mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-18 17:33:39 +00:00
1188 lines
46 KiB
Go
1188 lines
46 KiB
Go
/*
|
|
Copyright 2015 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package scheduling
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"time"
|
|
|
|
v1 "k8s.io/api/core/v1"
|
|
nodev1 "k8s.io/api/node/v1"
|
|
"k8s.io/apimachinery/pkg/api/resource"
|
|
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
|
|
"k8s.io/apimachinery/pkg/types"
|
|
"k8s.io/apimachinery/pkg/util/intstr"
|
|
"k8s.io/apimachinery/pkg/util/sets"
|
|
"k8s.io/apimachinery/pkg/util/strategicpatch"
|
|
"k8s.io/apimachinery/pkg/util/uuid"
|
|
utilversion "k8s.io/apimachinery/pkg/util/version"
|
|
clientset "k8s.io/client-go/kubernetes"
|
|
podutil "k8s.io/kubernetes/pkg/api/v1/pod"
|
|
"k8s.io/kubernetes/test/e2e/framework"
|
|
e2enode "k8s.io/kubernetes/test/e2e/framework/node"
|
|
e2eruntimeclass "k8s.io/kubernetes/test/e2e/framework/node/runtimeclass"
|
|
e2epod "k8s.io/kubernetes/test/e2e/framework/pod"
|
|
e2erc "k8s.io/kubernetes/test/e2e/framework/rc"
|
|
e2eskipper "k8s.io/kubernetes/test/e2e/framework/skipper"
|
|
testutils "k8s.io/kubernetes/test/utils"
|
|
imageutils "k8s.io/kubernetes/test/utils/image"
|
|
admissionapi "k8s.io/pod-security-admission/api"
|
|
|
|
"github.com/onsi/ginkgo/v2"
|
|
|
|
// ensure libs have a chance to initialize
|
|
_ "github.com/stretchr/testify/assert"
|
|
)
|
|
|
|
const (
|
|
maxNumberOfPods int64 = 10
|
|
defaultTimeout = 3 * time.Minute
|
|
)
|
|
|
|
var localStorageVersion = utilversion.MustParseSemantic("v1.8.0-beta.0")
|
|
|
|
// variable populated in BeforeEach, never modified afterwards
|
|
var workerNodes = sets.String{}
|
|
|
|
type pausePodConfig struct {
|
|
Name string
|
|
Namespace string
|
|
Finalizers []string
|
|
Affinity *v1.Affinity
|
|
Annotations, Labels, NodeSelector map[string]string
|
|
Resources *v1.ResourceRequirements
|
|
RuntimeClassHandler *string
|
|
Tolerations []v1.Toleration
|
|
NodeName string
|
|
Ports []v1.ContainerPort
|
|
OwnerReferences []metav1.OwnerReference
|
|
PriorityClassName string
|
|
DeletionGracePeriodSeconds *int64
|
|
TopologySpreadConstraints []v1.TopologySpreadConstraint
|
|
SchedulingGates []v1.PodSchedulingGate
|
|
}
|
|
|
|
var _ = SIGDescribe("SchedulerPredicates [Serial]", func() {
|
|
var cs clientset.Interface
|
|
var nodeList *v1.NodeList
|
|
var RCName string
|
|
var ns string
|
|
f := framework.NewDefaultFramework("sched-pred")
|
|
f.NamespacePodSecurityEnforceLevel = admissionapi.LevelPrivileged
|
|
|
|
ginkgo.AfterEach(func(ctx context.Context) {
|
|
rc, err := cs.CoreV1().ReplicationControllers(ns).Get(ctx, RCName, metav1.GetOptions{})
|
|
if err == nil && *(rc.Spec.Replicas) != 0 {
|
|
ginkgo.By("Cleaning up the replication controller")
|
|
err := e2erc.DeleteRCAndWaitForGC(ctx, f.ClientSet, ns, RCName)
|
|
framework.ExpectNoError(err)
|
|
}
|
|
})
|
|
|
|
ginkgo.BeforeEach(func(ctx context.Context) {
|
|
cs = f.ClientSet
|
|
ns = f.Namespace.Name
|
|
nodeList = &v1.NodeList{}
|
|
var err error
|
|
|
|
e2enode.AllNodesReady(ctx, cs, time.Minute)
|
|
|
|
nodeList, err = e2enode.GetReadySchedulableNodes(ctx, cs)
|
|
if err != nil {
|
|
framework.Logf("Unexpected error occurred: %v", err)
|
|
}
|
|
framework.ExpectNoErrorWithOffset(0, err)
|
|
for _, n := range nodeList.Items {
|
|
workerNodes.Insert(n.Name)
|
|
}
|
|
|
|
err = framework.CheckTestingNSDeletedExcept(ctx, cs, ns)
|
|
framework.ExpectNoError(err)
|
|
|
|
for _, node := range nodeList.Items {
|
|
framework.Logf("\nLogging pods the apiserver thinks is on node %v before test", node.Name)
|
|
printAllPodsOnNode(ctx, cs, node.Name)
|
|
}
|
|
|
|
})
|
|
|
|
// This test verifies we don't allow scheduling of pods in a way that sum of local ephemeral storage resource requests of pods is greater than machines capacity.
|
|
// It assumes that cluster add-on pods stay stable and cannot be run in parallel with any other test that touches Nodes or Pods.
|
|
// It is so because we need to have precise control on what's running in the cluster.
|
|
ginkgo.It("validates local ephemeral storage resource limits of pods that are allowed to run [Feature:LocalStorageCapacityIsolation]", func(ctx context.Context) {
|
|
|
|
e2eskipper.SkipUnlessServerVersionGTE(localStorageVersion, f.ClientSet.Discovery())
|
|
|
|
nodeMaxAllocatable := int64(0)
|
|
|
|
nodeToAllocatableMap := make(map[string]int64)
|
|
for _, node := range nodeList.Items {
|
|
allocatable, found := node.Status.Allocatable[v1.ResourceEphemeralStorage]
|
|
if !found {
|
|
framework.Failf("node.Status.Allocatable %v does not contain entry %v", node.Status.Allocatable, v1.ResourceEphemeralStorage)
|
|
}
|
|
nodeToAllocatableMap[node.Name] = allocatable.Value()
|
|
if nodeMaxAllocatable < allocatable.Value() {
|
|
nodeMaxAllocatable = allocatable.Value()
|
|
}
|
|
}
|
|
WaitForStableCluster(cs, workerNodes)
|
|
|
|
pods, err := cs.CoreV1().Pods(metav1.NamespaceAll).List(ctx, metav1.ListOptions{})
|
|
framework.ExpectNoError(err)
|
|
for _, pod := range pods.Items {
|
|
_, found := nodeToAllocatableMap[pod.Spec.NodeName]
|
|
if found && pod.Status.Phase != v1.PodSucceeded && pod.Status.Phase != v1.PodFailed {
|
|
framework.Logf("Pod %v requesting local ephemeral resource =%v on Node %v", pod.Name, getRequestedStorageEphemeralStorage(pod), pod.Spec.NodeName)
|
|
nodeToAllocatableMap[pod.Spec.NodeName] -= getRequestedStorageEphemeralStorage(pod)
|
|
}
|
|
}
|
|
|
|
var podsNeededForSaturation int
|
|
ephemeralStoragePerPod := nodeMaxAllocatable / maxNumberOfPods
|
|
|
|
framework.Logf("Using pod capacity: %v", ephemeralStoragePerPod)
|
|
for name, leftAllocatable := range nodeToAllocatableMap {
|
|
framework.Logf("Node: %v has local ephemeral resource allocatable: %v", name, leftAllocatable)
|
|
podsNeededForSaturation += (int)(leftAllocatable / ephemeralStoragePerPod)
|
|
}
|
|
|
|
ginkgo.By(fmt.Sprintf("Starting additional %v Pods to fully saturate the cluster local ephemeral resource and trying to start another one", podsNeededForSaturation))
|
|
|
|
// As the pods are distributed randomly among nodes,
|
|
// it can easily happen that all nodes are saturated
|
|
// and there is no need to create additional pods.
|
|
// StartPods requires at least one pod to replicate.
|
|
if podsNeededForSaturation > 0 {
|
|
framework.ExpectNoError(testutils.StartPods(cs, podsNeededForSaturation, ns, "overcommit",
|
|
*initPausePod(f, pausePodConfig{
|
|
Name: "",
|
|
Labels: map[string]string{"name": ""},
|
|
Resources: &v1.ResourceRequirements{
|
|
Limits: v1.ResourceList{
|
|
v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStoragePerPod, "DecimalSI"),
|
|
},
|
|
Requests: v1.ResourceList{
|
|
v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStoragePerPod, "DecimalSI"),
|
|
},
|
|
},
|
|
}), true, framework.Logf))
|
|
}
|
|
podName := "additional-pod"
|
|
conf := pausePodConfig{
|
|
Name: podName,
|
|
Labels: map[string]string{"name": "additional"},
|
|
Resources: &v1.ResourceRequirements{
|
|
Limits: v1.ResourceList{
|
|
v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStoragePerPod, "DecimalSI"),
|
|
},
|
|
Requests: v1.ResourceList{
|
|
v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStoragePerPod, "DecimalSI"),
|
|
},
|
|
},
|
|
}
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podName, false)
|
|
verifyResult(ctx, cs, podsNeededForSaturation, 1, ns)
|
|
})
|
|
|
|
// This test verifies we don't allow scheduling of pods in a way that sum of limits +
|
|
// associated overhead is greater than machine's capacity.
|
|
// It assumes that cluster add-on pods stay stable and cannot be run in parallel
|
|
// with any other test that touches Nodes or Pods.
|
|
// Because of this we need to have precise control on what's running in the cluster.
|
|
// Test scenario:
|
|
// 1. Find the first ready node on the system, and add a fake resource for test
|
|
// 2. Create one with affinity to the particular node that uses 70% of the fake resource.
|
|
// 3. Wait for the pod to be scheduled.
|
|
// 4. Create another pod with affinity to the particular node that needs 20% of the fake resource and
|
|
// an overhead set as 25% of the fake resource.
|
|
// 5. Make sure this additional pod is not scheduled.
|
|
|
|
ginkgo.Context("validates pod overhead is considered along with resource limits of pods that are allowed to run", func() {
|
|
var testNodeName string
|
|
var handler string
|
|
var beardsecond v1.ResourceName = "example.com/beardsecond"
|
|
|
|
ginkgo.BeforeEach(func(ctx context.Context) {
|
|
WaitForStableCluster(cs, workerNodes)
|
|
ginkgo.By("Add RuntimeClass and fake resource")
|
|
|
|
// find a node which can run a pod:
|
|
testNodeName = GetNodeThatCanRunPod(ctx, f)
|
|
|
|
// Get node object:
|
|
node, err := cs.CoreV1().Nodes().Get(ctx, testNodeName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err, "unable to get node object for node %v", testNodeName)
|
|
|
|
// update Node API object with a fake resource
|
|
nodeCopy := node.DeepCopy()
|
|
nodeCopy.ResourceVersion = "0"
|
|
|
|
nodeCopy.Status.Capacity[beardsecond] = resource.MustParse("1000")
|
|
_, err = cs.CoreV1().Nodes().UpdateStatus(ctx, nodeCopy, metav1.UpdateOptions{})
|
|
framework.ExpectNoError(err, "unable to apply fake resource to %v", testNodeName)
|
|
|
|
// Register a runtimeClass with overhead set as 25% of the available beard-seconds
|
|
handler = e2eruntimeclass.PreconfiguredRuntimeClassHandler
|
|
|
|
rc := &nodev1.RuntimeClass{
|
|
ObjectMeta: metav1.ObjectMeta{Name: handler},
|
|
Handler: handler,
|
|
Overhead: &nodev1.Overhead{
|
|
PodFixed: v1.ResourceList{
|
|
beardsecond: resource.MustParse("250"),
|
|
},
|
|
},
|
|
}
|
|
_, err = cs.NodeV1().RuntimeClasses().Create(ctx, rc, metav1.CreateOptions{})
|
|
framework.ExpectNoError(err, "failed to create RuntimeClass resource")
|
|
})
|
|
|
|
ginkgo.AfterEach(func(ctx context.Context) {
|
|
ginkgo.By("Remove fake resource and RuntimeClass")
|
|
// remove fake resource:
|
|
if testNodeName != "" {
|
|
// Get node object:
|
|
node, err := cs.CoreV1().Nodes().Get(ctx, testNodeName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err, "unable to get node object for node %v", testNodeName)
|
|
|
|
nodeCopy := node.DeepCopy()
|
|
// force it to update
|
|
nodeCopy.ResourceVersion = "0"
|
|
delete(nodeCopy.Status.Capacity, beardsecond)
|
|
_, err = cs.CoreV1().Nodes().UpdateStatus(ctx, nodeCopy, metav1.UpdateOptions{})
|
|
framework.ExpectNoError(err, "unable to update node %v", testNodeName)
|
|
}
|
|
|
|
// remove RuntimeClass
|
|
_ = cs.NodeV1beta1().RuntimeClasses().Delete(ctx, e2eruntimeclass.PreconfiguredRuntimeClassHandler, metav1.DeleteOptions{})
|
|
})
|
|
|
|
ginkgo.It("verify pod overhead is accounted for", func(ctx context.Context) {
|
|
if testNodeName == "" {
|
|
framework.Fail("unable to find a node which can run a pod")
|
|
}
|
|
|
|
ginkgo.By("Starting Pod to consume most of the node's resource.")
|
|
|
|
// Create pod which requires 70% of the available beard-seconds.
|
|
fillerPod := createPausePod(ctx, f, pausePodConfig{
|
|
Name: "filler-pod-" + string(uuid.NewUUID()),
|
|
Resources: &v1.ResourceRequirements{
|
|
Requests: v1.ResourceList{beardsecond: resource.MustParse("700")},
|
|
Limits: v1.ResourceList{beardsecond: resource.MustParse("700")},
|
|
},
|
|
})
|
|
|
|
// Wait for filler pod to schedule.
|
|
framework.ExpectNoError(e2epod.WaitForPodRunningInNamespace(ctx, cs, fillerPod))
|
|
|
|
ginkgo.By("Creating another pod that requires unavailable amount of resources.")
|
|
// Create another pod that requires 20% of available beard-seconds, but utilizes the RuntimeClass
|
|
// which defines a pod overhead that requires an additional 25%.
|
|
// This pod should remain pending as at least 70% of beard-second in
|
|
// the node are already consumed.
|
|
podName := "additional-pod" + string(uuid.NewUUID())
|
|
conf := pausePodConfig{
|
|
RuntimeClassHandler: &handler,
|
|
Name: podName,
|
|
Labels: map[string]string{"name": "additional"},
|
|
Resources: &v1.ResourceRequirements{
|
|
Limits: v1.ResourceList{beardsecond: resource.MustParse("200")},
|
|
},
|
|
}
|
|
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podName, false)
|
|
verifyResult(ctx, cs, 1, 1, ns)
|
|
})
|
|
})
|
|
|
|
// This test verifies we don't allow scheduling of pods in a way that sum of
|
|
// resource requests of pods is greater than machines capacity.
|
|
// It assumes that cluster add-on pods stay stable and cannot be run in parallel
|
|
// with any other test that touches Nodes or Pods.
|
|
// It is so because we need to have precise control on what's running in the cluster.
|
|
// Test scenario:
|
|
// 1. Find the amount CPU resources on each node.
|
|
// 2. Create one pod with affinity to each node that uses 70% of the node CPU.
|
|
// 3. Wait for the pods to be scheduled.
|
|
// 4. Create another pod with no affinity to any node that need 50% of the largest node CPU.
|
|
// 5. Make sure this additional pod is not scheduled.
|
|
/*
|
|
Release: v1.9
|
|
Testname: Scheduler, resource limits
|
|
Description: Scheduling Pods MUST fail if the resource requests exceed Machine capacity.
|
|
*/
|
|
framework.ConformanceIt("validates resource limits of pods that are allowed to run ", func(ctx context.Context) {
|
|
WaitForStableCluster(cs, workerNodes)
|
|
nodeMaxAllocatable := int64(0)
|
|
nodeToAllocatableMap := make(map[string]int64)
|
|
for _, node := range nodeList.Items {
|
|
nodeReady := false
|
|
for _, condition := range node.Status.Conditions {
|
|
if condition.Type == v1.NodeReady && condition.Status == v1.ConditionTrue {
|
|
nodeReady = true
|
|
break
|
|
}
|
|
}
|
|
if !nodeReady {
|
|
continue
|
|
}
|
|
// Apply node label to each node
|
|
e2enode.AddOrUpdateLabelOnNode(cs, node.Name, "node", node.Name)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, node.Name, "node", node.Name)
|
|
// Find allocatable amount of CPU.
|
|
allocatable, found := node.Status.Allocatable[v1.ResourceCPU]
|
|
if !found {
|
|
framework.Failf("node.Status.Allocatable %v does not contain entry %v", node.Status.Allocatable, v1.ResourceCPU)
|
|
}
|
|
nodeToAllocatableMap[node.Name] = allocatable.MilliValue()
|
|
if nodeMaxAllocatable < allocatable.MilliValue() {
|
|
nodeMaxAllocatable = allocatable.MilliValue()
|
|
}
|
|
}
|
|
// Clean up added labels after this test.
|
|
defer func() {
|
|
for nodeName := range nodeToAllocatableMap {
|
|
e2enode.RemoveLabelOffNode(cs, nodeName, "node")
|
|
}
|
|
}()
|
|
|
|
pods, err := cs.CoreV1().Pods(metav1.NamespaceAll).List(ctx, metav1.ListOptions{})
|
|
framework.ExpectNoError(err)
|
|
for _, pod := range pods.Items {
|
|
_, found := nodeToAllocatableMap[pod.Spec.NodeName]
|
|
if found && pod.Status.Phase != v1.PodSucceeded && pod.Status.Phase != v1.PodFailed {
|
|
framework.Logf("Pod %v requesting resource cpu=%vm on Node %v", pod.Name, getRequestedCPU(pod), pod.Spec.NodeName)
|
|
nodeToAllocatableMap[pod.Spec.NodeName] -= getRequestedCPU(pod)
|
|
}
|
|
}
|
|
|
|
ginkgo.By("Starting Pods to consume most of the cluster CPU.")
|
|
// Create one pod per node that requires 70% of the node remaining CPU.
|
|
fillerPods := []*v1.Pod{}
|
|
for nodeName, cpu := range nodeToAllocatableMap {
|
|
requestedCPU := cpu * 7 / 10
|
|
framework.Logf("Creating a pod which consumes cpu=%vm on Node %v", requestedCPU, nodeName)
|
|
fillerPods = append(fillerPods, createPausePod(ctx, f, pausePodConfig{
|
|
Name: "filler-pod-" + string(uuid.NewUUID()),
|
|
Resources: &v1.ResourceRequirements{
|
|
Limits: v1.ResourceList{
|
|
v1.ResourceCPU: *resource.NewMilliQuantity(requestedCPU, "DecimalSI"),
|
|
},
|
|
Requests: v1.ResourceList{
|
|
v1.ResourceCPU: *resource.NewMilliQuantity(requestedCPU, "DecimalSI"),
|
|
},
|
|
},
|
|
Affinity: &v1.Affinity{
|
|
NodeAffinity: &v1.NodeAffinity{
|
|
RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{
|
|
NodeSelectorTerms: []v1.NodeSelectorTerm{
|
|
{
|
|
MatchExpressions: []v1.NodeSelectorRequirement{
|
|
{
|
|
Key: "node",
|
|
Operator: v1.NodeSelectorOpIn,
|
|
Values: []string{nodeName},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}))
|
|
}
|
|
// Wait for filler pods to schedule.
|
|
for _, pod := range fillerPods {
|
|
framework.ExpectNoError(e2epod.WaitForPodRunningInNamespace(ctx, cs, pod))
|
|
}
|
|
ginkgo.By("Creating another pod that requires unavailable amount of CPU.")
|
|
// Create another pod that requires 50% of the largest node CPU resources.
|
|
// This pod should remain pending as at least 70% of CPU of other nodes in
|
|
// the cluster are already consumed.
|
|
podName := "additional-pod"
|
|
conf := pausePodConfig{
|
|
Name: podName,
|
|
Labels: map[string]string{"name": "additional"},
|
|
Resources: &v1.ResourceRequirements{
|
|
Limits: v1.ResourceList{
|
|
v1.ResourceCPU: *resource.NewMilliQuantity(nodeMaxAllocatable*5/10, "DecimalSI"),
|
|
},
|
|
Requests: v1.ResourceList{
|
|
v1.ResourceCPU: *resource.NewMilliQuantity(nodeMaxAllocatable*5/10, "DecimalSI"),
|
|
},
|
|
},
|
|
}
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podName, false)
|
|
verifyResult(ctx, cs, len(fillerPods), 1, ns)
|
|
})
|
|
|
|
// Test Nodes does not have any label, hence it should be impossible to schedule Pod with
|
|
// nonempty Selector set.
|
|
/*
|
|
Release: v1.9
|
|
Testname: Scheduler, node selector not matching
|
|
Description: Create a Pod with a NodeSelector set to a value that does not match a node in the cluster. Since there are no nodes matching the criteria the Pod MUST not be scheduled.
|
|
*/
|
|
framework.ConformanceIt("validates that NodeSelector is respected if not matching ", func(ctx context.Context) {
|
|
ginkgo.By("Trying to schedule Pod with nonempty NodeSelector.")
|
|
podName := "restricted-pod"
|
|
|
|
WaitForStableCluster(cs, workerNodes)
|
|
|
|
conf := pausePodConfig{
|
|
Name: podName,
|
|
Labels: map[string]string{"name": "restricted"},
|
|
NodeSelector: map[string]string{
|
|
"label": "nonempty",
|
|
},
|
|
}
|
|
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podName, false)
|
|
verifyResult(ctx, cs, 0, 1, ns)
|
|
})
|
|
|
|
/*
|
|
Release: v1.9
|
|
Testname: Scheduler, node selector matching
|
|
Description: Create a label on the node {k: v}. Then create a Pod with a NodeSelector set to {k: v}. Check to see if the Pod is scheduled. When the NodeSelector matches then Pod MUST be scheduled on that node.
|
|
*/
|
|
framework.ConformanceIt("validates that NodeSelector is respected if matching ", func(ctx context.Context) {
|
|
nodeName := GetNodeThatCanRunPod(ctx, f)
|
|
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
k := fmt.Sprintf("kubernetes.io/e2e-%s", string(uuid.NewUUID()))
|
|
v := "42"
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, k, v)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, k, v)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, k)
|
|
|
|
ginkgo.By("Trying to relaunch the pod, now with labels.")
|
|
labelPodName := "with-labels"
|
|
createPausePod(ctx, f, pausePodConfig{
|
|
Name: labelPodName,
|
|
NodeSelector: map[string]string{
|
|
k: v,
|
|
},
|
|
})
|
|
|
|
// check that pod got scheduled. We intentionally DO NOT check that the
|
|
// pod is running because this will create a race condition with the
|
|
// kubelet and the scheduler: the scheduler might have scheduled a pod
|
|
// already when the kubelet does not know about its new label yet. The
|
|
// kubelet will then refuse to launch the pod.
|
|
framework.ExpectNoError(e2epod.WaitForPodNotPending(ctx, cs, ns, labelPodName))
|
|
labelPod, err := cs.CoreV1().Pods(ns).Get(ctx, labelPodName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err)
|
|
framework.ExpectEqual(labelPod.Spec.NodeName, nodeName)
|
|
})
|
|
|
|
// Test Nodes does not have any label, hence it should be impossible to schedule Pod with
|
|
// non-nil NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.
|
|
ginkgo.It("validates that NodeAffinity is respected if not matching", func(ctx context.Context) {
|
|
ginkgo.By("Trying to schedule Pod with nonempty NodeSelector.")
|
|
podName := "restricted-pod"
|
|
|
|
WaitForStableCluster(cs, workerNodes)
|
|
|
|
conf := pausePodConfig{
|
|
Name: podName,
|
|
Affinity: &v1.Affinity{
|
|
NodeAffinity: &v1.NodeAffinity{
|
|
RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{
|
|
NodeSelectorTerms: []v1.NodeSelectorTerm{
|
|
{
|
|
MatchExpressions: []v1.NodeSelectorRequirement{
|
|
{
|
|
Key: "foo",
|
|
Operator: v1.NodeSelectorOpIn,
|
|
Values: []string{"bar", "value2"},
|
|
},
|
|
},
|
|
}, {
|
|
MatchExpressions: []v1.NodeSelectorRequirement{
|
|
{
|
|
Key: "diffkey",
|
|
Operator: v1.NodeSelectorOpIn,
|
|
Values: []string{"wrong", "value2"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
Labels: map[string]string{"name": "restricted"},
|
|
}
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podName, false)
|
|
verifyResult(ctx, cs, 0, 1, ns)
|
|
})
|
|
|
|
// Keep the same steps with the test on NodeSelector,
|
|
// but specify Affinity in Pod.Spec.Affinity, instead of NodeSelector.
|
|
ginkgo.It("validates that required NodeAffinity setting is respected if matching", func(ctx context.Context) {
|
|
nodeName := GetNodeThatCanRunPod(ctx, f)
|
|
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
k := fmt.Sprintf("kubernetes.io/e2e-%s", string(uuid.NewUUID()))
|
|
v := "42"
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, k, v)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, k, v)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, k)
|
|
|
|
ginkgo.By("Trying to relaunch the pod, now with labels.")
|
|
labelPodName := "with-labels"
|
|
createPausePod(ctx, f, pausePodConfig{
|
|
Name: labelPodName,
|
|
Affinity: &v1.Affinity{
|
|
NodeAffinity: &v1.NodeAffinity{
|
|
RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{
|
|
NodeSelectorTerms: []v1.NodeSelectorTerm{
|
|
{
|
|
MatchExpressions: []v1.NodeSelectorRequirement{
|
|
{
|
|
Key: k,
|
|
Operator: v1.NodeSelectorOpIn,
|
|
Values: []string{v},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
})
|
|
|
|
// check that pod got scheduled. We intentionally DO NOT check that the
|
|
// pod is running because this will create a race condition with the
|
|
// kubelet and the scheduler: the scheduler might have scheduled a pod
|
|
// already when the kubelet does not know about its new label yet. The
|
|
// kubelet will then refuse to launch the pod.
|
|
framework.ExpectNoError(e2epod.WaitForPodNotPending(ctx, cs, ns, labelPodName))
|
|
labelPod, err := cs.CoreV1().Pods(ns).Get(ctx, labelPodName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err)
|
|
framework.ExpectEqual(labelPod.Spec.NodeName, nodeName)
|
|
})
|
|
|
|
// 1. Run a pod to get an available node, then delete the pod
|
|
// 2. Taint the node with a random taint
|
|
// 3. Try to relaunch the pod with tolerations tolerate the taints on node,
|
|
// and the pod's nodeName specified to the name of node found in step 1
|
|
ginkgo.It("validates that taints-tolerations is respected if matching", func(ctx context.Context) {
|
|
nodeName := getNodeThatCanRunPodWithoutToleration(ctx, f)
|
|
|
|
ginkgo.By("Trying to apply a random taint on the found node.")
|
|
testTaint := v1.Taint{
|
|
Key: fmt.Sprintf("kubernetes.io/e2e-taint-key-%s", string(uuid.NewUUID())),
|
|
Value: "testing-taint-value",
|
|
Effect: v1.TaintEffectNoSchedule,
|
|
}
|
|
e2enode.AddOrUpdateTaintOnNode(ctx, cs, nodeName, testTaint)
|
|
e2enode.ExpectNodeHasTaint(ctx, cs, nodeName, &testTaint)
|
|
ginkgo.DeferCleanup(e2enode.RemoveTaintOffNode, cs, nodeName, testTaint)
|
|
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
labelKey := fmt.Sprintf("kubernetes.io/e2e-label-key-%s", string(uuid.NewUUID()))
|
|
labelValue := "testing-label-value"
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, labelKey, labelValue)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, labelKey, labelValue)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, labelKey)
|
|
|
|
ginkgo.By("Trying to relaunch the pod, now with tolerations.")
|
|
tolerationPodName := "with-tolerations"
|
|
createPausePod(ctx, f, pausePodConfig{
|
|
Name: tolerationPodName,
|
|
Tolerations: []v1.Toleration{{Key: testTaint.Key, Value: testTaint.Value, Effect: testTaint.Effect}},
|
|
NodeSelector: map[string]string{labelKey: labelValue},
|
|
})
|
|
|
|
// check that pod got scheduled. We intentionally DO NOT check that the
|
|
// pod is running because this will create a race condition with the
|
|
// kubelet and the scheduler: the scheduler might have scheduled a pod
|
|
// already when the kubelet does not know about its new taint yet. The
|
|
// kubelet will then refuse to launch the pod.
|
|
framework.ExpectNoError(e2epod.WaitForPodNotPending(ctx, cs, ns, tolerationPodName))
|
|
deployedPod, err := cs.CoreV1().Pods(ns).Get(ctx, tolerationPodName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err)
|
|
framework.ExpectEqual(deployedPod.Spec.NodeName, nodeName)
|
|
})
|
|
|
|
// 1. Run a pod to get an available node, then delete the pod
|
|
// 2. Taint the node with a random taint
|
|
// 3. Try to relaunch the pod still no tolerations,
|
|
// and the pod's nodeName specified to the name of node found in step 1
|
|
ginkgo.It("validates that taints-tolerations is respected if not matching", func(ctx context.Context) {
|
|
nodeName := getNodeThatCanRunPodWithoutToleration(ctx, f)
|
|
|
|
ginkgo.By("Trying to apply a random taint on the found node.")
|
|
testTaint := v1.Taint{
|
|
Key: fmt.Sprintf("kubernetes.io/e2e-taint-key-%s", string(uuid.NewUUID())),
|
|
Value: "testing-taint-value",
|
|
Effect: v1.TaintEffectNoSchedule,
|
|
}
|
|
e2enode.AddOrUpdateTaintOnNode(ctx, cs, nodeName, testTaint)
|
|
e2enode.ExpectNodeHasTaint(ctx, cs, nodeName, &testTaint)
|
|
ginkgo.DeferCleanup(e2enode.RemoveTaintOffNode, cs, nodeName, testTaint)
|
|
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
labelKey := fmt.Sprintf("kubernetes.io/e2e-label-key-%s", string(uuid.NewUUID()))
|
|
labelValue := "testing-label-value"
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, labelKey, labelValue)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, labelKey, labelValue)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, labelKey)
|
|
|
|
ginkgo.By("Trying to relaunch the pod, still no tolerations.")
|
|
podNameNoTolerations := "still-no-tolerations"
|
|
conf := pausePodConfig{
|
|
Name: podNameNoTolerations,
|
|
NodeSelector: map[string]string{labelKey: labelValue},
|
|
}
|
|
|
|
WaitForSchedulerAfterAction(ctx, f, createPausePodAction(f, conf), ns, podNameNoTolerations, false)
|
|
verifyResult(ctx, cs, 0, 1, ns)
|
|
|
|
ginkgo.By("Removing taint off the node")
|
|
WaitForSchedulerAfterAction(ctx, f, removeTaintFromNodeAction(cs, nodeName, testTaint), ns, podNameNoTolerations, true)
|
|
verifyResult(ctx, cs, 1, 0, ns)
|
|
})
|
|
|
|
ginkgo.It("validates that there is no conflict between pods with same hostPort but different hostIP and protocol", func(ctx context.Context) {
|
|
|
|
nodeName := GetNodeThatCanRunPod(ctx, f)
|
|
localhost := "127.0.0.1"
|
|
if framework.TestContext.ClusterIsIPv6() {
|
|
localhost = "::1"
|
|
}
|
|
hostIP := getNodeHostIP(ctx, f, nodeName)
|
|
|
|
// use nodeSelector to make sure the testing pods get assigned on the same node to explicitly verify there exists conflict or not
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
k := fmt.Sprintf("kubernetes.io/e2e-%s", string(uuid.NewUUID()))
|
|
v := "90"
|
|
|
|
nodeSelector := make(map[string]string)
|
|
nodeSelector[k] = v
|
|
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, k, v)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, k, v)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, k)
|
|
|
|
port := int32(54321)
|
|
ginkgo.By(fmt.Sprintf("Trying to create a pod(pod1) with hostport %v and hostIP %s and expect scheduled", port, localhost))
|
|
createHostPortPodOnNode(ctx, f, "pod1", ns, localhost, port, v1.ProtocolTCP, nodeSelector, true)
|
|
|
|
ginkgo.By(fmt.Sprintf("Trying to create another pod(pod2) with hostport %v but hostIP %s on the node which pod1 resides and expect scheduled", port, hostIP))
|
|
createHostPortPodOnNode(ctx, f, "pod2", ns, hostIP, port, v1.ProtocolTCP, nodeSelector, true)
|
|
|
|
ginkgo.By(fmt.Sprintf("Trying to create a third pod(pod3) with hostport %v, hostIP %s but use UDP protocol on the node which pod2 resides", port, hostIP))
|
|
createHostPortPodOnNode(ctx, f, "pod3", ns, hostIP, port, v1.ProtocolUDP, nodeSelector, true)
|
|
|
|
})
|
|
|
|
/*
|
|
Release: v1.16
|
|
Testname: Scheduling, HostPort and Protocol match, HostIPs different but one is default HostIP (0.0.0.0)
|
|
Description: Pods with the same HostPort and Protocol, but different HostIPs, MUST NOT schedule to the
|
|
same node if one of those IPs is the default HostIP of 0.0.0.0, which represents all IPs on the host.
|
|
*/
|
|
framework.ConformanceIt("validates that there exists conflict between pods with same hostPort and protocol but one using 0.0.0.0 hostIP", func(ctx context.Context) {
|
|
nodeName := GetNodeThatCanRunPod(ctx, f)
|
|
hostIP := getNodeHostIP(ctx, f, nodeName)
|
|
// use nodeSelector to make sure the testing pods get assigned on the same node to explicitly verify there exists conflict or not
|
|
ginkgo.By("Trying to apply a random label on the found node.")
|
|
k := fmt.Sprintf("kubernetes.io/e2e-%s", string(uuid.NewUUID()))
|
|
v := "95"
|
|
|
|
nodeSelector := make(map[string]string)
|
|
nodeSelector[k] = v
|
|
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, k, v)
|
|
e2enode.ExpectNodeHasLabel(ctx, cs, nodeName, k, v)
|
|
defer e2enode.RemoveLabelOffNode(cs, nodeName, k)
|
|
|
|
port := int32(54322)
|
|
ginkgo.By(fmt.Sprintf("Trying to create a pod(pod4) with hostport %v and hostIP 0.0.0.0(empty string here) and expect scheduled", port))
|
|
createHostPortPodOnNode(ctx, f, "pod4", ns, "", port, v1.ProtocolTCP, nodeSelector, true)
|
|
|
|
ginkgo.By(fmt.Sprintf("Trying to create another pod(pod5) with hostport %v but hostIP %s on the node which pod4 resides and expect not scheduled", port, hostIP))
|
|
createHostPortPodOnNode(ctx, f, "pod5", ns, hostIP, port, v1.ProtocolTCP, nodeSelector, false)
|
|
})
|
|
|
|
ginkgo.Context("PodTopologySpread Filtering", func() {
|
|
var nodeNames []string
|
|
topologyKey := "kubernetes.io/e2e-pts-filter"
|
|
|
|
ginkgo.BeforeEach(func(ctx context.Context) {
|
|
if len(nodeList.Items) < 2 {
|
|
ginkgo.Skip("At least 2 nodes are required to run the test")
|
|
}
|
|
ginkgo.By("Trying to get 2 available nodes which can run pod")
|
|
nodeNames = Get2NodesThatCanRunPod(ctx, f)
|
|
ginkgo.By(fmt.Sprintf("Apply dedicated topologyKey %v for this test on the 2 nodes.", topologyKey))
|
|
for _, nodeName := range nodeNames {
|
|
e2enode.AddOrUpdateLabelOnNode(cs, nodeName, topologyKey, nodeName)
|
|
}
|
|
})
|
|
ginkgo.AfterEach(func() {
|
|
for _, nodeName := range nodeNames {
|
|
e2enode.RemoveLabelOffNode(cs, nodeName, topologyKey)
|
|
}
|
|
})
|
|
|
|
ginkgo.It("validates 4 pods with MaxSkew=1 are evenly distributed into 2 nodes", func(ctx context.Context) {
|
|
podLabel := "e2e-pts-filter"
|
|
replicas := 4
|
|
rsConfig := pauseRSConfig{
|
|
Replicas: int32(replicas),
|
|
PodConfig: pausePodConfig{
|
|
Name: podLabel,
|
|
Namespace: ns,
|
|
Labels: map[string]string{podLabel: ""},
|
|
Affinity: &v1.Affinity{
|
|
NodeAffinity: &v1.NodeAffinity{
|
|
RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{
|
|
NodeSelectorTerms: []v1.NodeSelectorTerm{
|
|
{
|
|
MatchExpressions: []v1.NodeSelectorRequirement{
|
|
{
|
|
Key: topologyKey,
|
|
Operator: v1.NodeSelectorOpIn,
|
|
Values: nodeNames,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
TopologySpreadConstraints: []v1.TopologySpreadConstraint{
|
|
{
|
|
MaxSkew: 1,
|
|
TopologyKey: topologyKey,
|
|
WhenUnsatisfiable: v1.DoNotSchedule,
|
|
LabelSelector: &metav1.LabelSelector{
|
|
MatchExpressions: []metav1.LabelSelectorRequirement{
|
|
{
|
|
Key: podLabel,
|
|
Operator: metav1.LabelSelectorOpExists,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
runPauseRS(ctx, f, rsConfig)
|
|
podList, err := cs.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{})
|
|
framework.ExpectNoError(err)
|
|
numInNode1, numInNode2 := 0, 0
|
|
for _, pod := range podList.Items {
|
|
if pod.Spec.NodeName == nodeNames[0] {
|
|
numInNode1++
|
|
} else if pod.Spec.NodeName == nodeNames[1] {
|
|
numInNode2++
|
|
}
|
|
}
|
|
expected := replicas / len(nodeNames)
|
|
framework.ExpectEqual(numInNode1, expected, fmt.Sprintf("Pods are not distributed as expected on node %q", nodeNames[0]))
|
|
framework.ExpectEqual(numInNode2, expected, fmt.Sprintf("Pods are not distributed as expected on node %q", nodeNames[1]))
|
|
})
|
|
})
|
|
|
|
ginkgo.It("validates Pods with non-empty schedulingGates are blocked on scheduling", func(ctx context.Context) {
|
|
podLabel := "e2e-scheduling-gates"
|
|
replicas := 3
|
|
ginkgo.By(fmt.Sprintf("Creating a ReplicaSet with replicas=%v, carrying scheduling gates [foo bar]", replicas))
|
|
rsConfig := pauseRSConfig{
|
|
Replicas: int32(replicas),
|
|
PodConfig: pausePodConfig{
|
|
Name: podLabel,
|
|
Namespace: ns,
|
|
Labels: map[string]string{podLabel: ""},
|
|
SchedulingGates: []v1.PodSchedulingGate{
|
|
{Name: "foo"},
|
|
{Name: "bar"},
|
|
},
|
|
},
|
|
}
|
|
createPauseRS(ctx, f, rsConfig)
|
|
|
|
ginkgo.By("Expect all pods stay in pending state")
|
|
podList, err := e2epod.WaitForNumberOfPods(ctx, cs, ns, replicas, time.Minute)
|
|
framework.ExpectNoError(err)
|
|
framework.ExpectNoError(e2epod.WaitForPodsSchedulingGated(cs, ns, replicas, time.Minute))
|
|
|
|
ginkgo.By("Remove one scheduling gate")
|
|
want := []v1.PodSchedulingGate{{Name: "bar"}}
|
|
var pods []*v1.Pod
|
|
for _, pod := range podList.Items {
|
|
clone := pod.DeepCopy()
|
|
clone.Spec.SchedulingGates = want
|
|
live, err := patchPod(cs, &pod, clone)
|
|
framework.ExpectNoError(err)
|
|
pods = append(pods, live)
|
|
}
|
|
|
|
ginkgo.By("Expect all pods carry one scheduling gate and are still in pending state")
|
|
framework.ExpectNoError(e2epod.WaitForPodsWithSchedulingGates(cs, ns, replicas, time.Minute, want))
|
|
framework.ExpectNoError(e2epod.WaitForPodsSchedulingGated(cs, ns, replicas, time.Minute))
|
|
|
|
ginkgo.By("Remove the remaining scheduling gates")
|
|
for _, pod := range pods {
|
|
clone := pod.DeepCopy()
|
|
clone.Spec.SchedulingGates = nil
|
|
_, err := patchPod(cs, pod, clone)
|
|
framework.ExpectNoError(err)
|
|
}
|
|
|
|
ginkgo.By("Expect all pods are scheduled and running")
|
|
framework.ExpectNoError(e2epod.WaitForPodsRunning(cs, ns, replicas, time.Minute))
|
|
})
|
|
})
|
|
|
|
func patchPod(cs clientset.Interface, old, new *v1.Pod) (*v1.Pod, error) {
|
|
oldData, err := json.Marshal(old)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
newData, err := json.Marshal(new)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
patchBytes, err := strategicpatch.CreateTwoWayMergePatch(oldData, newData, &v1.Pod{})
|
|
if err != nil {
|
|
return nil, fmt.Errorf("failed to create merge patch for Pod %q: %w", old.Name, err)
|
|
}
|
|
return cs.CoreV1().Pods(new.Namespace).Patch(context.TODO(), new.Name, types.StrategicMergePatchType, patchBytes, metav1.PatchOptions{})
|
|
}
|
|
|
|
// printAllPodsOnNode outputs status of all kubelet pods into log.
|
|
func printAllPodsOnNode(ctx context.Context, c clientset.Interface, nodeName string) {
|
|
podList, err := c.CoreV1().Pods(metav1.NamespaceAll).List(ctx, metav1.ListOptions{FieldSelector: "spec.nodeName=" + nodeName})
|
|
if err != nil {
|
|
framework.Logf("Unable to retrieve pods for node %v: %v", nodeName, err)
|
|
return
|
|
}
|
|
for _, p := range podList.Items {
|
|
framework.Logf("%v from %v started at %v (%d container statuses recorded)", p.Name, p.Namespace, p.Status.StartTime, len(p.Status.ContainerStatuses))
|
|
for _, c := range p.Status.ContainerStatuses {
|
|
framework.Logf("\tContainer %v ready: %v, restart count %v",
|
|
c.Name, c.Ready, c.RestartCount)
|
|
}
|
|
}
|
|
}
|
|
|
|
func initPausePod(f *framework.Framework, conf pausePodConfig) *v1.Pod {
|
|
var gracePeriod = int64(1)
|
|
pod := &v1.Pod{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: conf.Name,
|
|
Namespace: conf.Namespace,
|
|
Labels: map[string]string{},
|
|
Annotations: map[string]string{},
|
|
OwnerReferences: conf.OwnerReferences,
|
|
Finalizers: conf.Finalizers,
|
|
},
|
|
Spec: v1.PodSpec{
|
|
SecurityContext: e2epod.GetRestrictedPodSecurityContext(),
|
|
NodeSelector: conf.NodeSelector,
|
|
Affinity: conf.Affinity,
|
|
TopologySpreadConstraints: conf.TopologySpreadConstraints,
|
|
RuntimeClassName: conf.RuntimeClassHandler,
|
|
Containers: []v1.Container{
|
|
{
|
|
Name: conf.Name,
|
|
Image: imageutils.GetPauseImageName(),
|
|
Ports: conf.Ports,
|
|
SecurityContext: e2epod.GetRestrictedContainerSecurityContext(),
|
|
},
|
|
},
|
|
Tolerations: conf.Tolerations,
|
|
PriorityClassName: conf.PriorityClassName,
|
|
TerminationGracePeriodSeconds: &gracePeriod,
|
|
SchedulingGates: conf.SchedulingGates,
|
|
},
|
|
}
|
|
for key, value := range conf.Labels {
|
|
pod.ObjectMeta.Labels[key] = value
|
|
}
|
|
for key, value := range conf.Annotations {
|
|
pod.ObjectMeta.Annotations[key] = value
|
|
}
|
|
// TODO: setting the Pod's nodeAffinity instead of setting .spec.nodeName works around the
|
|
// Preemption e2e flake (#88441), but we should investigate deeper to get to the bottom of it.
|
|
if len(conf.NodeName) != 0 {
|
|
e2epod.SetNodeAffinity(&pod.Spec, conf.NodeName)
|
|
}
|
|
if conf.Resources != nil {
|
|
pod.Spec.Containers[0].Resources = *conf.Resources
|
|
}
|
|
if conf.DeletionGracePeriodSeconds != nil {
|
|
pod.ObjectMeta.DeletionGracePeriodSeconds = conf.DeletionGracePeriodSeconds
|
|
}
|
|
return pod
|
|
}
|
|
|
|
func createPausePod(ctx context.Context, f *framework.Framework, conf pausePodConfig) *v1.Pod {
|
|
namespace := conf.Namespace
|
|
if len(namespace) == 0 {
|
|
namespace = f.Namespace.Name
|
|
}
|
|
pod, err := f.ClientSet.CoreV1().Pods(namespace).Create(ctx, initPausePod(f, conf), metav1.CreateOptions{})
|
|
framework.ExpectNoError(err)
|
|
return pod
|
|
}
|
|
|
|
func runPausePod(ctx context.Context, f *framework.Framework, conf pausePodConfig) *v1.Pod {
|
|
pod := createPausePod(ctx, f, conf)
|
|
framework.ExpectNoError(e2epod.WaitTimeoutForPodRunningInNamespace(ctx, f.ClientSet, pod.Name, pod.Namespace, f.Timeouts.PodStartShort))
|
|
pod, err := f.ClientSet.CoreV1().Pods(pod.Namespace).Get(ctx, conf.Name, metav1.GetOptions{})
|
|
framework.ExpectNoError(err)
|
|
return pod
|
|
}
|
|
|
|
func runPodAndGetNodeName(ctx context.Context, f *framework.Framework, conf pausePodConfig) string {
|
|
// launch a pod to find a node which can launch a pod. We intentionally do
|
|
// not just take the node list and choose the first of them. Depending on the
|
|
// cluster and the scheduler it might be that a "normal" pod cannot be
|
|
// scheduled onto it.
|
|
pod := runPausePod(ctx, f, conf)
|
|
|
|
ginkgo.By("Explicitly delete pod here to free the resource it takes.")
|
|
err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Delete(ctx, pod.Name, *metav1.NewDeleteOptions(0))
|
|
framework.ExpectNoError(err)
|
|
|
|
return pod.Spec.NodeName
|
|
}
|
|
|
|
func getRequestedCPU(pod v1.Pod) int64 {
|
|
var result int64
|
|
for _, container := range pod.Spec.Containers {
|
|
result += container.Resources.Requests.Cpu().MilliValue()
|
|
}
|
|
return result
|
|
}
|
|
|
|
func getRequestedStorageEphemeralStorage(pod v1.Pod) int64 {
|
|
var result int64
|
|
for _, container := range pod.Spec.Containers {
|
|
result += container.Resources.Requests.StorageEphemeral().Value()
|
|
}
|
|
return result
|
|
}
|
|
|
|
// removeTaintFromNodeAction returns a closure that removes the given taint
|
|
// from the given node upon invocation.
|
|
func removeTaintFromNodeAction(cs clientset.Interface, nodeName string, testTaint v1.Taint) Action {
|
|
return func(ctx context.Context) error {
|
|
e2enode.RemoveTaintOffNode(ctx, cs, nodeName, testTaint)
|
|
return nil
|
|
}
|
|
}
|
|
|
|
// createPausePodAction returns a closure that creates a pause pod upon invocation.
|
|
func createPausePodAction(f *framework.Framework, conf pausePodConfig) Action {
|
|
return func(ctx context.Context) error {
|
|
_, err := f.ClientSet.CoreV1().Pods(f.Namespace.Name).Create(ctx, initPausePod(f, conf), metav1.CreateOptions{})
|
|
return err
|
|
}
|
|
}
|
|
|
|
// WaitForSchedulerAfterAction performs the provided action and then waits for
|
|
// scheduler to act on the given pod.
|
|
func WaitForSchedulerAfterAction(ctx context.Context, f *framework.Framework, action Action, ns, podName string, expectSuccess bool) {
|
|
predicate := scheduleFailureEvent(podName)
|
|
if expectSuccess {
|
|
predicate = scheduleSuccessEvent(ns, podName, "" /* any node */)
|
|
}
|
|
observed, err := observeEventAfterAction(ctx, f.ClientSet, f.Namespace.Name, predicate, action)
|
|
framework.ExpectNoError(err)
|
|
if expectSuccess && !observed {
|
|
framework.Failf("Did not observe success event after performing the supplied action for pod %v", podName)
|
|
}
|
|
if !expectSuccess && !observed {
|
|
framework.Failf("Did not observe failed event after performing the supplied action for pod %v", podName)
|
|
}
|
|
}
|
|
|
|
// TODO: upgrade calls in PodAffinity tests when we're able to run them
|
|
func verifyResult(ctx context.Context, c clientset.Interface, expectedScheduled int, expectedNotScheduled int, ns string) {
|
|
allPods, err := c.CoreV1().Pods(ns).List(ctx, metav1.ListOptions{})
|
|
framework.ExpectNoError(err)
|
|
scheduledPods, notScheduledPods := GetPodsScheduled(workerNodes, allPods)
|
|
|
|
framework.ExpectEqual(len(notScheduledPods), expectedNotScheduled, fmt.Sprintf("Not scheduled Pods: %#v", notScheduledPods))
|
|
framework.ExpectEqual(len(scheduledPods), expectedScheduled, fmt.Sprintf("Scheduled Pods: %#v", scheduledPods))
|
|
}
|
|
|
|
// GetNodeThatCanRunPod trying to launch a pod without a label to get a node which can launch it
|
|
func GetNodeThatCanRunPod(ctx context.Context, f *framework.Framework) string {
|
|
ginkgo.By("Trying to launch a pod without a label to get a node which can launch it.")
|
|
return runPodAndGetNodeName(ctx, f, pausePodConfig{Name: "without-label"})
|
|
}
|
|
|
|
// Get2NodesThatCanRunPod return a 2-node slice where can run pod.
|
|
func Get2NodesThatCanRunPod(ctx context.Context, f *framework.Framework) []string {
|
|
firstNode := GetNodeThatCanRunPod(ctx, f)
|
|
ginkgo.By("Trying to launch a pod without a label to get a node which can launch it.")
|
|
pod := pausePodConfig{
|
|
Name: "without-label",
|
|
Affinity: &v1.Affinity{
|
|
NodeAffinity: &v1.NodeAffinity{
|
|
RequiredDuringSchedulingIgnoredDuringExecution: &v1.NodeSelector{
|
|
NodeSelectorTerms: []v1.NodeSelectorTerm{
|
|
{
|
|
MatchFields: []v1.NodeSelectorRequirement{
|
|
{Key: "metadata.name", Operator: v1.NodeSelectorOpNotIn, Values: []string{firstNode}},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
secondNode := runPodAndGetNodeName(ctx, f, pod)
|
|
return []string{firstNode, secondNode}
|
|
}
|
|
|
|
func getNodeThatCanRunPodWithoutToleration(ctx context.Context, f *framework.Framework) string {
|
|
ginkgo.By("Trying to launch a pod without a toleration to get a node which can launch it.")
|
|
return runPodAndGetNodeName(ctx, f, pausePodConfig{Name: "without-toleration"})
|
|
}
|
|
|
|
// CreateHostPortPods creates RC with host port 4321
|
|
func CreateHostPortPods(ctx context.Context, f *framework.Framework, id string, replicas int, expectRunning bool) {
|
|
ginkgo.By("Running RC which reserves host port")
|
|
config := &testutils.RCConfig{
|
|
Client: f.ClientSet,
|
|
Name: id,
|
|
Namespace: f.Namespace.Name,
|
|
Timeout: defaultTimeout,
|
|
Image: imageutils.GetPauseImageName(),
|
|
Replicas: replicas,
|
|
HostPorts: map[string]int{"port1": 4321},
|
|
}
|
|
err := e2erc.RunRC(ctx, *config)
|
|
if expectRunning {
|
|
framework.ExpectNoError(err)
|
|
}
|
|
}
|
|
|
|
// CreateNodeSelectorPods creates RC with host port 4321 and defines node selector
|
|
func CreateNodeSelectorPods(ctx context.Context, f *framework.Framework, id string, replicas int, nodeSelector map[string]string, expectRunning bool) error {
|
|
ginkgo.By("Running RC which reserves host port and defines node selector")
|
|
|
|
config := &testutils.RCConfig{
|
|
Client: f.ClientSet,
|
|
Name: id,
|
|
Namespace: f.Namespace.Name,
|
|
Timeout: defaultTimeout,
|
|
Image: imageutils.GetPauseImageName(),
|
|
Replicas: replicas,
|
|
HostPorts: map[string]int{"port1": 4321},
|
|
NodeSelector: nodeSelector,
|
|
}
|
|
err := e2erc.RunRC(ctx, *config)
|
|
if expectRunning {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
// create pod which using hostport on the specified node according to the nodeSelector
|
|
// it starts an http server on the exposed port
|
|
func createHostPortPodOnNode(ctx context.Context, f *framework.Framework, podName, ns, hostIP string, port int32, protocol v1.Protocol, nodeSelector map[string]string, expectScheduled bool) {
|
|
hostPortPod := &v1.Pod{
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
Name: podName,
|
|
},
|
|
Spec: v1.PodSpec{
|
|
Containers: []v1.Container{
|
|
{
|
|
Name: "agnhost",
|
|
Image: imageutils.GetE2EImage(imageutils.Agnhost),
|
|
Args: []string{"netexec", "--http-port=8080", "--udp-port=8080"},
|
|
Ports: []v1.ContainerPort{
|
|
{
|
|
HostPort: port,
|
|
ContainerPort: 8080,
|
|
Protocol: protocol,
|
|
HostIP: hostIP,
|
|
},
|
|
},
|
|
ReadinessProbe: &v1.Probe{
|
|
ProbeHandler: v1.ProbeHandler{
|
|
HTTPGet: &v1.HTTPGetAction{
|
|
Path: "/hostname",
|
|
Port: intstr.IntOrString{
|
|
IntVal: int32(8080),
|
|
},
|
|
Scheme: v1.URISchemeHTTP,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
NodeSelector: nodeSelector,
|
|
},
|
|
}
|
|
_, err := f.ClientSet.CoreV1().Pods(ns).Create(ctx, hostPortPod, metav1.CreateOptions{})
|
|
framework.ExpectNoError(err)
|
|
|
|
err = e2epod.WaitForPodNotPending(ctx, f.ClientSet, ns, podName)
|
|
if expectScheduled {
|
|
framework.ExpectNoError(err)
|
|
}
|
|
}
|
|
|
|
// GetPodsScheduled returns a number of currently scheduled and not scheduled Pods on worker nodes.
|
|
func GetPodsScheduled(workerNodes sets.String, pods *v1.PodList) (scheduledPods, notScheduledPods []v1.Pod) {
|
|
for _, pod := range pods.Items {
|
|
if pod.Spec.NodeName != "" && workerNodes.Has(pod.Spec.NodeName) {
|
|
_, scheduledCondition := podutil.GetPodCondition(&pod.Status, v1.PodScheduled)
|
|
if scheduledCondition == nil {
|
|
framework.Failf("Did not find 'scheduled' condition for pod %+v", podName)
|
|
}
|
|
if scheduledCondition.Status != v1.ConditionTrue {
|
|
framework.Failf("PodStatus isn't 'true' for pod %+v", podName)
|
|
}
|
|
scheduledPods = append(scheduledPods, pod)
|
|
} else if pod.Spec.NodeName == "" {
|
|
notScheduledPods = append(notScheduledPods, pod)
|
|
}
|
|
}
|
|
return
|
|
}
|
|
|
|
// getNodeHostIP returns the first internal IP on the node matching the main Cluster IP family
|
|
func getNodeHostIP(ctx context.Context, f *framework.Framework, nodeName string) string {
|
|
// Get the internal HostIP of the node
|
|
family := v1.IPv4Protocol
|
|
if framework.TestContext.ClusterIsIPv6() {
|
|
family = v1.IPv6Protocol
|
|
}
|
|
node, err := f.ClientSet.CoreV1().Nodes().Get(ctx, nodeName, metav1.GetOptions{})
|
|
framework.ExpectNoError(err)
|
|
ips := e2enode.GetAddressesByTypeAndFamily(node, v1.NodeInternalIP, family)
|
|
framework.ExpectNotEqual(len(ips), 0)
|
|
return ips[0]
|
|
}
|