github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-09 03:57:41 +00:00
Code Issues Projects Releases Wiki Activity

LimitRanger should ignore subresources

Browse Source
This commit is contained in:
derekwaynecarr 2015-06-18 15:43:48 -04:00
parent fce7adf3e7
commit 9a747cde38
2 changed files with 61 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/pkg/admission/limitranger/admission.go
View File

@ -48,6 +48,12 @@ type limitRanger struct {
// Admit admits resources into cluster that do not violate any defined LimitRange in the namespace // Admit admits resources into cluster that do not violate any defined LimitRange in the namespace
func (l *limitRanger) Admit(a admission.Attributes) (err error) { func (l *limitRanger) Admit(a admission.Attributes) (err error) {
// Ignore all calls to subresources
if a.GetSubresource() != "" {
return nil
}
obj := a.GetObject() obj := a.GetObject()
resource := a.GetResource() resource := a.GetResource()
name := "Unknown" name := "Unknown"

55
plugin/pkg/admission/limitranger/admission_test.go
View File

@ -20,8 +20,11 @@ import (
"strconv" "strconv"
"testing" "testing"
"github.com/GoogleCloudPlatform/kubernetes/pkg/admission"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api" "github.com/GoogleCloudPlatform/kubernetes/pkg/api"
"github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource" "github.com/GoogleCloudPlatform/kubernetes/pkg/api/resource"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client/cache"
"github.com/GoogleCloudPlatform/kubernetes/pkg/client/testclient"
) )
func getResourceList(cpu, memory string) api.ResourceList { func getResourceList(cpu, memory string) api.ResourceList {
@ -46,6 +49,7 @@ func validLimitRange() api.LimitRange {
return api.LimitRange{ return api.LimitRange{
ObjectMeta: api.ObjectMeta{ ObjectMeta: api.ObjectMeta{
Name: "abc", Name: "abc",
Namespace: "test",
}, },
Spec: api.LimitRangeSpec{ Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{ Limits: []api.LimitRangeItem{
@ -65,9 +69,32 @@ func validLimitRange() api.LimitRange {
} }
} }
func validLimitRangeNoDefaults() api.LimitRange {
return api.LimitRange{
ObjectMeta: api.ObjectMeta{
Name: "abc",
Namespace: "test",
},
Spec: api.LimitRangeSpec{
Limits: []api.LimitRangeItem{
{
Type: api.LimitTypePod,
Max: getResourceList("200m", "4Gi"),
Min: getResourceList("50m", "2Mi"),
},
{
Type: api.LimitTypeContainer,
Max: getResourceList("100m", "2Gi"),
Min: getResourceList("25m", "1Mi"),
},
},
},
}
}
func validPod(name string, numContainers int, resources api.ResourceRequirements) api.Pod { func validPod(name string, numContainers int, resources api.ResourceRequirements) api.Pod {
pod := api.Pod{ pod := api.Pod{
ObjectMeta: api.ObjectMeta{Name: name}, ObjectMeta: api.ObjectMeta{Name: name, Namespace: "test"},
Spec: api.PodSpec{}, Spec: api.PodSpec{},
} }
pod.Spec.Containers = make([]api.Container, 0, numContainers) pod.Spec.Containers = make([]api.Container, 0, numContainers)
@ -192,3 +219,29 @@ func TestPodLimitFuncApplyDefault(t *testing.T) {
} }
} }
} }
func TestLimitRangerIgnoresSubresource(t *testing.T) {
client := testclient.NewSimpleFake()
indexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{"namespace": cache.MetaNamespaceIndexFunc})
handler := &limitRanger{
Handler: admission.NewHandler(admission.Create, admission.Update),
client: client,
limitFunc: Limit,
indexer: indexer,
}
limitRange := validLimitRangeNoDefaults()
testPod := validPod("testPod", 1, api.ResourceRequirements{})
indexer.Add(&limitRange)
err := handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "pods", "", admission.Update, nil))
if err == nil {
t.Errorf("Expected an error since the pod did not specify resource limits in its update call")
}
err = handler.Admit(admission.NewAttributesRecord(&testPod, "Pod", limitRange.Namespace, "pods", "status", admission.Update, nil))
if err != nil {
t.Errorf("Should have ignored calls to any subresource of pod %v", err)
}
}