ResourceQuota add object count support for secret and volume claims

2025-07-27 05:27:21 +00:00 · 2015-04-08 17:03:56 -04:00 · 2015-04-08 17:03:56 -04:00 · 06eb45fb75
commit 06eb45fb75
parent a3e8e80572
11 changed files with 85 additions and 2 deletions
--- a/docs/resource_quota_admin.md
+++ b/docs/resource_quota_admin.md
@ -25,6 +25,8 @@ are supported:
 | services | Total number of services |
 | replicationcontrollers | Total number of replication controllers |
 | resourcequotas | Total number of resource quotas |
 | secrets | Total number of secrets |
 | persistentvolumeclaims | Total number of persistent volume claims |
 For example, `pods` quota counts and enforces a maximum on the number of `pods`
 created in a single namespace.
--- a/examples/resourcequota/resource-quota.json
+++ b/examples/resourcequota/resource-quota.json
@ -10,6 +10,8 @@
      "services": "5",
      "replicationcontrollers":"20",
      "resourcequotas":"1",
-    },
+      "secrets":"10",
      "persistentvolumeclaims":"10"      
    }
  }
 }
--- a/examples/resourcequota/v1beta3/resource-quota.json
+++ b/examples/resourcequota/v1beta3/resource-quota.json
@ -11,7 +11,9 @@
      "pods": "10",
      "services": "5",
      "replicationcontrollers":"20",
-      "resourcequotas":"1"
+      "resourcequotas":"1",
      "secrets":"10",
      "persistentvolumeclaims":"10"
    }
  }
 }
--- a/pkg/api/helpers.go
+++ b/pkg/api/helpers.go
@ -80,6 +80,8 @@ var standardResources = util.NewStringSet(
 	string(ResourceQuotas),
 	string(ResourceServices),
 	string(ResourceReplicationControllers),
 	string(ResourceSecrets),
 	string(ResourcePersistentVolumeClaims),
 	string(ResourceStorage))
 func IsStandardResourceName(str string) bool {
--- a/pkg/api/types.go
+++ b/pkg/api/types.go
@ -1705,6 +1705,10 @@ const (
 	ResourceReplicationControllers ResourceName = "replicationcontrollers"
 	// ResourceQuotas, number
 	ResourceQuotas ResourceName = "resourcequotas"
 	// ResourceSecrets, number
 	ResourceSecrets ResourceName = "secrets"
 	// ResourcePersistentVolumeClaims, number
 	ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims"
 )
 // ResourceQuotaSpec defines the desired hard limits to enforce for Quota
--- a/pkg/api/v1beta1/types.go
+++ b/pkg/api/v1beta1/types.go
@ -1503,6 +1503,10 @@ const (
 	ResourceReplicationControllers ResourceName = "replicationcontrollers"
 	// ResourceQuotas, number
 	ResourceQuotas ResourceName = "resourcequotas"
 	// ResourceSecrets, number
 	ResourceSecrets ResourceName = "secrets"
 	// ResourcePersistentVolumeClaims, number
 	ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims"
 )
 // ResourceQuotaSpec defines the desired hard limits to enforce for Quota
--- a/pkg/api/v1beta2/types.go
+++ b/pkg/api/v1beta2/types.go
@ -1578,6 +1578,10 @@ const (
 	ResourceReplicationControllers ResourceName = "replicationcontrollers"
 	// ResourceQuotas, number
 	ResourceQuotas ResourceName = "resourcequotas"
 	// ResourceSecrets, number
 	ResourceSecrets ResourceName = "secrets"
 	// ResourcePersistentVolumeClaims, number
 	ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims"
 )
 // ResourceQuotaSpec defines the desired hard limits to enforce for Quota
--- a/pkg/api/v1beta3/types.go
+++ b/pkg/api/v1beta3/types.go
@ -1606,6 +1606,10 @@ const (
 	ResourceReplicationControllers ResourceName = "replicationcontrollers"
 	// ResourceQuotas, number
 	ResourceQuotas ResourceName = "resourcequotas"
 	// ResourceSecrets, number
 	ResourceSecrets ResourceName = "secrets"
 	// ResourcePersistentVolumeClaims, number
 	ResourcePersistentVolumeClaims ResourceName = "persistentvolumeclaims"
 )
 // ResourceQuotaSpec defines the desired hard limits to enforce for Quota
--- a/pkg/resourcequota/resource_quota_controller.go
+++ b/pkg/resourcequota/resource_quota_controller.go
@ -23,6 +23,7 @@ import (
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/client"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/fields"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/labels"
 	"github.com/GoogleCloudPlatform/kubernetes/pkg/util"
 	"github.com/golang/glog"
@ -199,6 +200,18 @@ func (rm *ResourceQuotaManager) syncResourceQuota(quota api.ResourceQuota) (err
 				return err
 			}
 			value = resource.NewQuantity(int64(len(items.Items)), resource.DecimalSI)
 		case api.ResourceSecrets:
 			items, err := rm.kubeClient.Secrets(usage.Namespace).List(labels.Everything(), fields.Everything())
 			if err != nil {
 				return err
 			}
 			value = resource.NewQuantity(int64(len(items.Items)), resource.DecimalSI)
 		case api.ResourcePersistentVolumeClaims:
 			items, err := rm.kubeClient.PersistentVolumeClaims(usage.Namespace).List(labels.Everything(), fields.Everything())
 			if err != nil {
 				return err
 			}
 			value = resource.NewQuantity(int64(len(items.Items)), resource.DecimalSI)
 		}
 		// ignore fields we do not understand (assume another controller is tracking it)
--- a/plugin/pkg/admission/resourcequota/admission.go
+++ b/plugin/pkg/admission/resourcequota/admission.go
@ -62,6 +62,8 @@ var resourceToResourceName = map[string]api.ResourceName{
 	"services":               api.ResourceServices,
 	"replicationControllers": api.ResourceReplicationControllers,
 	"resourceQuotas":         api.ResourceQuotas,
 	"secrets":                api.ResourceSecrets,
 	"persistentVolumeClaims": api.ResourcePersistentVolumeClaims,
 }
 func (q *quota) Admit(a admission.Attributes) (err error) {
--- a/plugin/pkg/admission/resourcequota/admission_test.go
+++ b/plugin/pkg/admission/resourcequota/admission_test.go
@ -355,3 +355,47 @@ func TestExceedUsageReplicationControllers(t *testing.T) {
 		t.Errorf("Expected error for exceeding hard limits")
 	}
 }
 func TestExceedUsageSecrets(t *testing.T) {
 	namespace := "default"
 	client := testclient.NewSimpleFake(&api.SecretList{
 		Items: []api.Secret{
 			{
 				ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace},
 			},
 		},
 	})
 	status := &api.ResourceQuotaStatus{
 		Hard: api.ResourceList{},
 		Used: api.ResourceList{},
 	}
 	r := api.ResourceSecrets
 	status.Hard[r] = resource.MustParse("1")
 	status.Used[r] = resource.MustParse("1")
 	_, err := IncrementUsage(admission.NewAttributesRecord(&api.Secret{}, "Secret", namespace, "secrets", "CREATE"), status, client)
 	if err == nil {
 		t.Errorf("Expected error for exceeding hard limits")
 	}
 }
 func TestExceedUsagePersistentVolumeClaims(t *testing.T) {
 	namespace := "default"
 	client := testclient.NewSimpleFake(&api.PersistentVolumeClaimList{
 		Items: []api.PersistentVolumeClaim{
 			{
 				ObjectMeta: api.ObjectMeta{Name: "123", Namespace: namespace},
 			},
 		},
 	})
 	status := &api.ResourceQuotaStatus{
 		Hard: api.ResourceList{},
 		Used: api.ResourceList{},
 	}
 	r := api.ResourcePersistentVolumeClaims
 	status.Hard[r] = resource.MustParse("1")
 	status.Used[r] = resource.MustParse("1")
 	_, err := IncrementUsage(admission.NewAttributesRecord(&api.PersistentVolumeClaim{}, "PersistentVolumeClaim", namespace, "persistentVolumeClaims", "CREATE"), status, client)
 	if err == nil {
 		t.Errorf("Expected error for exceeding hard limits")
 	}
 }