Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Runtimeclass admission #78484

Merged
merged 4 commits into from Jun 29, 2019

Conversation

@egernst
Copy link
Contributor

commented May 29, 2019

/kind feature
What this PR does / why we need it:

Which issue(s) this PR fixes:

For kubernetes/enhancements#688

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

(captured by #76968)

Introduce a new admission controller for RuntimeClass. Initially, RuntimeClass will be used to apply the pod overhead associated with a given RuntimeClass to the Pod.Spec if a corresponding RuntimeClassName is specified.

PodOverhead is an alpha feature as of Kubernetes 1.16.

Depends on:
#76968

@fejta-bot

This comment has been minimized.

Copy link

commented May 29, 2019

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@yue9944882
Copy link
Member

left a comment

left some review comments under package plugin/pkg/admission/...

Show resolved Hide resolved plugin/pkg/admission/runtimeclass/admission.go Outdated
Show resolved Hide resolved plugin/pkg/admission/runtimeclass/admission.go Outdated
}

default:
return fmt.Errorf("invalid value for admissionPhase: %s", admissionPhase)

This comment has been minimized.

Copy link
@yue9944882

yue9944882 May 31, 2019

Member

nit: admissionPhase sounds a bit odd to me. the mutating and validating logic should better be separated i suppose? ping @liggitt for suggestions.

This comment has been minimized.

Copy link
@egernst

egernst Jun 5, 2019

Author Contributor

Yeah, names are hard. I wanted to deduplicate some of the boiler plate handling that is needed for both mutation and validation phases of the controller. Happy to hear better suggestions for the name.

This comment has been minimized.

Copy link
@tallclair

tallclair Jun 14, 2019

Member

optional: Alternatively, just put the boilerplate in a helper:

pod, runtimeClass, err := r.prepareObjects(attributes)

(needs a better name though)

This comment has been minimized.

Copy link
@egernst

egernst Jun 17, 2019

Author Contributor

Updated to add the helper. I named it prepareObjects, but am going to go for a two hour bike ride this evening and think of a more appropriate name.

@fedebongio

This comment has been minimized.

Copy link
Contributor

commented May 31, 2019

/remove-sig api-machinery

@egernst egernst force-pushed the egernst:runtimeclass-admission branch from b7cbeaa to 3c91769 Jun 7, 2019

@yastij

This comment has been minimized.

Copy link
Member

commented Jun 12, 2019

@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 20, 2019

From verify:

plugin/pkg/admission/runtimeclass/admission_test.go:94:20: "gauranteed" is a misspelling of "guaranteed"

@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 20, 2019

/assign @thockin
for approval

@egernst egernst force-pushed the egernst:runtimeclass-admission branch from a637305 to e860830 Jun 20, 2019

@egernst

This comment has been minimized.

Copy link
Contributor Author

commented Jun 20, 2019

ack. updated. Thanks Tim.

egernst added some commits May 25, 2019

introduce RuntimeClass admission controller
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
autogenerated code update based in new plugin
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
add RuntimeClass admission controller plugin
Signed-off-by: Eric Ernst <eric.ernst@intel.com>
@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 27, 2019

Can you add an OWNERS file to the new admission controller. Approver should be me, and you can add yourself as a reviewer :)

@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 27, 2019

/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm and removed lgtm labels Jun 27, 2019

@egernst

This comment has been minimized.

Copy link
Contributor Author

commented Jun 27, 2019

added owners file

runtimeclass-admissioN: add owners file
add initial owners file for RuntimeClass admission controller

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 27, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm label Jun 27, 2019

@yastij

yastij approved these changes Jun 28, 2019

Copy link
Member

left a comment

/lgtm

}
}

// admissionAction handles Admit and Validate phases of admission, switching based on the admissionPhase parameter

This comment has been minimized.

Copy link
@tallclair

tallclair Jun 28, 2019

Member

Comment needs fixing


// getRuntimeClass will return a reference to the RuntimeClass object if it is found. If it cannot be found, or a RuntimeClassName
// is not provided in the pod spec, *node.RuntimeClass returned will be nil
func (r *RuntimeClass) getRuntimeClass(pod *api.Pod, runtimeClassName *string) (runtimeClass *v1beta1.RuntimeClass, err error) {

This comment has been minimized.

Copy link
@tallclair

tallclair Jun 28, 2019

Member

pod argument is unused

nit: this is only called from prepare objects, so I'd just inline it.

This comment has been minimized.

Copy link
@tedyu

tedyu Jun 29, 2019

Contributor

Handled in my PR #79565.


func setOverhead(a admission.Attributes, pod *api.Pod, runtimeClass *v1beta1.RuntimeClass) (err error) {

if runtimeClass != nil {

This comment has been minimized.

Copy link
@tallclair

tallclair Jun 28, 2019

Member

nit: prefer:

Suggested change
if runtimeClass != nil {
if runtimeClass == nil || runtimeclass.Overhead == nil {
return nil
}
// ...
@tallclair

This comment has been minimized.

Copy link
Member

commented Jun 28, 2019

/unassign @thockin
/assign @dchen1107

@k8s-ci-robot k8s-ci-robot assigned dchen1107 and unassigned thockin Jun 28, 2019

@dchen1107

This comment has been minimized.

Copy link
Member

commented Jun 28, 2019

/approve

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Jun 28, 2019

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dchen1107, egernst, tallclair

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@fejta-bot

This comment has been minimized.

Copy link

commented Jun 29, 2019

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

1 similar comment
@fejta-bot

This comment has been minimized.

Copy link

commented Jun 29, 2019

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel or /hold comment for consistent failures.

@k8s-ci-robot k8s-ci-robot merged commit e4f1588 into kubernetes:master Jun 29, 2019

23 checks passed

cla/linuxfoundation egernst authorized
Details
pull-kubernetes-bazel-build Job succeeded.
Details
pull-kubernetes-bazel-test Job succeeded.
Details
pull-kubernetes-conformance-image-test Skipped.
pull-kubernetes-cross Skipped.
pull-kubernetes-dependencies Job succeeded.
Details
pull-kubernetes-e2e-gce Job succeeded.
Details
pull-kubernetes-e2e-gce-100-performance Job succeeded.
Details
pull-kubernetes-e2e-gce-csi-serial Skipped.
pull-kubernetes-e2e-gce-device-plugin-gpu Job succeeded.
Details
pull-kubernetes-e2e-gce-iscsi Skipped.
pull-kubernetes-e2e-gce-iscsi-serial Skipped.
pull-kubernetes-e2e-gce-storage-slow Skipped.
pull-kubernetes-godeps Skipped.
pull-kubernetes-integration Job succeeded.
Details
pull-kubernetes-kubemark-e2e-gce-big Job succeeded.
Details
pull-kubernetes-local-e2e Skipped.
pull-kubernetes-node-e2e Job succeeded.
Details
pull-kubernetes-node-e2e-containerd Job succeeded.
Details
pull-kubernetes-typecheck Job succeeded.
Details
pull-kubernetes-verify Job succeeded.
Details
pull-publishing-bot-validate Skipped.
tide In merge pool.
Details
return err
}

if utilfeature.DefaultFeatureGate.Enabled(features.PodOverhead) {

This comment has been minimized.

Copy link
@tedyu

tedyu Jun 29, 2019

Contributor

I think this should be moved ahead of call to prepareObjects.
If the feature gate is disabled, pod, runtimeClass would not be used.


// getRuntimeClass will return a reference to the RuntimeClass object if it is found. If it cannot be found, or a RuntimeClassName
// is not provided in the pod spec, *node.RuntimeClass returned will be nil
func (r *RuntimeClass) getRuntimeClass(pod *api.Pod, runtimeClassName *string) (runtimeClass *v1beta1.RuntimeClass, err error) {

This comment has been minimized.

Copy link
@tedyu

tedyu Jun 29, 2019

Contributor

Handled in my PR #79565.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.