pgsgeo · lbailleul · Jul 7, 2023 · Jul 7, 2023 · Jul 7, 2023 · Jul 7, 2023
diff --git a/api/v1beta1/module_types.go b/api/v1beta1/module_types.go
@@ -42,6 +42,10 @@ type KanikoParams struct {
 	// +optional
 	// Kaniko image tag to use when creating the build Job
 	Tag string `json:"tag,omitempty"`
+
+	//+optional
+	// Configure Kaniko to cache layers
+	Cache bool `json:"cache,omitempty"`
 }
 
 type Build struct {
@@ -164,6 +168,21 @@ type ModprobeSpec struct {
 	// +optional
 	FirmwarePath string `json:"firmwarePath,omitempty"`
 
+	// EnableHostNetwork allow to run modprobe in the host network namespace by
+	// setting podSpec.HostNetwork true
+	// +optional
+	EnableHostNetwork bool `json:"enableHostNetwork,omitempty"`
+
+	//LoaderCommandOverride allow to override the default lifecycle PostStart command by passing
+	//a set of commands to run
+	// +optional
+	LoaderCommandOverride []string `json:"loaderCommandOverride,omitempty"`
+
+	//UnloaderCommandOverride allow to override the default lifecycle PreStop command by passing
+	//a set of commands to run
+	// +optional
+	UnloaderCommandOverride []string `json:"unloaderCommandOverride,omitempty"`
+
 	// ModulesLoadingOrder defines the dependency between kernel modules loading, in case
 	// it was not created by depmod (independent kernel modules).
 	// The list order should be: upmost module, then the module it depends on and so on.
@@ -196,6 +215,14 @@ type ModuleLoaderContainerSpec struct {
 	// +optional
 	ContainerImage string `json:"containerImage,omitempty"`
 
+	// VolumeMounts is a list of volume mounts that are appended to the default ones.
+	// +optional
+	VolumeMounts []v1.VolumeMount `json:"volumeMounts,omitempty"`
+
+	// Privileged set the container to fully priviledged
+	// +optional
+	Privileged bool `json:"privileged,omitempty"`
+
 	// Image pull policy.
 	// One of Always, Never, IfNotPresent.
 	// Defaults to Always if :latest tag is specified, or IfNotPresent otherwise.
@@ -231,6 +258,10 @@ type ModuleLoaderSpec struct {
 	// ServiceAccountName is the name of the ServiceAccount to use to run this pod.
 	// More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
 	ServiceAccountName string `json:"serviceAccountName,omitempty"`
+
+	// +optional
+	// Volumes list of volume to add to the ModuleLoader DS spec
+	Volumes []v1.Volume `json:"volumes,omitempty"`
 }
 
 type DevicePluginContainerSpec struct {

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/config/crd-hub/bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml b/config/crd-hub/bases/hub.kmm.sigs.x-k8s.io_managedclustermodules.yaml
diff --git a/config/crd/bases/kmm.sigs.x-k8s.io_modules.yaml b/config/crd/bases/kmm.sigs.x-k8s.io_modules.yaml
diff --git a/internal/api/moduleloaderdata.go b/internal/api/moduleloaderdata.go
@@ -42,6 +42,15 @@ type ModuleLoaderData struct {
 	// ContainerImage is a top-level field
 	ContainerImage string
 
+	//VolumeMounts is a list of VolumeMount to add to the container spec
+	VolumeMounts []v1.VolumeMount
+
+	//Volume is a list of Volume to add to the DS spec
+	Volumes []v1.Volume
+
+	//Privileged if the container is privileged
+	Privileged bool
+
 	// Image pull policy.
 	ImagePullPolicy v1.PullPolicy
 

diff --git a/internal/build/job/maker.go b/internal/build/job/maker.go
@@ -180,6 +180,10 @@ func (m *maker) containerArgs(
 		args = append(args, "--skip-tls-verify-pull")
 	}
 
+	if buildConfig.KanikoParams != nil && buildConfig.KanikoParams.Cache {
+		args = append(args, "--cache=true")
+	}
+
 	if pushImage {
 		if mld.RegistryTLS.Insecure {
 			args = append(args, "--insecure")

diff --git a/internal/daemonset/daemonset.go b/internal/daemonset/daemonset.go
@@ -109,6 +109,39 @@ func (dc *daemonSetGenerator) SetDriverContainerAsDesired(
 	hostPathDirectory := v1.HostPathDirectory
 	hostPathDirectoryOrCreate := v1.HostPathDirectoryOrCreate
 
+	var lifecyclePostStartCommand []string
+	if len(mld.Modprobe.LoaderCommandOverride) > 0 {
+		lifecyclePostStartCommand = mld.Modprobe.LoaderCommandOverride
+	} else {
+		lifecyclePostStartCommand = makeLoadCommand(mld.InTreeModuleToRemove, mld.Modprobe, mld.Name)
+	}
+
+	var lifecyclePreStopCommand []string
+	if len(mld.Modprobe.UnloaderCommandOverride) > 0 {
+		lifecyclePreStopCommand = mld.Modprobe.UnloaderCommandOverride
+	} else {
+		lifecyclePreStopCommand = makeUnloadCommand(mld.Modprobe, mld.Name)
+	}
+
+	var securityContext v1.SecurityContext
+
+	if mld.Privileged {
+		securityContext = v1.SecurityContext{
+			Privileged: pointer.Bool(true),
+		}
+	} else {
+		securityContext = v1.SecurityContext{
+			AllowPrivilegeEscalation: pointer.Bool(false),
+			Capabilities: &v1.Capabilities{
+				Add: []v1.Capability{"SYS_MODULE"},
+			},
+			RunAsUser: pointer.Int64(0),
+			SELinuxOptions: &v1.SELinuxOptions{
+				Type: "spc_t",
+			},
+		}
+	}
+
 	container := v1.Container{
 		Command:         []string{"sleep", "infinity"},
 		Name:            "module-loader",
@@ -117,25 +150,16 @@ func (dc *daemonSetGenerator) SetDriverContainerAsDesired(
 		Lifecycle: &v1.Lifecycle{
 			PostStart: &v1.LifecycleHandler{
 				Exec: &v1.ExecAction{
-					Command: makeLoadCommand(mld.InTreeModuleToRemove, mld.Modprobe, mld.Name),
+					Command: lifecyclePostStartCommand,
 				},
 			},
 			PreStop: &v1.LifecycleHandler{
 				Exec: &v1.ExecAction{
-					Command: makeUnloadCommand(mld.Modprobe, mld.Name),
+					Command: lifecyclePreStopCommand,
 				},
 			},
 		},
-		SecurityContext: &v1.SecurityContext{
-			AllowPrivilegeEscalation: pointer.Bool(false),
-			Capabilities: &v1.Capabilities{
-				Add: []v1.Capability{"SYS_MODULE"},
-			},
-			RunAsUser: pointer.Int64(0),
-			SELinuxOptions: &v1.SELinuxOptions{
-				Type: "spc_t",
-			},
-		},
+		SecurityContext: &securityContext,
 		VolumeMounts: []v1.VolumeMount{
 			{
 				Name:      nodeLibModulesVolumeName,
@@ -157,6 +181,14 @@ func (dc *daemonSetGenerator) SetDriverContainerAsDesired(
 		},
 	}
 
+	for i := 0; i < len(mld.Volumes); i++ {
+		volumes = append(volumes, mld.Volumes[i])
+	}
+
+	for i := 0; i < len(mld.VolumeMounts); i++ {
+		container.VolumeMounts = append(container.VolumeMounts, mld.VolumeMounts[i])
+	}
+
 	if fw := mld.Modprobe.FirmwarePath; fw != "" {
 		firmwareVolume := v1.Volume{
 			Name: nodeVarLibFirmwareVolumeName,
@@ -205,6 +237,11 @@ func (dc *daemonSetGenerator) SetDriverContainerAsDesired(
 		container.VolumeMounts = append(container.VolumeMounts, softDepVolumeMount)
 	}
 
+	enableHostNetwork := false
+	if mld.Modprobe.EnableHostNetwork {
+		enableHostNetwork = true
+	}
+
 	ds.Spec = appsv1.DaemonSetSpec{
 		Template: v1.PodTemplateSpec{
 			ObjectMeta: metav1.ObjectMeta{
@@ -213,6 +250,7 @@ func (dc *daemonSetGenerator) SetDriverContainerAsDesired(
 				Annotations: modulesOrderAnnotations,
 			},
 			Spec: v1.PodSpec{
+				HostNetwork:        enableHostNetwork,
 				Containers:         []v1.Container{container},
 				ImagePullSecrets:   GetPodPullSecrets(mld.ImageRepoSecret),
 				NodeSelector:       nodeSelector,

diff --git a/internal/module/kernelmapper.go b/internal/module/kernelmapper.go
@@ -118,6 +118,10 @@ func (kh *kernelMapperHelper) prepareModuleLoaderData(mapping *kmmv1beta1.Kernel
 		mld.InTreeModuleToRemove = mapping.InTreeModuleToRemove
 	}
 
+	mld.VolumeMounts = mod.Spec.ModuleLoader.Container.VolumeMounts
+	mld.Volumes = mod.Spec.ModuleLoader.Volumes
+	mld.Privileged = mod.Spec.ModuleLoader.Container.Privileged
+
 	mld.KernelVersion = kernelVersion
 	mld.Name = mod.Name
 	mld.Namespace = mod.Namespace