-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
pod constraints func for quota validates resources #25487
Conversation
/cc @huang195 - this fixes the issue you reported. |
GCE e2e build/test passed for commit 8b8a22b. |
Is this the only way to fix the reported issue? I feel like there's probably N ways to make an invalid pod and by the time you fix them all you'll have reimplemented pod validation. Why not just call the actual pod validation method? (also ugh, but better than code duplication) |
Without the separation of the admission queues, I don't think we can
assume quota is far enough along the queue to be able to invoke
validation safely. It probably is... But I'd rather not risk that
without solving the queue problem.
|
@lavalamp - the object lacks a UID and may not have Name at this point, so I cannot call the pod validate directly. agree it's not ideal. |
alternative is that quota could do name and uid assignment, and call validate pod directly. |
Veto. On May 12, 2016, at 7:30 PM, Derek Carr notifications@github.com wrote: alternative is that quota could do name and uid assignment, and call — |
Can we call the resource validation directly somehow? On May 12, 2016, at 7:30 PM, Derek Carr notifications@github.com wrote: alternative is that quota could do name and uid assignment, and call — |
thats what I am doing: https://github.com/kubernetes/kubernetes/pull/25487/files#diff-9b60439f29cb51347a55472508f51f60R83 Overall, I am fine keeping this as-is for now. |
Fixes #25484
This prevents quota from prematurely charging for quota usage around a pod when the pod had invalid resources. For example, if a container limit < container request, prior to this a quota would charge the usage, but the pod failed validation.
We do not do full validation on the pod because at this point, the pod does not have all of ObjectMeta filled out.
/cc @smarterclayton