MemoryOverheadMB *int32 `json:"memoryOverheadMB,omitempty"`
 }
 
 // KataConfigStatus defines the observed state of KataConfig

api/v1/kataconfig_webhook.go

@@ -61,16 +61,28 @@ func (r *KataConfig) ValidateCreate(ctx context.Context, obj runtime.Object) (ad
 
 	kataconfiglog.Info("validate create", "name", kataconfig.Name)
 
-	kataConfigList := &KataConfigList{}
-	listOpts := []client.ListOption{
-		client.InNamespace(corev1.NamespaceAll),
-	}
-	if err := clientInst.List(ctx, kataConfigList, listOpts...); err != nil {
-		return nil, fmt.Errorf("Failed to list KataConfig custom resources: %v", err)
+	// Skip client-dependent validation if clientInst is nil (e.g., during testing)
+	if clientInst != nil {
+		kataConfigList := &KataConfigList{}
+		listOpts := []client.ListOption{
+			client.InNamespace(corev1.NamespaceAll),
+		}
+		if err := clientInst.List(ctx, kataConfigList, listOpts...); err != nil {
+			return nil, fmt.Errorf("Failed to list KataConfig custom resources: %v", err)
+		}
+
+		if len(kataConfigList.Items) == 1 {
+			return nil, fmt.Errorf("A KataConfig instance already exists, refusing to create a duplicate")
+		}
 	}
 
-	if len(kataConfigList.Items) == 1 {
-		return nil, fmt.Errorf("A KataConfig instance already exists, refusing to create a duplicate")
+	if r.Spec.MemoryOverheadMB != nil {
+		if *r.Spec.MemoryOverheadMB < 60 {
+			return nil, fmt.Errorf("memoryOverheadMB must be at least 60MB")
+		}
+		if *r.Spec.MemoryOverheadMB > 4096*1024 {
+			return nil, fmt.Errorf("memoryOverheadMB must be at most 4GB")
+		}
 	}
 
 	return nil, nil
@@ -85,6 +97,15 @@ func (r *KataConfig) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.
 
 	kataconfiglog.Info("validate update", "name", kataconfig.Name)
 
+	if r.Spec.MemoryOverheadMB != nil {
+		if *r.Spec.MemoryOverheadMB < 60 {
+			return nil, fmt.Errorf("memoryOverheadMB must be at least 60MB")
+		}
+		if *r.Spec.MemoryOverheadMB > 4096*1024 {
+			return nil, fmt.Errorf("memoryOverheadMB must be at most 4GB")
+		}
+	}
+
 	// TODO(user): fill in your validation logic upon object update.
 	return nil, nil
 }