Implement NetworkQoS controller

This commit implements Network QoS controller, based on the enhancement
ovn-kubernetes/ovn-kubernetes#4366

Signed-off-by: Flavio Fernandes <[email protected]>
Signed-off-by: Xiaobin Qu <[email protected]>

Author: flavio-fernandes

go-controller/pkg/clustermanager/status_manager/networkqos_manager.go

@@ -0,0 +1,83 @@
+package status_manager
+
+import (
+	"context"
+	"strings"
+
+	networkqosapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1"
+	networkqosapply "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1/apis/applyconfiguration/networkqos/v1alpha1"
+	networkqosclientset "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1/apis/clientset/versioned"
+	networkqoslisters "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1/apis/listers/networkqos/v1alpha1"
+	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type networkQoSManager struct {
+	lister networkqoslisters.NetworkQoSLister
+	client networkqosclientset.Interface
+}
+
+func newNetworkQoSManager(lister networkqoslisters.NetworkQoSLister, client networkqosclientset.Interface) *networkQoSManager {
+	return &networkQoSManager{
+		lister: lister,
+		client: client,
+	}
+}
+
+//lint:ignore U1000 generic interfaces throw false-positives https://github.com/dominikh/go-tools/issues/1440
+func (m *networkQoSManager) get(namespace, name string) (*networkqosapi.NetworkQoS, error) {
+	return m.lister.NetworkQoSes(namespace).Get(name)
+}
+
+//lint:ignore U1000 generic interfaces throw false-positives
+func (m *networkQoSManager) getMessages(networkQoS *networkqosapi.NetworkQoS) []string {
+	var messages []string
+	for _, condition := range networkQoS.Status.Conditions {
+		messages = append(messages, condition.Message)
+	}
+	return messages
+}
+
+//lint:ignore U1000 generic interfaces throw false-positives
+func (m *networkQoSManager) updateStatus(networkQoS *networkqosapi.NetworkQoS, applyOpts *metav1.ApplyOptions,
+	applyEmptyOrFailed bool) error {
+	if networkQoS == nil {
+		return nil
+	}
+	newStatus := "NetworkQoS Destinations applied"
+	for _, condition := range networkQoS.Status.Conditions {
+		if strings.Contains(condition.Message, types.NetworkQoSErrorMsg) {
+			newStatus = types.NetworkQoSErrorMsg
+			break
+		}
+	}
+	if applyEmptyOrFailed && newStatus != types.NetworkQoSErrorMsg {
+		newStatus = ""
+	}
+
+	if networkQoS.Status.Status == newStatus {
+		// already set to the same value
+		return nil
+	}
+
+	applyStatus := networkqosapply.Status()
+	if newStatus != "" {
+		applyStatus.WithStatus(newStatus)
+	}
+
+	applyObj := networkqosapply.NetworkQoS(networkQoS.Name, networkQoS.Namespace).
+		WithStatus(applyStatus)
+
+	_, err := m.client.K8sV1alpha1().NetworkQoSes(networkQoS.Namespace).ApplyStatus(context.TODO(), applyObj, *applyOpts)
+	return err
+}
+
+//lint:ignore U1000 generic interfaces throw false-positives
+func (m *networkQoSManager) cleanupStatus(networkQoS *networkqosapi.NetworkQoS, applyOpts *metav1.ApplyOptions) error {
+	applyObj := networkqosapply.NetworkQoS(networkQoS.Name, networkQoS.Namespace).
+		WithStatus(networkqosapply.Status())
+
+	_, err := m.client.K8sV1alpha1().NetworkQoSes(networkQoS.Namespace).ApplyStatus(context.TODO(), applyObj, *applyOpts)
+	return err
+}

go-controller/pkg/clustermanager/status_manager/status_manager.go

@@ -20,6 +20,7 @@ import (
 	adminpolicybasedrouteapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/adminpolicybasedroute/v1"
 	egressfirewallapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/egressfirewall/v1"
 	egressqosapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/egressqos/v1"
+	networkqosapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/factory"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/util"
@@ -203,6 +204,16 @@ func NewStatusManager(wf *factory.WatchFactory, ovnClient *util.OVNClusterManage
 		)
 		sm.typedManagers["egressqoses"] = egressQoSManager
 	}
+	if config.OVNKubernetesFeature.EnableNetworkQoS {
+		networkQoSManager := newStatusManager[networkqosapi.NetworkQoS](
+			"networkqoses_statusmanager",
+			wf.NetworkQoSInformer().Informer(),
+			wf.NetworkQoSInformer().Lister().List,
+			newNetworkQoSManager(wf.NetworkQoSInformer().Lister(), ovnClient.NetworkQoSClient),
+			sm.withZonesRLock,
+		)
+		sm.typedManagers["networkqoses"] = networkQoSManager
+	}
 	return sm
 }
 

go-controller/pkg/clustermanager/status_manager/status_manager_test.go

@@ -21,12 +21,14 @@ import (
 	adminpolicybasedrouteapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/adminpolicybasedroute/v1"
 	egressfirewallapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/egressfirewall/v1"
 	egressqosapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/egressqos/v1"
+	networkqosapi "github.com/ovn-org/ovn-kubernetes/go-controller/pkg/crd/networkqos/v1alpha1"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/factory"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/types"
 	"github.com/ovn-org/ovn-kubernetes/go-controller/pkg/util"
 
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
+	networkingv1 "k8s.io/api/networking/v1"
 )
 
 func getNodeWithZone(nodeName, zoneName string) *corev1.Node {
@@ -203,6 +205,72 @@ func checkEmptyEQStatusConsistently(egressQoS *egressqosapi.EgressQoS, fakeClien
 	}).Should(BeTrue(), "expected Status to be consistently empty")
 }
 
+func newNetworkQoS(namespace string) *networkqosapi.NetworkQoS {
+	return &networkqosapi.NetworkQoS{
+		ObjectMeta: util.NewObjectMeta("default", namespace),
+		Spec: networkqosapi.Spec{
+			NetworkAttachmentRefs: []v1.ObjectReference{
+				{
+					Kind:      "NetworkAttachmentDefinition",
+					Namespace: "default",
+					Name:      "stream",
+				},
+			},
+			Priority: 100,
+			Egress: []networkqosapi.Rule{
+				{
+					DSCP: 60,
+					Classifier: networkqosapi.Classifier{
+						To: []networkqosapi.Destination{
+							{
+								IPBlock: &networkingv1.IPBlock{
+									CIDR: "1.2.3.4/32",
+								},
+							},
+						},
+					},
+					Bandwidth: networkqosapi.Bandwidth{
+						Rate:  100,
+						Burst: 1000,
+					},
+				},
+			},
+		},
+	}
+}
+
+func updateNetworkQoSStatus(networkQoS *networkqosapi.NetworkQoS, status *networkqosapi.Status,
+	fakeClient *util.OVNClusterManagerClientset) {
+	networkQoS.Status = *status
+	_, err := fakeClient.NetworkQoSClient.K8sV1alpha1().NetworkQoSes(networkQoS.Namespace).
+		Update(context.TODO(), networkQoS, metav1.UpdateOptions{})
+	Expect(err).ToNot(HaveOccurred())
+}
+
+func checkNQStatusEventually(networkQoS *networkqosapi.NetworkQoS, expectFailure bool, expectEmpty bool, fakeClient *util.OVNClusterManagerClientset) {
+	Eventually(func() bool {
+		eq, err := fakeClient.NetworkQoSClient.K8sV1alpha1().NetworkQoSes(networkQoS.Namespace).
+			Get(context.TODO(), networkQoS.Name, metav1.GetOptions{})
+		Expect(err).NotTo(HaveOccurred())
+		if expectFailure {
+			return strings.Contains(eq.Status.Status, types.NetworkQoSErrorMsg)
+		} else if expectEmpty {
+			return eq.Status.Status == ""
+		} else {
+			return strings.Contains(eq.Status.Status, "applied")
+		}
+	}).Should(BeTrue(), fmt.Sprintf("expected network QoS status with expectFailure=%v expectEmpty=%v", expectFailure, expectEmpty))
+}
+
+func checkEmptyNQStatusConsistently(networkQoS *networkqosapi.NetworkQoS, fakeClient *util.OVNClusterManagerClientset) {
+	Consistently(func() bool {
+		ef, err := fakeClient.NetworkQoSClient.K8sV1alpha1().NetworkQoSes(networkQoS.Namespace).
+			Get(context.TODO(), networkQoS.Name, metav1.GetOptions{})
+		Expect(err).NotTo(HaveOccurred())
+		return ef.Status.Status == ""
+	}).Should(BeTrue(), "expected Status to be consistently empty")
+}
+
 var _ = Describe("Cluster Manager Status Manager", func() {
 	var (
 		statusManager *StatusManager
@@ -505,4 +573,96 @@ var _ = Describe("Cluster Manager Status Manager", func() {
 			return atomic.LoadUint32(&banpWerePatched)
 		}).Should(Equal(uint32(2)))
 	})
+
+	It("updates NetworkQoS status with 1 zone", func() {
+		config.OVNKubernetesFeature.EnableNetworkQoS = true
+		zones := sets.New[string]("zone1")
+		namespace1 := util.NewNamespace(namespace1Name)
+		networkQoS := newNetworkQoS(namespace1.Name)
+		start(zones, namespace1, networkQoS)
+		updateNetworkQoSStatus(networkQoS, &networkqosapi.Status{
+			Conditions: []metav1.Condition{{
+				Type:    "Ready-In-Zone-zone1",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}},
+		}, fakeClient)
+
+		checkNQStatusEventually(networkQoS, false, false, fakeClient)
+	})
+
+	It("updates NetworkQoS status with 2 zones", func() {
+		config.OVNKubernetesFeature.EnableNetworkQoS = true
+		zones := sets.New[string]("zone1", "zone2")
+		namespace1 := util.NewNamespace(namespace1Name)
+		networkQoS := newNetworkQoS(namespace1.Name)
+		start(zones, namespace1, networkQoS)
+
+		updateNetworkQoSStatus(networkQoS, &networkqosapi.Status{
+			Conditions: []metav1.Condition{{
+				Type:    "Ready-In-Zone-zone1",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}},
+		}, fakeClient)
+
+		checkEmptyNQStatusConsistently(networkQoS, fakeClient)
+
+		updateNetworkQoSStatus(networkQoS, &networkqosapi.Status{
+			Conditions: []metav1.Condition{{
+				Type:    "Ready-In-Zone-zone1",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}, {
+				Type:    "Ready-In-Zone-zone2",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}},
+		}, fakeClient)
+		checkNQStatusEventually(networkQoS, false, false, fakeClient)
+
+	})
+
+	It("updates NetworkQoS status with UnknownZone", func() {
+		config.OVNKubernetesFeature.EnableNetworkQoS = true
+		zones := sets.New[string]("zone1", zone_tracker.UnknownZone)
+		namespace1 := util.NewNamespace(namespace1Name)
+		networkQoS := newNetworkQoS(namespace1.Name)
+		start(zones, namespace1, networkQoS)
+
+		// no matter how many messages are in the status, it won't be updated while UnknownZone is present
+		updateNetworkQoSStatus(networkQoS, &networkqosapi.Status{
+			Conditions: []metav1.Condition{{
+				Type:    "Ready-In-Zone-zone1",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}},
+		}, fakeClient)
+		checkEmptyNQStatusConsistently(networkQoS, fakeClient)
+
+		// when UnknownZone is removed, updates will be handled, but status from the new zone is not reported yet
+		statusManager.onZoneUpdate(sets.New[string]("zone1", "zone2"))
+		checkEmptyNQStatusConsistently(networkQoS, fakeClient)
+		// when new zone status is reported, status will be set
+		updateNetworkQoSStatus(networkQoS, &networkqosapi.Status{
+			Conditions: []metav1.Condition{{
+				Type:    "Ready-In-Zone-zone1",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}, {
+				Type:    "Ready-In-Zone-zone2",
+				Status:  metav1.ConditionTrue,
+				Reason:  "SetupSucceeded",
+				Message: "NetworkQoS Destinations applied",
+			}},
+		}, fakeClient)
+		checkNQStatusEventually(networkQoS, false, false, fakeClient)
+	})
+
 })

go-controller/pkg/config/config.go

@@ -432,6 +432,7 @@ type OVNKubernetesFeatureConfig struct {
 	EnableDNSNameResolver        bool `gcfg:"enable-dns-name-resolver"`
 	EnableServiceTemplateSupport bool `gcfg:"enable-svc-template-support"`
 	EnableObservability          bool `gcfg:"enable-observability"`
+	EnableNetworkQoS             bool `gcfg:"enable-network-qos"`
 }
 
 // GatewayMode holds the node gateway mode

go-controller/pkg/controllermanager/controller_manager.go

@@ -210,6 +210,7 @@ func NewControllerManager(ovnClient *util.OVNClientset, wf *factory.WatchFactory
 			APBRouteClient:       ovnClient.AdminPolicyRouteClient,
 			EgressQoSClient:      ovnClient.EgressQoSClient,
 			IPAMClaimsClient:     ovnClient.IPAMClaimsClient,
+			NetworkQoSClient:     ovnClient.NetworkQoSClient,
 		},
 		stopChan:         stopCh,
 		watchFactory:     wf,

go-controller/pkg/factory/factory.go

@@ -151,6 +151,7 @@ func (wf *WatchFactory) ShallowClone() *WatchFactory {
 		udnFactory:           wf.udnFactory,
 		raFactory:            wf.raFactory,
 		frrFactory:           wf.frrFactory,
+		networkQoSFactory:    wf.networkQoSFactory,
 		informers:            wf.informers,
 		stopChan:             wf.stopChan,
 
@@ -514,7 +515,8 @@ func NewOVNKubeControllerWatchFactory(ovnClientset *util.OVNKubeControllerClient
 	}
 
 	if config.OVNKubernetesFeature.EnableNetworkQoS {
-		wf.informers[NetworkQoSType], err = newInformer(NetworkQoSType, wf.networkQoSFactory.K8s().V1().NetworkQoSes().Informer())
+		wf.informers[NetworkQoSType], err = newQueuedInformer(eventQueueSize, NetworkQoSType,
+			wf.networkQoSFactory.K8s().V1().NetworkQoSes().Informer(), wf.stopChan, minNumEventQueues)
 		if err != nil {
 			return nil, err
 		}
@@ -627,6 +629,15 @@ func (wf *WatchFactory) Start() error {
 		}
 	}
 
+	if config.OVNKubernetesFeature.EnableNetworkQoS && wf.networkQoSFactory != nil {
+		wf.networkQoSFactory.Start(wf.stopChan)
+		for oType, synced := range waitForCacheSyncWithTimeout(wf.networkQoSFactory, wf.stopChan) {
+			if !synced {
+				return fmt.Errorf("error in syncing cache for %v informer", oType)
+			}
+		}
+	}
+
 	if util.IsNetworkSegmentationSupportEnabled() && wf.udnFactory != nil {
 		wf.udnFactory.Start(wf.stopChan)
 		for oType, synced := range waitForCacheSyncWithTimeout(wf.udnFactory, wf.stopChan) {
@@ -1181,6 +1192,10 @@ func getObjectMeta(objType reflect.Type, obj interface{}) (*metav1.ObjectMeta, e
 		if cudn, ok := obj.(*userdefinednetworkapi.ClusterUserDefinedNetwork); ok {
 			return &cudn.ObjectMeta, nil
 		}
+	case NetworkQoSType:
+		if networkQoS, ok := obj.(*networkqosapi.NetworkQoS); ok {
+			return &networkQoS.ObjectMeta, nil
+		}
 	}
 
 	return nil, fmt.Errorf("cannot get ObjectMeta from type %v", objType)

go-controller/pkg/factory/factory_test.go

@@ -230,11 +230,17 @@ func newNetworkQoS(name, namespace string) *networkqos.NetworkQoS {
 	return &networkqos.NetworkQoS{
 		ObjectMeta: newObjectMeta(name, namespace),
 		Spec: networkqos.Spec{
-			NetworkAttachmentName: "default/stream",
+			NetworkAttachmentRefs: []v1.ObjectReference{
+				{
+					Kind:      "NetworkAttachmentDefinition",
+					Namespace: "default",
+					Name:      "stream",
+				},
+			},
+			Priority: 100,
 			Egress: []networkqos.Rule{
 				{
-					Priority: 100,
-					DSCP:     50,
+					DSCP: 50,
 					Classifier: networkqos.Classifier{
 						To: []networkqos.Destination{
 							{