Merge pull request #60519 from bsalamat/auto_prio_class

Automatic merge from submit-queue (batch tested with PRs 60519, 61099, 61218, 61166, 61714). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Automatically add system critical priority classes at cluster boostrapping **What this PR does / why we need it**: We had two PriorityClasses that were hardcoded and special cased in our code base. These two priority classes never existed in API server. Priority admission controller had code to resolve these two names. This PR removes the hardcoded PriorityClasses and adds code to create these PriorityClasses automatically when API server starts. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #60178 ref/ #57471 **Special notes for your reviewer**: **Release note**: ```release-note Automatically add system critical priority classes at cluster boostrapping. ``` /sig scheduling
2025-09-26 12:46:06 +00:00 · 2018-03-26 23:20:05 -07:00
parent 2bd8a7d5f7 9592a9ecf4
commit 71050b6f2d
21 changed files with 347 additions and 97 deletions
--- a/plugin/pkg/admission/priority/BUILD
+++ b/plugin/pkg/admission/priority/BUILD
@@ -16,10 +16,10 @@ go_test(
        "//pkg/client/informers/informers_generated/internalversion:go_default_library",
        "//pkg/controller:go_default_library",
        "//pkg/features:go_default_library",
-        "//pkg/scheduler/api:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/authentication/user:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library",
    ],
 )
@@ -37,7 +37,6 @@ go_library(
        "//pkg/features:go_default_library",
        "//pkg/kubeapiserver/admission:go_default_library",
        "//pkg/kubelet/types:go_default_library",
-        "//pkg/scheduler/api:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
--- a/plugin/pkg/admission/priority/admission.go
+++ b/plugin/pkg/admission/priority/admission.go
@@ -32,7 +32,6 @@ import (
 	"k8s.io/kubernetes/pkg/features"
 	kubeapiserveradmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
 	kubelettypes "k8s.io/kubernetes/pkg/kubelet/types"
-	schedulerapi "k8s.io/kubernetes/pkg/scheduler/api"
 )

 const (
@@ -154,7 +153,7 @@ func (p *priorityPlugin) admitPod(a admission.Attributes) error {
 		if len(pod.Spec.PriorityClassName) == 0 &&
 			utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalCriticalPodAnnotation) &&
 			kubelettypes.IsCritical(a.GetNamespace(), pod.Annotations) {
-			pod.Spec.PriorityClassName = schedulerapi.SystemClusterCritical
+			pod.Spec.PriorityClassName = scheduling.SystemClusterCritical
 		}
 		if len(pod.Spec.PriorityClassName) == 0 {
 			var err error
@@ -163,22 +162,17 @@ func (p *priorityPlugin) admitPod(a admission.Attributes) error {
 				return fmt.Errorf("failed to get default priority class: %v", err)
 			}
 		} else {
-			// First try to resolve by system priority classes.
-			priority, ok = schedulerapi.SystemPriorityClasses[pod.Spec.PriorityClassName]
-			if !ok {
-				// Now that we didn't find any system priority, try resolving by user defined priority classes.
-				pc, err := p.lister.Get(pod.Spec.PriorityClassName)
-
-				if err != nil {
-					if errors.IsNotFound(err) {
-						return admission.NewForbidden(a, fmt.Errorf("no PriorityClass with name %v was found", pod.Spec.PriorityClassName))
-					}
-
-					return fmt.Errorf("failed to get PriorityClass with name %s: %v", pod.Spec.PriorityClassName, err)
+			// Try resolving the priority class name.
+			pc, err := p.lister.Get(pod.Spec.PriorityClassName)
+			if err != nil {
+				if errors.IsNotFound(err) {
+					return admission.NewForbidden(a, fmt.Errorf("no PriorityClass with name %v was found", pod.Spec.PriorityClassName))
 				}

-				priority = pc.Value
+				return fmt.Errorf("failed to get PriorityClass with name %s: %v", pod.Spec.PriorityClassName, err)
 			}
+
+			priority = pc.Value
 		}
 		pod.Spec.Priority = &priority
 	}
@@ -192,12 +186,6 @@ func (p *priorityPlugin) validatePriorityClass(a admission.Attributes) error {
 	if !ok {
 		return errors.NewBadRequest("resource was marked with kind PriorityClass but was unable to be converted")
 	}
-	if pc.Value > schedulerapi.HighestUserDefinablePriority {
-		return admission.NewForbidden(a, fmt.Errorf("maximum allowed value of a user defined priority is %v", schedulerapi.HighestUserDefinablePriority))
-	}
-	if _, ok := schedulerapi.SystemPriorityClasses[pc.Name]; ok {
-		return admission.NewForbidden(a, fmt.Errorf("the name of the priority class is a reserved name for system use only: %v", pc.Name))
-	}
 	// If the new PriorityClass tries to be the default priority, make sure that no other priority class is marked as default.
 	if pc.GlobalDefault {
 		dpc, err := p.getDefaultPriorityClass()
--- a/plugin/pkg/admission/priority/admission_test.go
+++ b/plugin/pkg/admission/priority/admission_test.go
@@ -24,13 +24,13 @@ import (

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apiserver/pkg/admission"
+	"k8s.io/apiserver/pkg/authentication/user"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	api "k8s.io/kubernetes/pkg/apis/core"
 	"k8s.io/kubernetes/pkg/apis/scheduling"
 	informers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
 	"k8s.io/kubernetes/pkg/controller"
 	"k8s.io/kubernetes/pkg/features"
-	schedulerapi "k8s.io/kubernetes/pkg/scheduler/api"
 )

 func addPriorityClasses(ctrl *priorityPlugin, priorityClasses []*scheduling.PriorityClass) {
@@ -75,58 +75,58 @@ var nondefaultClass1 = &scheduling.PriorityClass{
 	Description: "Just a test priority class",
 }

-func TestPriorityClassAdmission(t *testing.T) {
-	var tooHighPriorityClass = &scheduling.PriorityClass{
-		TypeMeta: metav1.TypeMeta{
-			Kind: "PriorityClass",
-		},
-		ObjectMeta: metav1.ObjectMeta{
-			Name: "toohighclass",
-		},
-		Value:       schedulerapi.HighestUserDefinablePriority + 1,
-		Description: "Just a test priority class",
-	}
+var systemClusterCritical = &scheduling.PriorityClass{
+	TypeMeta: metav1.TypeMeta{
+		Kind: "PriorityClass",
+	},
+	ObjectMeta: metav1.ObjectMeta{
+		Name: scheduling.SystemClusterCritical,
+	},
+	Value:         scheduling.SystemCriticalPriority,
+	GlobalDefault: true,
+}

+func TestPriorityClassAdmission(t *testing.T) {
 	var systemClass = &scheduling.PriorityClass{
 		TypeMeta: metav1.TypeMeta{
 			Kind: "PriorityClass",
 		},
 		ObjectMeta: metav1.ObjectMeta{
-			Name: schedulerapi.SystemClusterCritical,
+			Name: scheduling.SystemPriorityClassPrefix + "test",
 		},
-		Value:       schedulerapi.HighestUserDefinablePriority + 1,
-		Description: "Name conflicts with system priority class names",
+		Value:       scheduling.HighestUserDefinablePriority + 1,
+		Description: "Name has system critical prefix",
 	}

 	tests := []struct {
 		name            string
 		existingClasses []*scheduling.PriorityClass
 		newClass        *scheduling.PriorityClass
+		userInfo        user.Info
 		expectError     bool
 	}{
 		{
 			"one default class",
 			[]*scheduling.PriorityClass{},
 			defaultClass1,
+			nil,
 			false,
 		},
 		{
 			"more than one default classes",
 			[]*scheduling.PriorityClass{defaultClass1},
 			defaultClass2,
+			nil,
 			true,
 		},
 		{
-			"too high PriorityClass value",
-			[]*scheduling.PriorityClass{},
-			tooHighPriorityClass,
-			true,
-		},
-		{
-			"system name conflict",
+			"system name and value are allowed by admission controller",
 			[]*scheduling.PriorityClass{},
 			systemClass,
-			true,
+			&user.DefaultInfo{
+				Name: user.APIServerUser,
+			},
+			false,
 		},
 	}

@@ -146,7 +146,7 @@ func TestPriorityClassAdmission(t *testing.T) {
 			scheduling.Resource("priorityclasses").WithVersion("version"),
 			"",
 			admission.Create,
-			nil,
+			test.userInfo,
 		)
 		err := ctrl.Validate(attrs)
 		glog.Infof("Got %v", err)
@@ -322,7 +322,7 @@ func TestPodAdmission(t *testing.T) {
 						Name: containerName,
 					},
 				},
-				PriorityClassName: schedulerapi.SystemClusterCritical,
+				PriorityClassName: scheduling.SystemClusterCritical,
 			},
 		},
 		// pod[5]: mirror Pod with a system priority class name
@@ -419,9 +419,9 @@ func TestPodAdmission(t *testing.T) {
 		},
 		{
 			"pod with a system priority class",
-			[]*scheduling.PriorityClass{},
+			[]*scheduling.PriorityClass{systemClusterCritical},
 			*pods[4],
-			schedulerapi.SystemCriticalPriority,
+			scheduling.SystemCriticalPriority,
 			false,
 		},
 		{
@@ -440,9 +440,9 @@ func TestPodAdmission(t *testing.T) {
 		},
 		{
 			"mirror pod with system priority class",
-			[]*scheduling.PriorityClass{},
+			[]*scheduling.PriorityClass{systemClusterCritical},
 			*pods[5],
-			schedulerapi.SystemCriticalPriority,
+			scheduling.SystemCriticalPriority,
 			false,
 		},
 		{
@@ -454,9 +454,9 @@ func TestPodAdmission(t *testing.T) {
 		},
 		{
 			"pod with critical pod annotation",
-			[]*scheduling.PriorityClass{},
+			[]*scheduling.PriorityClass{systemClusterCritical},
 			*pods[7],
-			schedulerapi.SystemCriticalPriority,
+			scheduling.SystemCriticalPriority,
 			false,
 		},
 	}