peerpodconfig: Make the limit as per node

This patch changes the peer-pod limit to be per-node instead of
per cluster to align with the semantics of per node pod limits

Fixes: confidential-containers#1335

Signed-off-by: Pradipta Banerjee <[email protected]>

peerpodconfig-ctrl/api/v1alpha1/peerpodconfig_types.go

@@ -28,7 +28,7 @@ type PeerPodConfigSpec struct {
 	// InstanceType describes the name of the instance type of the chosen cloud provider
 	InstanceType string `json:"instanceType,omitempty"`
 
-	// Limit is the max number of peer pods. This is exposed as extended resource on nodes
+	// Limit is the max number of peer pods per node. This is exposed as extended resource on the node
 	Limit string `json:"limit,omitempty"`
 
 	// CloudSecretName is the name of the secret that holds the credentials for the cloud provider

peerpodconfig-ctrl/config/crd/bases/confidentialcontainers.org_peerpodconfigs.yaml

@@ -50,8 +50,8 @@ spec:
                   of the chosen cloud provider
                 type: string
               limit:
-                description: Limit is the max number of peer pods. This is exposed
-                  as extended resource on nodes
+                description: Limit is the max number of peer pods per node. This is
+                  exposed as extended resource on the node
                 type: string
               nodeSelector:
                 additionalProperties:

peerpodconfig-ctrl/controllers/peerpodconfig_controller.go

@@ -19,9 +19,9 @@ package controllers
 import (
 	"context"
 	"encoding/json"
+	"fmt"
 	"os"
 	"path"
-	"strconv"
 	"strings"
 
 	"github.com/go-logr/logr"
@@ -48,6 +48,7 @@ const (
 	CloudApiAdaptorImageEnvName = "RELATED_IMAGE_CAA"
 	DefaultCloudApiAdaptorImage = "quay.io/confidential-containers/cloud-api-adaptor"
 	defaultNodeSelectorLabel    = "node.kubernetes.io/worker"
+	defaultPeerPodsLimitPerNode = "1"
 )
 
 // PeerPodConfigReconciler reconciles a PeerPodConfig object
@@ -316,26 +317,27 @@ func (r *PeerPodConfigReconciler) advertiseExtendedResources() error {
 		return nil
 	}
 
-	// FIXME distribute remainder among nodes
-	var limitInt int64
-	limitInt, err = strconv.ParseInt(r.peerPodConfig.Spec.Limit, 0, 64)
-	if err != nil {
-		r.Log.Error(err, "spec.Limit in PeerPodConfig must be an integer")
+	// Parse limit from PeerPodConfig.Spec.Limit.
+	// If not set or in case of error, use defaultPeerPodsLimitPerNode
+	limitPerNode := defaultPeerPodsLimitPerNode
+	if r.peerPodConfig.Spec.Limit != "" {
+		limitPerNode = r.peerPodConfig.Spec.Limit
 	}
 
-	limitPerNode := limitInt / int64(len(nodesList.Items))
+	patch := append([]JsonPatch{}, NewJsonPatch("add", "/status/capacity", "kata.peerpods.io~1vm", limitPerNode))
+
+	cli, err := r.GetClient()
+	if err != nil {
+		return fmt.Errorf("failed to get k8s client: %v", err)
+	}
 
 	for _, node := range nodesList.Items {
-		patches := append([]JsonPatch{}, NewJsonPatch("add", "/status/capacity", "kata.peerpods.io~1vm",
-			strconv.Itoa(int(limitPerNode))))
-		cli, err := r.GetClient()
-		if err != nil {
-			r.Log.Error(err, "failed to get k8s client")
-		}
-		err = r.PatchNodeStatus(cli, node.Name, patches)
+		err = r.PatchNodeStatus(cli, node.Name, patch)
 		if err != nil {
-			r.Log.Error(err, "Failed to set extended resource for node", "node name", node.Name)
+			r.Log.Info("Failed to set extended resource for node", "node name", node.Name)
+			continue
 		}
+		r.Log.Info("Successfully set extended resource for node", "node name", node.Name)
 	}
 	return nil
 }