Reject affinity update on running cluster

Author: Damans227

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterEventTypes.java

@@ -25,4 +25,5 @@ public class KubernetesClusterEventTypes {
     public static final String EVENT_KUBERNETES_CLUSTER_UPGRADE = "KUBERNETES.CLUSTER.UPGRADE";
     public static final String EVENT_KUBERNETES_CLUSTER_NODES_ADD = "KUBERNETES.CLUSTER.NODES.ADD";
     public static final String EVENT_KUBERNETES_CLUSTER_NODES_REMOVE = "KUBERNETES.CLUSTER.NODES.REMOVE";
+    public static final String EVENT_KUBERNETES_CLUSTER_AFFINITY_UPDATE = "KUBERNETES.CLUSTER.AFFINITY.UPDATE";
 }

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterManagerImpl.java

@@ -58,6 +58,7 @@
 import org.apache.cloudstack.acl.SecurityChecker;
 import org.apache.cloudstack.affinity.AffinityGroupVO;
 import org.apache.cloudstack.affinity.dao.AffinityGroupDao;
+import org.apache.cloudstack.affinity.dao.AffinityGroupVMMapDao;
 import org.apache.cloudstack.annotation.AnnotationService;
 import org.apache.cloudstack.annotation.dao.AnnotationDao;
 import org.apache.cloudstack.api.ApiCommandResourceType;
@@ -86,6 +87,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StartKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StopKubernetesClusterCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpdateKubernetesClusterAffinityGroupCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpgradeKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.AssignToLoadBalancerRuleCmd;
 import org.apache.cloudstack.api.command.user.loadbalancer.CreateLoadBalancerRuleCmd;
@@ -332,6 +334,8 @@ public class KubernetesClusterManagerImpl extends ManagerBase implements Kuberne
     @Inject
     protected AffinityGroupDao affinityGroupDao;
     @Inject
+    protected AffinityGroupVMMapDao affinityGroupVMMapDao;
+    @Inject
     protected ServiceOfferingDao serviceOfferingDao;
     @Inject
     protected UserDataDao userDataDao;
@@ -952,7 +956,7 @@ protected void setNodeTypeAffinityGroupResponse(KubernetesClusterResponse respon
 
     protected void setAffinityGroupResponseForNodeType(KubernetesClusterResponse response, long clusterId, String nodeType) {
         List<Long> affinityGroupIds = kubernetesClusterAffinityGroupMapDao.listAffinityGroupIdsByClusterIdAndNodeType(clusterId, nodeType);
-        if (affinityGroupIds == null || affinityGroupIds.isEmpty()) {
+        if (CollectionUtils.isEmpty(affinityGroupIds)) {
             return;
         }
         List<String> affinityGroupUuids = new ArrayList<>();
@@ -2313,6 +2317,94 @@ public boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws
         return upgradeWorker.upgradeCluster();
     }
 
+    @Override
+    @ActionEvent(eventType = KubernetesClusterEventTypes.EVENT_KUBERNETES_CLUSTER_AFFINITY_UPDATE,
+            eventDescription = "updating Kubernetes cluster affinity groups")
+    public boolean updateKubernetesClusterAffinityGroups(UpdateKubernetesClusterAffinityGroupCmd cmd) throws CloudRuntimeException {
+        if (!KubernetesServiceEnabled.value()) {
+            logAndThrow(Level.ERROR, "Kubernetes Service plugin is disabled");
+        }
+        KubernetesClusterVO kubernetesCluster = validateClusterForAffinityGroupUpdate(cmd.getId());
+        Map<String, List<Long>> affinityGroupNodeTypeMap = cmd.getAffinityGroupNodeTypeMap();
+        validateNodeAffinityGroups(affinityGroupNodeTypeMap, kubernetesCluster.getAccountId());
+
+        final Long clusterId = kubernetesCluster.getId();
+        Transaction.execute(new TransactionCallbackNoReturn() {
+            @Override
+            public void doInTransactionWithoutResult(TransactionStatus status) {
+                kubernetesClusterAffinityGroupMapDao.removeByClusterId(clusterId);
+                persistAffinityGroupMappings(clusterId, affinityGroupNodeTypeMap);
+                syncVmAffinityGroups(clusterId, affinityGroupNodeTypeMap);
+            }
+        });
+        logger.info("Updated affinity groups for Kubernetes cluster {}", kubernetesCluster.getName());
+        return true;
+    }
+
+    private KubernetesClusterVO validateClusterForAffinityGroupUpdate(Long clusterId) {
+        KubernetesClusterVO kubernetesCluster = kubernetesClusterDao.findById(clusterId);
+        if (Objects.isNull(kubernetesCluster) || Objects.nonNull(kubernetesCluster.getRemoved())) {
+            throw new InvalidParameterValueException("Invalid Kubernetes cluster ID");
+        }
+        if (!KubernetesCluster.ClusterType.CloudManaged.equals(kubernetesCluster.getClusterType())) {
+            throw new InvalidParameterValueException("Affinity groups can only be updated for CloudManaged Kubernetes clusters");
+        }
+        if (!KubernetesCluster.State.Stopped.equals(kubernetesCluster.getState())) {
+            throw new InvalidParameterValueException(String.format(
+                    "Kubernetes cluster %s must be stopped before updating affinity groups (current state: %s)",
+                    kubernetesCluster.getName(), kubernetesCluster.getState()));
+        }
+        accountManager.checkAccess(CallContext.current().getCallingAccount(),
+                SecurityChecker.AccessType.OperateEntry, false, kubernetesCluster);
+        return kubernetesCluster;
+    }
+
+    private void validateNodeAffinityGroups(Map<String, List<Long>> affinityGroupNodeTypeMap, long ownerAccountId) {
+        if (MapUtils.isEmpty(affinityGroupNodeTypeMap)) {
+            return;
+        }
+        Account owner = accountDao.findById(ownerAccountId);
+        for (List<Long> affinityGroupIds : affinityGroupNodeTypeMap.values()) {
+            for (Long affinityGroupId : affinityGroupIds) {
+                AffinityGroupVO affinityGroup = affinityGroupDao.findById(affinityGroupId);
+                if (Objects.isNull(affinityGroup)) {
+                    throw new InvalidParameterValueException("Unable to find affinity group with ID: " + affinityGroupId);
+                }
+                if (affinityGroup.getAccountId() != owner.getAccountId()) {
+                    throw new InvalidParameterValueException(String.format(
+                            "Affinity group %s does not belong to the cluster owner account %s",
+                            affinityGroup.getName(), owner.getAccountName()));
+                }
+            }
+        }
+    }
+
+    private void syncVmAffinityGroups(Long clusterId, Map<String, List<Long>> affinityGroupNodeTypeMap) {
+        List<KubernetesClusterVmMapVO> clusterVmMappings = kubernetesClusterVmMapDao.listByClusterId(clusterId);
+        if (CollectionUtils.isEmpty(clusterVmMappings)) {
+            return;
+        }
+        Map<String, List<Long>> nodeTypeAffinityMap = MapUtils.isEmpty(affinityGroupNodeTypeMap)
+                ? Collections.emptyMap() : affinityGroupNodeTypeMap;
+        for (KubernetesClusterVmMapVO clusterVmMapping : clusterVmMappings) {
+            if (clusterVmMapping.isExternalNode()) {
+                continue;
+            }
+            String nodeType = getNodeType(clusterVmMapping);
+            affinityGroupVMMapDao.updateMap(clusterVmMapping.getVmId(),
+                    nodeTypeAffinityMap.getOrDefault(nodeType, Collections.emptyList()));
+        }
+    }
+
+    private String getNodeType(KubernetesClusterVmMapVO clusterVmMapping) {
+        if (clusterVmMapping.isControlNode()) {
+            return CONTROL.name();
+        } else if (clusterVmMapping.isEtcdNode()) {
+            return ETCD.name();
+        }
+        return WORKER.name();
+    }
+
     private void updateNodeCount(KubernetesClusterVO kubernetesCluster) {
         List<KubernetesClusterVmMapVO> nodeList = kubernetesClusterVmMapDao.listByClusterId(kubernetesCluster.getId());
         kubernetesCluster.setControlNodeCount(nodeList.stream().filter(KubernetesClusterVmMapVO::isControlNode).count());
@@ -2664,6 +2756,7 @@ public List<Class<?>> getCommands() {
         cmdList.add(RemoveVirtualMachinesFromKubernetesClusterCmd.class);
         cmdList.add(AddNodesToKubernetesClusterCmd.class);
         cmdList.add(RemoveNodesFromKubernetesClusterCmd.class);
+        cmdList.add(UpdateKubernetesClusterAffinityGroupCmd.class);
         return cmdList;
     }
 

plugins/integrations/kubernetes-service/src/main/java/com/cloud/kubernetes/cluster/KubernetesClusterService.java

@@ -32,6 +32,7 @@
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.ScaleKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StartKubernetesClusterCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.StopKubernetesClusterCmd;
+import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpdateKubernetesClusterAffinityGroupCmd;
 import org.apache.cloudstack.api.command.user.kubernetes.cluster.UpgradeKubernetesClusterCmd;
 import org.apache.cloudstack.api.response.KubernetesClusterConfigResponse;
 import org.apache.cloudstack.api.response.KubernetesClusterResponse;
@@ -171,6 +172,8 @@ public interface KubernetesClusterService extends PluggableService, Configurable
 
     boolean upgradeKubernetesCluster(UpgradeKubernetesClusterCmd cmd) throws CloudRuntimeException;
 
+    boolean updateKubernetesClusterAffinityGroups(UpdateKubernetesClusterAffinityGroupCmd cmd) throws CloudRuntimeException;
+
     boolean addVmsToCluster(AddVirtualMachinesToKubernetesClusterCmd cmd);
 
     boolean addNodesToKubernetesCluster(AddNodesToKubernetesClusterCmd cmd);

plugins/integrations/kubernetes-service/src/main/java/org/apache/cloudstack/api/command/user/kubernetes/cluster/UpdateKubernetesClusterAffinityGroupCmd.java

@@ -0,0 +1,113 @@
+// Licensed to the Apache Software Foundation (ASF) under one
+// or more contributor license agreements.  See the NOTICE file
+// distributed with this work for additional information
+// regarding copyright ownership.  The ASF licenses this file
+// to you under the Apache License, Version 2.0 (the
+// "License"); you may not use this file except in compliance
+// with the License.  You may obtain a copy of the License at
+//
+//   http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing,
+// software distributed under the License is distributed on an
+// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+// KIND, either express or implied.  See the License for the
+// specific language governing permissions and limitations
+// under the License.
+package org.apache.cloudstack.api.command.user.kubernetes.cluster;
+
+import java.util.List;
+import java.util.Map;
+
+import javax.inject.Inject;
+
+import org.apache.cloudstack.acl.RoleType;
+import org.apache.cloudstack.acl.SecurityChecker;
+import org.apache.cloudstack.api.ACL;
+import org.apache.cloudstack.api.APICommand;
+import org.apache.cloudstack.api.ApiCommandResourceType;
+import org.apache.cloudstack.api.ApiConstants;
+import org.apache.cloudstack.api.ApiErrorCode;
+import org.apache.cloudstack.api.BaseCmd;
+import org.apache.cloudstack.api.Parameter;
+import org.apache.cloudstack.api.ResponseObject;
+import org.apache.cloudstack.api.ServerApiException;
+import org.apache.cloudstack.api.response.KubernetesClusterResponse;
+import org.apache.cloudstack.context.CallContext;
+
+import com.cloud.kubernetes.cluster.KubernetesCluster;
+import com.cloud.kubernetes.cluster.KubernetesClusterService;
+import com.cloud.kubernetes.cluster.KubernetesServiceHelper;
+import com.cloud.utils.exception.CloudRuntimeException;
+
+@APICommand(name = "updateKubernetesClusterAffinityGroups",
+        description = "Updates the affinity group mappings for a stopped Kubernetes cluster",
+        responseObject = KubernetesClusterResponse.class,
+        responseView = ResponseObject.ResponseView.Restricted,
+        entityType = {KubernetesCluster.class},
+        requestHasSensitiveInfo = false,
+        responseHasSensitiveInfo = true,
+        since = "4.23.0",
+        authorized = {RoleType.Admin, RoleType.ResourceAdmin, RoleType.DomainAdmin, RoleType.User})
+public class UpdateKubernetesClusterAffinityGroupCmd extends BaseCmd {
+
+    @Inject
+    public KubernetesClusterService kubernetesClusterService;
+    @Inject
+    protected KubernetesServiceHelper kubernetesServiceHelper;
+
+    /////////////////////////////////////////////////////
+    //////////////// API parameters /////////////////////
+    /////////////////////////////////////////////////////
+    @Parameter(name = ApiConstants.ID, type = CommandType.UUID, required = true,
+        entityType = KubernetesClusterResponse.class,
+        description = "The ID of the Kubernetes cluster")
+    private Long id;
+
+    @ACL(accessType = SecurityChecker.AccessType.UseEntry)
+    @Parameter(name = ApiConstants.NODE_TYPE_AFFINITY_GROUP_MAP, type = CommandType.MAP,
+            description = "Node Type to Affinity Group ID mapping. VMs of each node type will be added to the specified affinity group",
+            since = "4.23.0")
+    private Map<String, Map<String, String>> affinityGroupNodeTypeMap;
+
+    /////////////////////////////////////////////////////
+    /////////////////// Accessors ///////////////////////
+    /////////////////////////////////////////////////////
+
+    public Long getId() {
+        return id;
+    }
+
+    public Map<String, List<Long>> getAffinityGroupNodeTypeMap() {
+        return kubernetesServiceHelper.getAffinityGroupNodeTypeMap(affinityGroupNodeTypeMap);
+    }
+
+    @Override
+    public long getEntityOwnerId() {
+        return CallContext.current().getCallingAccount().getId();
+    }
+
+    @Override
+    public ApiCommandResourceType getApiResourceType() {
+        return ApiCommandResourceType.KubernetesCluster;
+    }
+
+    /////////////////////////////////////////////////////
+    /////////////// API Implementation///////////////////
+    /////////////////////////////////////////////////////
+
+    @Override
+    public void execute() throws ServerApiException {
+        try {
+            if (!kubernetesClusterService.updateKubernetesClusterAffinityGroups(this)) {
+                throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR,
+                        String.format("Failed to update affinity groups for Kubernetes cluster ID: %d", getId()));
+            }
+            final KubernetesClusterResponse response = kubernetesClusterService.createKubernetesClusterResponse(getId());
+            response.setResponseName(getCommandName());
+            setResponseObject(response);
+        } catch (CloudRuntimeException exception) {
+            throw new ServerApiException(ApiErrorCode.INTERNAL_ERROR, exception.getMessage());
+        }
+    }
+}

ui/src/config/section/compute.js

@@ -329,7 +329,7 @@ export default {
           docHelp: 'adminguide/virtual_machines.html#change-affinity-group-for-an-existing-vm',
           dataView: true,
           args: ['affinitygroupids'],
-          show: (record) => { return record.hypervisor !== 'External' && ['Stopped'].includes(record.state) && record.vmtype !== 'sharedfsvm' },
+          show: (record) => { return record.hypervisor !== 'External' && ['Stopped'].includes(record.state) && record.vmtype !== 'sharedfsvm' && record.vmtype !== 'cksnode' },
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ChangeAffinity'))),
           popup: true
         },
@@ -619,7 +619,7 @@ export default {
         },
         {
           api: 'scaleKubernetesCluster',
-          icon: 'swap-outlined',
+          icon: 'arrows-alt-outlined',
           label: 'label.kubernetes.cluster.scale',
           message: 'message.kubernetes.cluster.scale',
           docHelp: 'plugins/cloudstack-kubernetes-service.html#scaling-kubernetes-cluster',
@@ -628,6 +628,15 @@ export default {
           popup: true,
           component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ScaleKubernetesCluster.vue')))
         },
+        {
+          api: 'updateKubernetesClusterAffinityGroups',
+          icon: 'swap-outlined',
+          label: 'label.change.affinity',
+          dataView: true,
+          show: (record) => { return ['Stopped'].includes(record.state) && record.clustertype === 'CloudManaged' },
+          popup: true,
+          component: shallowRef(defineAsyncComponent(() => import('@/views/compute/ChangeKubernetesClusterAffinity.vue')))
+        },
         {
           api: 'upgradeKubernetesCluster',
           icon: 'plus-circle-outlined',