Added tests, info about new feature gate in error message, fixes from review
Added basic e2e test
Added unit tests
Ran hack/update-featuregates.sh
Tolerate updates to existing resources after disabling feature gate
Added feature gate to versioned_kube_features.go
Fixed existing tests
Use PodValidationOptions for validation instead of using feature gate directly
Relaxed validation for allowing zero in prestop hook sleep action
Without this patch the error message for this example:
```
---
apiVersion: v1
kind: Pod
metadata:
name: test
spec:
containers:
- name: agent
image: debian:latest
tolerations:
- key: pool
operator: Exists
value: build
effect: NoSchedule
```
Looks like:
```
The Pod "test" is invalid: spec.tolerations[0].operator: Invalid value:
core.Toleration{Key:"pool", Operator:"Exists", Value:"build",
Effect:"NoSchedule", TolerationSeconds:(*int64)(nil)}: value must be
empty when `operator` is 'Exists'
```
To clarify that the `Value` field is wrong, we now directly point the
`field.Invalid` to it. Now the error message becomes a more clear and
concise one:
```
The Pod "test" is invalid: spec.tolerations[0].operator: Invalid value:
"build": value must be empty when `operator` is 'Exists'
```
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
* KEP-4427 : AllowRelaxedDNSSearchValidation
* Add e2e test with feature gate to test KEP-4427 RelaxedDNSSearchValidation
* Add more validatePodDNSConfig test cases
Also update Regex to match the case we want.
Thanks Tim and Antonio!
Dynamic resource allocation is similar to storage in the sense that users
create ResourceClaim objects to request resources, same as with persistent
volume claims. The actual resource usage is only known when allocating claims,
but some limits can already be enforced at admission time:
- "count/resourceclaims.resource.k8s.io" limits the number of ResourceClaim objects in
a namespace; this is a generic feature that is already supported also without
this commit.
- "resourceclaims" is *not* an alias - use "count/resourceclaims.resource.k8s.io"
instead.
- <device-class-name>.deviceclass.resource.k8s.io/devices limits the number of
ResourceClaim objects in a namespace such that the number of devices
requested through those objects with that class does not exceed the limit.
A single request may cause the allocation of multiple devices. For exact
counts, the quota limit is based on the sum of those exact counts. For requests
asking for "all" matching devices, the maximum number of allocated devices per
claim is used as a worst-case upper bound.
Requests asking for "admin access" contribute to the quota.
DRA quota: remove admin mode exception
The names aren't actually special for validation. They are
acceptable with and without the feature gate, the only difference
is that they don't do anything when the feature is enabled.
