Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

pub support to configure Evict,Delete,Update Operation #1126

Merged
merged 1 commit into from
Nov 17, 2022
Merged

pub support to configure Evict,Delete,Update Operation #1126

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 6 additions & 4 deletions apis/policy/v1alpha1/podunavailablebudget_types.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,14 +27,16 @@ import (
type PubOperation string

const (
// PubProtectOperationAnnotation indicates the pub protected Operation[DELETE,UPDATE]
// the following indicates the pub only protect DELETE,UPDATE Operation
// annotations[kruise.io/pub-protect-operations]=DELETE,UPDATE
// if the annotations do not exist, the default DELETE and UPDATE are protected
// PubProtectOperationAnnotation indicates the pub protected Operation[DELETE,UPDATE,EVICT]
// if annotations[kruise.io/pub-protect-operations]=EVICT indicates the pub only protect evict pod
// if the annotations do not exist, the default DELETE,EVICT,UPDATE are protected
PubProtectOperationAnnotation = "kruise.io/pub-protect-operations"
// pod webhook operation
PubUpdateOperation PubOperation = "UPDATE"
PubDeleteOperation PubOperation = "DELETE"
PubEvictOperation PubOperation = "EVICT"
// Marked the pod will not be pub-protected, solving the scenario of force pod deletion
PodPubNoProtectionAnnotation = "pub.kruise.io/no-protect"
)

// PodUnavailableBudgetSpec defines the desired state of PodUnavailableBudget
Expand Down
6 changes: 2 additions & 4 deletions pkg/control/pubcontrol/pub_control_utils.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,8 +51,6 @@ var ConflictRetry = wait.Backoff{
}

const (
// Marked pods will not be pub-protected, solving the scenario of force pod deletion
PodPubNoProtectionAnnotation = "pub.kruise.io/no-protect"
// related-pub annotation in pod
PodRelatedPubAnnotation = "kruise.io/related-pub"
)
Expand All @@ -64,8 +62,8 @@ func PodUnavailableBudgetValidatePod(client client.Client, control PubControl, p
klog.V(3).Infof("validating pod(%s/%s) operation(%s) for PodUnavailableBudget", pod.Namespace, pod.Name, operation)
// pods that contain annotations[pod.kruise.io/pub-no-protect]="true" will be ignore
// and will no longer check the pub quota
if pod.Annotations[PodPubNoProtectionAnnotation] == "true" {
klog.V(3).Infof("pod(%s/%s) contains annotations[%s]=true, then don't need check pub", pod.Namespace, pod.Name, PodPubNoProtectionAnnotation)
if pod.Annotations[policyv1alpha1.PodPubNoProtectionAnnotation] == "true" {
klog.V(3).Infof("pod(%s/%s) contains annotations[%s]=true, then don't need check pub", pod.Namespace, pod.Name, policyv1alpha1.PodPubNoProtectionAnnotation)
return true, "", nil
// If the pod is not ready, it doesn't count towards healthy and we should not decrement
} else if !control.IsPodReady(pod) {
Expand Down
14 changes: 1 addition & 13 deletions pkg/webhook/pod/validating/pod_unavailable_budget.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,23 +34,11 @@ import (
// +kubebuilder:rbac:groups=policy.kruise.io,resources=podunavailablebudgets,verbs=get;list;watch;create;update;patch;delete
// +kubebuilder:rbac:groups=policy.kruise.io,resources=podunavailablebudgets/status,verbs=get;update;patch

var (
// IgnoredNamespaces specifies the namespaces where Pods won't get injected
IgnoredNamespaces = []string{"kube-system", "kube-public"}
)

// parameters:
// 1. allowed(bool) whether to allow this request
// 2. reason(string)
// 3. err(error)
func (p *PodCreateHandler) podUnavailableBudgetValidatingPod(ctx context.Context, req admission.Request) (bool, string, error) {
// ignore kube-system, kube-public
for _, namespace := range IgnoredNamespaces {
if req.Namespace == namespace {
return true, "", nil
}
}

var checkPod *corev1.Pod
var dryRun bool
var operation policyv1alpha1.PubOperation
Expand Down Expand Up @@ -131,7 +119,7 @@ func (p *PodCreateHandler) podUnavailableBudgetValidatingPod(ctx context.Context
if err = p.Client.Get(ctx, key, checkPod); err != nil {
return false, "", err
}
operation = policyv1alpha1.PubDeleteOperation
operation = policyv1alpha1.PubEvictOperation
}

if checkPod.Annotations[pubcontrol.PodRelatedPubAnnotation] == "" {
Expand Down
3 changes: 1 addition & 2 deletions test/e2e/policy/podunavailablebudget.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ import (
appsv1alpha1 "github.com/openkruise/kruise/apis/apps/v1alpha1"
policyv1alpha1 "github.com/openkruise/kruise/apis/policy/v1alpha1"
kruiseclientset "github.com/openkruise/kruise/pkg/client/clientset/versioned"
"github.com/openkruise/kruise/pkg/control/pubcontrol"
"github.com/openkruise/kruise/test/e2e/framework"
corev1 "k8s.io/api/core/v1"
policy "k8s.io/api/policy/v1beta1"
Expand Down Expand Up @@ -154,7 +153,7 @@ var _ = SIGDescribe("PodUnavailableBudget", func() {
if podIn.Annotations == nil {
podIn.Annotations = map[string]string{}
}
podIn.Annotations[pubcontrol.PodPubNoProtectionAnnotation] = "true"
podIn.Annotations[policyv1alpha1.PodPubNoProtectionAnnotation] = "true"
_, err = c.CoreV1().Pods(deployment.Namespace).Update(context.TODO(), podIn, metav1.UpdateOptions{})
gomega.Expect(err).NotTo(gomega.HaveOccurred())
time.Sleep(time.Second)
Expand Down