Eviction admitter: Extract isVirtLauncher function

Currently, it is not possible to filter eviction requests by pod label [1][2], thus unfortunately the admitter intercepts all eviction requests in the cluster - including for pods that are not virt-launchers. The admitter checks whether an evicted pod is a virt-launcher by checking the the existence and value of the `kubevirt.io` label. Extract this logic into a function for better readability. The value of the `kubevirt.io/domain` annotation on the virt-launcher pod, represents the name of its controlling VMI. Rename the `domainName` variable to `vmiName` in order to better describe its purpose. [1] kubernetes/kubernetes#110169 (comment) [2] https://kubernetes.slack.com/archives/C0EG7JC6T/p1707054818877809 Signed-off-by: Orel Misan <omisan@redhat.com>
orelmisan · Apr 30, 2024 · fadae4f · fadae4f
1 parent 5ecef19
commit fadae4f
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/pkg/virt-api/webhooks/validating-webhook/admitters/pod-eviction-admitter.go b/pkg/virt-api/webhooks/validating-webhook/admitters/pod-eviction-admitter.go
@@ -8,6 +8,7 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 
 	admissionv1 "k8s.io/api/admission/v1"
+	k8scorev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	virtv1 "kubevirt.io/api/core/v1"
@@ -29,16 +30,16 @@ func (admitter *PodEvictionAdmitter) Admit(ar *admissionv1.AdmissionReview) *adm
 		return validating_webhooks.NewPassingAdmissionResponse()
 	}
 
-	if value, exists := launcher.GetLabels()[virtv1.AppLabel]; !exists || value != "virt-launcher" {
+	if !isVirtLauncher(launcher) {
 		return validating_webhooks.NewPassingAdmissionResponse()
 	}
 
-	domainName, exists := launcher.GetAnnotations()[virtv1.DomainAnnotation]
+	vmiName, exists := launcher.GetAnnotations()[virtv1.DomainAnnotation]
 	if !exists {
 		return validating_webhooks.NewPassingAdmissionResponse()
 	}
 
-	vmi, err := admitter.VirtClient.VirtualMachineInstance(ar.Request.Namespace).Get(context.Background(), domainName, metav1.GetOptions{})
+	vmi, err := admitter.VirtClient.VirtualMachineInstance(ar.Request.Namespace).Get(context.Background(), vmiName, metav1.GetOptions{})
 	if err != nil {
 		return denied(fmt.Sprintf("kubevirt failed getting the vmi: %s", err.Error()))
 	}
@@ -105,3 +106,7 @@ func denied(message string) *admissionv1.AdmissionResponse {
 		},
 	}
 }
+
+func isVirtLauncher(pod *k8scorev1.Pod) bool {
+	return pod.Labels[virtv1.AppLabel] == "virt-launcher"
+}