scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-01 02:38:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

api: reject removing requsets & limits for Burstable pods.

Browse Source
This commit is contained in:
Anish Shah
2024-11-07 13:23:33 -08:00
parent 210f129bb0
commit 7680f0f293
3 changed files with 200 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
pkg/apis/core/validation/validation_test.go
View File

@@ -25090,6 +25090,8 @@ func TestValidateSELinuxChangePolicy(t *testing.T) {
}
func TestValidatePodResize(t *testing.T) {
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.SidecarContainers, true)
mkPod := func(req, lim core.ResourceList, tweaks ...podtest.Tweak) *core.Pod {
return podtest.MakePod("pod", append(tweaks,
podtest.SetContainers(
@@ -25106,6 +25108,23 @@ func TestValidatePodResize(t *testing.T) {
)...)
}
mkPodWithInitContainers := func(req, lim core.ResourceList, restartPolicy core.ContainerRestartPolicy, tweaks ...podtest.Tweak) *core.Pod {
return podtest.MakePod("pod", append(tweaks,
podtest.SetInitContainers(
podtest.MakeContainer(
"container",
podtest.SetContainerResources(
core.ResourceRequirements{
Requests: req,
Limits: lim,
},
),
podtest.SetContainerRestartPolicy(restartPolicy),
),
),
)...)
}
tests := []struct {
test string
old *core.Pod
@@ -25157,20 +25176,10 @@ func TestValidatePodResize(t *testing.T) {
old: mkPod(getResources("100m", "100Mi", "", ""), core.ResourceList{}),
new: mkPod(getResources("100m", "100Mi", "", ""), getResources("200m", "200Mi", "", "")),
err: "",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove limits",
old: mkPod(getResources("100m", "100Mi", "", ""), getResources("200m", "200Mi", "", "")),
new: mkPod(getResources("100m", "100Mi", "", ""), core.ResourceList{}),
err: "",
}, {
test: "Pod QoS unchanged, burstable -> burstable, add requests",
old: mkPod(core.ResourceList{}, getResources("200m", "500Mi", "1Gi", "")),
new: mkPod(getResources("300m", "", "", ""), getResources("400m", "", "1Gi", "")),
err: "",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove requests",
old: mkPod(getResources("100m", "200Mi", "", ""), getResources("200m", "300Mi", "2Gi", "")),
new: mkPod(core.ResourceList{}, getResources("400m", "500Mi", "2Gi", "")),
new: mkPod(getResources("300m", "", "", ""), getResources("400m", "500Mi", "1Gi", "")),
err: "",
}, {
test: "Pod QoS change, guaranteed -> burstable",
@@ -25202,6 +25211,71 @@ func TestValidatePodResize(t *testing.T) {
old: mkPod(core.ResourceList{}, getResources("100m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
new: mkPod(core.ResourceList{}, getResources("200m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
err: "Forbidden: windows pods cannot be resized",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu limit",
old: mkPod(core.ResourceList{}, getResources("100m", "100Mi", "", "")),
new: mkPod(core.ResourceList{}, getResources("", "100Mi", "", "")),
err: "spec.containers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove memory limit",
old: mkPod(core.ResourceList{}, getResources("100m", "100Mi", "", "")),
new: mkPod(core.ResourceList{}, getResources("100m", "", "", "")),
err: "spec.containers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu request",
old: mkPod(getResources("100m", "100Mi", "", ""), core.ResourceList{}),
new: mkPod(getResources("", "100Mi", "", ""), core.ResourceList{}),
err: "spec.containers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove memory request",
old: mkPod(getResources("100m", "100Mi", "", ""), core.ResourceList{}),
new: mkPod(getResources("100m", "", "", ""), core.ResourceList{}),
err: "spec.containers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu and memory limits",
old: mkPod(getResources("100m", "", "", ""), getResources("100m", "100Mi", "", "")),
new: mkPod(getResources("100m", "", "", ""), core.ResourceList{}),
err: "spec.containers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu and memory requests",
old: mkPod(getResources("100m", "100Mi", "", ""), getResources("100m", "", "", "")),
new: mkPod(core.ResourceList{}, getResources("100m", "", "", "")),
err: "spec.containers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu limit",
old: mkPodWithInitContainers(core.ResourceList{}, getResources("100m", "100Mi", "", ""), core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(core.ResourceList{}, getResources("", "100Mi", "", ""), core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove memory limit",
old: mkPodWithInitContainers(core.ResourceList{}, getResources("100m", "100Mi", "", ""), core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(core.ResourceList{}, getResources("100m", "", "", ""), core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu request",
old: mkPodWithInitContainers(getResources("100m", "100Mi", "", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(getResources("", "100Mi", "", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove memory request",
old: mkPodWithInitContainers(getResources("100m", "100Mi", "", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(getResources("100m", "", "", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu and memory limits",
old: mkPodWithInitContainers(getResources("100m", "", "", ""), getResources("100m", "100Mi", "", ""), core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(getResources("100m", "", "", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.limits: Forbidden: resource limits cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu and memory requests",
old: mkPodWithInitContainers(getResources("100m", "100Mi", "", ""), getResources("100m", "", "", ""), core.ContainerRestartPolicyAlways),
new: mkPodWithInitContainers(core.ResourceList{}, getResources("100m", "", "", ""), core.ContainerRestartPolicyAlways),
err: "spec.initContainers[0].resources.requests: Forbidden: resource requests cannot be removed",
}, {
test: "Pod QoS unchanged, burstable -> burstable, remove cpu and memory requests",
old: mkPodWithInitContainers(getResources("100m", "100Mi", "", ""), getResources("100m", "", "", ""), ""),
new: mkPodWithInitContainers(core.ResourceList{}, getResources("100m", "", "", ""), ""),
err: "spec: Forbidden: only cpu and memory resources are mutable",
},
{
test: "Pod with nil Resource field in Status",