Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[WIP] feat: add limited resource for critical pod in all namespaces - part2 #82575

Draft
wants to merge 5 commits into
base: master
from

Conversation

@draveness
Copy link
Member

commented Sep 11, 2019

/kind feature
/priority important-soon
/sig scheduling

What this PR does / why we need it:

  • Create a AdmissionConfiguration object with limitedResources to prevent creation of system critical pods in all namespaces
  • Add a default quota with scope selector to allow critical pods to be created in kube-system namespace only

Which issue(s) this PR fixes:

ref: #82480

Special notes for your reviewer:

This PR depends on the following PRs, to save your time please review commits after feat: relex namespace restrictions for critical pod

Does this PR introduce a user-facing change?:

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/blob/master/keps/sig-scheduling/20190409-resource-quota-ga.md

@k8s-ci-robot k8s-ci-robot requested review from deads2k and yue9944882 Sep 11, 2019

@draveness draveness changed the title feat: add limited resource for critical pod in all namespaces [WIP] feat: add limited resource for critical pod in all namespaces - part2 Sep 11, 2019

@k8s-ci-robot k8s-ci-robot added size/L and removed size/M labels Sep 11, 2019

@draveness draveness force-pushed the draveness:feature/add-limitation-to-add-namesapces branch 2 times, most recently from afd5d63 to 9403900 Sep 11, 2019

@draveness

This comment has been minimized.

Copy link
Member Author

commented Sep 13, 2019

/retest

@draveness draveness force-pushed the draveness:feature/add-limitation-to-add-namesapces branch 2 times, most recently from 132fe49 to 410a1e8 Sep 13, 2019

@draveness draveness force-pushed the draveness:feature/add-limitation-to-add-namesapces branch 3 times, most recently from cd8e979 to 5839908 Sep 13, 2019

@draveness

This comment has been minimized.

Copy link
Member Author

commented Sep 17, 2019

/retest

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Sep 17, 2019

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: draveness
To complete the pull request process, please assign deads2k
You can assign the PR to them by writing /assign @deads2k in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@draveness draveness force-pushed the draveness:feature/add-limitation-to-add-namesapces branch from f9a2fbf to 0238a9e Sep 17, 2019

@draveness draveness force-pushed the draveness:feature/add-limitation-to-add-namesapces branch from dae987c to 965af67 Sep 17, 2019

@k8s-ci-robot

This comment has been minimized.

Copy link
Contributor

commented Sep 17, 2019

@draveness: The following test failed, say /retest to rerun them all:

Test name Commit Details Rerun command
pull-kubernetes-integration 965af67 link /test pull-kubernetes-integration

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.