From 55501a6314222128c80da3e3daaea1923b17be31 Mon Sep 17 00:00:00 2001
From: Dawn Chen <dawnchen@google.com>
Date: Mon, 18 May 2015 17:55:56 -0700
Subject: [PATCH 1/2] Have default LimitRange created for cluster: 100m
 cpu.share per container

---
 cluster/saltbase/salt/kube-admission-controls/init.sls | 10 ++++++++++
 .../limit-range/limit-range.yaml                       |  9 +++++++++
 cluster/saltbase/salt/top.sls                          |  1 +
 3 files changed, 20 insertions(+)
 create mode 100644 cluster/saltbase/salt/kube-admission-controls/init.sls
 create mode 100644 cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml

diff --git a/cluster/saltbase/salt/kube-admission-controls/init.sls b/cluster/saltbase/salt/kube-admission-controls/init.sls
new file mode 100644
index 00000000000..55cfd017805
--- /dev/null
+++ b/cluster/saltbase/salt/kube-admission-controls/init.sls
@@ -0,0 +1,10 @@
+{% if 'LimitRanger' in pillar.get('admission_control', '') %}
+/etc/kubernetes/admission-controls/limit-range:
+  file.recurse:
+    - source: salt://kube-admission-controls/limit-range
+    - include_pat: E@(^.+\.yaml$|^.+\.json$)
+    - user: root
+    - group: root
+    - dir_mode: 755
+    - file_mode: 644
+{% endif %}
diff --git a/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml b/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
new file mode 100644
index 00000000000..bda18808822
--- /dev/null
+++ b/cluster/saltbase/salt/kube-admission-controls/limit-range/limit-range.yaml
@@ -0,0 +1,9 @@
+apiVersion: "v1beta3"
+kind: "LimitRange"
+metadata:
+  name: "limits"
+spec:
+  limits:
+    - type: "Container"
+      default:
+        cpu: "100m"
diff --git a/cluster/saltbase/salt/top.sls b/cluster/saltbase/salt/top.sls
index c1aa08c50d2..d95588b8fcf 100644
--- a/cluster/saltbase/salt/top.sls
+++ b/cluster/saltbase/salt/top.sls
@@ -39,6 +39,7 @@ base:
     - cadvisor
     - kube-client-tools
     - kube-master-addons
+    - kube-admission-controls
 {% if grains['cloud'] is defined and grains['cloud'] != 'vagrant' %}
     - logrotate
 {% endif %}

From 061155c1eb3cecaebd52d87f8ee0901506e3aa43 Mon Sep 17 00:00:00 2001
From: Dawn Chen <dawnchen@google.com>
Date: Mon, 18 May 2015 17:59:16 -0700
Subject: [PATCH 2/2] Create LimitRange object for cluster before addons
 service

---
 cluster/saltbase/salt/kube-addons/kube-addons.sh | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cluster/saltbase/salt/kube-addons/kube-addons.sh b/cluster/saltbase/salt/kube-addons/kube-addons.sh
index c6131c89ecd..267927c63e6 100644
--- a/cluster/saltbase/salt/kube-addons/kube-addons.sh
+++ b/cluster/saltbase/salt/kube-addons/kube-addons.sh
@@ -110,6 +110,14 @@ while read line; do
   create-kubeconfig-secret "${token}" "${username}"
 done < /srv/kubernetes/known_tokens.csv
 
+# Create admission_control objects if defined before any other addon services. If the limits
+# are defined in a namespace other than default, we should still create the limits for the
+# default namespace.
+for obj in $(find /etc/kubernetes/admission-controls \( -name \*.yaml -o -name \*.json \)); do
+  start_addon ${obj} 100 10 &
+  echo "++ obj ${obj} is created ++"
+done
+
 for obj in $(find /etc/kubernetes/addons \( -name \*.yaml -o -name \*.json \)); do
   start_addon ${obj} 100 10 &
   echo "++ addon ${obj} starting in pid $! ++"