pod constraints func for quota validates resources #25487
Conversation
|
/cc @huang195 - this fixes the issue you reported. |
k8s-github-robot
added
size/S
smarterclayton
added
lgtm
k8s-github-robot
added
release-note-label-needed
and removed
lgtm
|
GCE e2e build/test passed for commit 8b8a22b. |
derekwaynecarr
added
release-note-none
|
Is this the only way to fix the reported issue? I feel like there's probably N ways to make an invalid pod and by the time you fix them all you'll have reimplemented pod validation. Why not just call the actual pod validation method? (also ugh, but better than code duplication) |
|
Without the separation of the admission queues, I don't think we can
assume quota is far enough along the queue to be able to invoke
validation safely. It probably is... But I'd rather not risk that
without solving the queue problem.
|
|
@lavalamp - the object lacks a UID and may not have Name at this point, so I cannot call the pod validate directly. agree it's not ideal. |
|
alternative is that quota could do name and uid assignment, and call validate pod directly. |
|
Veto. On May 12, 2016, at 7:30 PM, Derek Carr notifications@github.com wrote: alternative is that quota could do name and uid assignment, and call — |
|
Can we call the resource validation directly somehow? On May 12, 2016, at 7:30 PM, Derek Carr notifications@github.com wrote: alternative is that quota could do name and uid assignment, and call — |
|
thats what I am doing: https://github.com/kubernetes/kubernetes/pull/25487/files#diff-9b60439f29cb51347a55472508f51f60R83 Overall, I am fine keeping this as-is for now. |
Fixes #25484
This prevents quota from prematurely charging for quota usage around a pod when the pod had invalid resources. For example, if a container limit < container request, prior to this a quota would charge the usage, but the pod failed validation.
We do not do full validation on the pod because at this point, the pod does not have all of ObjectMeta filled out.
/cc @smarterclayton