Implement support for limited resources in quota

2025-09-25 12:17:52 +00:00 · 2017-02-18 12:10:22 -05:00
parent 8575978d7a
commit 3fad0cb52a
8 changed files with 548 additions and 31 deletions
--- a/test/integration/quota/quota_test.go
+++ b/test/integration/quota/quota_test.go
@@ -35,7 +35,7 @@ import (
 	"k8s.io/client-go/tools/record"
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/v1"
-	"k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
+	clientset "k8s.io/kubernetes/pkg/client/clientset_generated/clientset"
 	"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 	informers "k8s.io/kubernetes/pkg/client/informers/informers_generated/externalversions"
 	"k8s.io/kubernetes/pkg/controller"
@@ -44,6 +44,7 @@ import (
 	kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
 	quotainstall "k8s.io/kubernetes/pkg/quota/install"
 	"k8s.io/kubernetes/plugin/pkg/admission/resourcequota"
+	resourcequotaapi "k8s.io/kubernetes/plugin/pkg/admission/resourcequota/apis/resourcequota"
 	"k8s.io/kubernetes/test/integration/framework"
 )

@@ -65,7 +66,8 @@ func TestQuota(t *testing.T) {
 	admissionCh := make(chan struct{})
 	clientset := clientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: &api.Registry.GroupOrDie(v1.GroupName).GroupVersion}})
 	internalClientset := internalclientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: &api.Registry.GroupOrDie(v1.GroupName).GroupVersion}})
-	admission, err := resourcequota.NewResourceQuota(quotainstall.NewRegistry(nil, nil), 5, admissionCh)
+	config := &resourcequotaapi.Configuration{}
+	admission, err := resourcequota.NewResourceQuota(quotainstall.NewRegistry(nil, nil), config, 5, admissionCh)
 	if err != nil {
 		t.Fatalf("unexpected error: %v", err)
 	}
@@ -226,3 +228,108 @@ func scale(t *testing.T, namespace string, clientset *clientset.Clientset) {
 		t.Fatalf("unexpected error: %v, ended with %v pods", err, len(pods.Items))
 	}
 }
+
+func TestQuotaLimitedResourceDenial(t *testing.T) {
+	// Set up a master
+	h := &framework.MasterHolder{Initialized: make(chan struct{})}
+	s := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) {
+		<-h.Initialized
+		h.M.GenericAPIServer.Handler.ServeHTTP(w, req)
+	}))
+	defer s.Close()
+
+	admissionCh := make(chan struct{})
+	clientset := clientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: &api.Registry.GroupOrDie(v1.GroupName).GroupVersion}})
+	internalClientset := internalclientset.NewForConfigOrDie(&restclient.Config{QPS: -1, Host: s.URL, ContentConfig: restclient.ContentConfig{GroupVersion: &api.Registry.GroupOrDie(v1.GroupName).GroupVersion}})
+
+	// stop creation of a pod resource unless there is a quota
+	config := &resourcequotaapi.Configuration{
+		LimitedResources: []resourcequotaapi.LimitedResource{
+			{
+				Resource:      "pods",
+				MatchContains: []string{"pods"},
+			},
+		},
+	}
+	admission, err := resourcequota.NewResourceQuota(quotainstall.NewRegistry(nil, nil), config, 5, admissionCh)
+	if err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+	admission.(kubeadmission.WantsInternalClientSet).SetInternalClientSet(internalClientset)
+	defer close(admissionCh)
+
+	masterConfig := framework.NewIntegrationTestMasterConfig()
+	masterConfig.GenericConfig.AdmissionControl = admission
+	framework.RunAMasterUsingServer(masterConfig, s, h)
+
+	ns := framework.CreateTestingNamespace("quota", s, t)
+	defer framework.DeleteTestingNamespace(ns, s, t)
+
+	controllerCh := make(chan struct{})
+	defer close(controllerCh)
+
+	informers := informers.NewSharedInformerFactory(clientset, controller.NoResyncPeriodFunc())
+	rm := replicationcontroller.NewReplicationManager(
+		informers.Core().V1().Pods(),
+		informers.Core().V1().ReplicationControllers(),
+		clientset,
+		replicationcontroller.BurstReplicas,
+		4096,
+		false,
+	)
+	rm.SetEventRecorder(&record.FakeRecorder{})
+	go rm.Run(3, controllerCh)
+
+	resourceQuotaRegistry := quotainstall.NewRegistry(clientset, nil)
+	groupKindsToReplenish := []schema.GroupKind{
+		api.Kind("Pod"),
+	}
+	resourceQuotaControllerOptions := &resourcequotacontroller.ResourceQuotaControllerOptions{
+		KubeClient:                clientset,
+		ResourceQuotaInformer:     informers.Core().V1().ResourceQuotas(),
+		ResyncPeriod:              controller.NoResyncPeriodFunc,
+		Registry:                  resourceQuotaRegistry,
+		GroupKindsToReplenish:     groupKindsToReplenish,
+		ReplenishmentResyncPeriod: controller.NoResyncPeriodFunc,
+		ControllerFactory:         resourcequotacontroller.NewReplenishmentControllerFactory(informers),
+	}
+	go resourcequotacontroller.NewResourceQuotaController(resourceQuotaControllerOptions).Run(2, controllerCh)
+	informers.Start(controllerCh)
+
+	// try to create a pod
+	pod := &v1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "foo",
+			Namespace: ns.Name,
+		},
+		Spec: v1.PodSpec{
+			Containers: []v1.Container{
+				{
+					Name:  "container",
+					Image: "busybox",
+				},
+			},
+		},
+	}
+	if _, err := clientset.Core().Pods(ns.Name).Create(pod); err == nil {
+		t.Fatalf("expected error for insufficient quota")
+	}
+
+	// now create a covering quota
+	quota := &v1.ResourceQuota{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "quota",
+			Namespace: ns.Name,
+		},
+		Spec: v1.ResourceQuotaSpec{
+			Hard: v1.ResourceList{
+				v1.ResourcePods: resource.MustParse("1000"),
+			},
+		},
+	}
+	waitForQuota(t, quota, clientset)
+
+	if _, err := clientset.Core().Pods(ns.Name).Create(pod); err != nil {
+		t.Fatalf("unexpected error: %v", err)
+	}
+}