Browse code
remove admission plugins from chain when they have an nil config
deads2k authored on 2016/04/19 02:22:50Showing 5 changed files
- pkg/project/admission/requestlimit/admission.go
- pkg/quota/admission/clusterresourceoverride/admission.go
- pkg/quota/admission/clusterresourceoverride/admission_test.go
- pkg/quota/admission/runonceduration/admission.go
- pkg/scheduler/admission/podnodeconstraints/admission.go
| ... | ... |
@@ -4,6 +4,8 @@ import ( |
| 4 | 4 |
"fmt" |
| 5 | 5 |
"io" |
| 6 | 6 |
|
| 7 |
+ "github.com/golang/glog" |
|
| 8 |
+ |
|
| 7 | 9 |
"k8s.io/kubernetes/pkg/admission" |
| 8 | 10 |
kapi "k8s.io/kubernetes/pkg/api" |
| 9 | 11 |
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" |
| ... | ... |
@@ -28,6 +30,10 @@ func init() {
|
| 28 | 28 |
if err != nil {
|
| 29 | 29 |
return nil, err |
| 30 | 30 |
} |
| 31 |
+ if pluginConfig == nil {
|
|
| 32 |
+ glog.Infof("Admission plugin %q is not configured so it will be disabled.", "ProjectRequestLimit")
|
|
| 33 |
+ return nil, nil |
|
| 34 |
+ } |
|
| 31 | 35 |
return NewProjectRequestLimit(pluginConfig) |
| 32 | 36 |
}) |
| 33 | 37 |
} |
| ... | ... |
@@ -34,7 +34,15 @@ var ( |
| 34 | 34 |
|
| 35 | 35 |
func init() {
|
| 36 | 36 |
admission.RegisterPlugin(api.PluginName, func(client clientset.Interface, config io.Reader) (admission.Interface, error) {
|
| 37 |
- return newClusterResourceOverride(client, config) |
|
| 37 |
+ pluginConfig, err := ReadConfig(config) |
|
| 38 |
+ if err != nil {
|
|
| 39 |
+ return nil, err |
|
| 40 |
+ } |
|
| 41 |
+ if pluginConfig == nil {
|
|
| 42 |
+ glog.Infof("Admission plugin %q is not configured so it will be disabled.", api.PluginName)
|
|
| 43 |
+ return nil, nil |
|
| 44 |
+ } |
|
| 45 |
+ return newClusterResourceOverride(client, pluginConfig) |
|
| 38 | 46 |
}) |
| 39 | 47 |
} |
| 40 | 48 |
|
| ... | ... |
@@ -57,33 +65,14 @@ var _ = limitranger.LimitRangerActions(&limitRangerActions{})
|
| 57 | 57 |
|
| 58 | 58 |
// newClusterResourceOverride returns an admission controller for containers that |
| 59 | 59 |
// configurably overrides container resource request/limits |
| 60 |
-func newClusterResourceOverride(client clientset.Interface, config io.Reader) (admission.Interface, error) {
|
|
| 61 |
- parsed, err := ReadConfig(config) |
|
| 62 |
- if err != nil {
|
|
| 63 |
- glog.V(5).Infof("%s admission controller loaded with error: (%T) %[2]v", api.PluginName, err)
|
|
| 64 |
- return nil, err |
|
| 65 |
- } |
|
| 66 |
- if errs := validation.Validate(parsed); len(errs) > 0 {
|
|
| 67 |
- return nil, errs.ToAggregate() |
|
| 68 |
- } |
|
| 69 |
- |
|
| 70 |
- // we can't intercept and return a nil value or the upstream code will panic. Changing the admission initialization API is |
|
| 71 |
- // too big for now. |
|
| 72 |
- // TODO fix properly |
|
| 73 |
- if parsed == nil {
|
|
| 74 |
- glog.V(2).Infof("%s admission controller has no configuration, return no-op", api.PluginName)
|
|
| 75 |
- return &clusterResourceOverridePlugin{
|
|
| 76 |
- Handler: admission.NewHandler(), |
|
| 77 |
- }, nil |
|
| 78 |
- } |
|
| 79 |
- |
|
| 80 |
- glog.V(2).Infof("%s admission controller loaded with config: %v", api.PluginName, parsed)
|
|
| 60 |
+func newClusterResourceOverride(client clientset.Interface, config *api.ClusterResourceOverrideConfig) (admission.Interface, error) {
|
|
| 61 |
+ glog.V(2).Infof("%s admission controller loaded with config: %v", api.PluginName, config)
|
|
| 81 | 62 |
var internal *internalConfig |
| 82 |
- if parsed != nil {
|
|
| 63 |
+ if config != nil {
|
|
| 83 | 64 |
internal = &internalConfig{
|
| 84 |
- limitCPUToMemoryRatio: inf.NewDec(parsed.LimitCPUToMemoryPercent, 2), |
|
| 85 |
- cpuRequestToLimitRatio: inf.NewDec(parsed.CPURequestToLimitPercent, 2), |
|
| 86 |
- memoryRequestToLimitRatio: inf.NewDec(parsed.MemoryRequestToLimitPercent, 2), |
|
| 65 |
+ limitCPUToMemoryRatio: inf.NewDec(config.LimitCPUToMemoryPercent, 2), |
|
| 66 |
+ cpuRequestToLimitRatio: inf.NewDec(config.CPURequestToLimitPercent, 2), |
|
| 67 |
+ memoryRequestToLimitRatio: inf.NewDec(config.MemoryRequestToLimitPercent, 2), |
|
| 87 | 68 |
} |
| 88 | 69 |
} |
| 89 | 70 |
|
| ... | ... |
@@ -128,6 +117,10 @@ func ReadConfig(configFile io.Reader) (*api.ClusterResourceOverrideConfig, error |
| 128 | 128 |
return nil, fmt.Errorf("unexpected config object: %#v", obj)
|
| 129 | 129 |
} |
| 130 | 130 |
glog.V(5).Infof("%s config is: %v", api.PluginName, config)
|
| 131 |
+ if errs := validation.Validate(config); len(errs) > 0 {
|
|
| 132 |
+ return nil, errs.ToAggregate() |
|
| 133 |
+ } |
|
| 134 |
+ |
|
| 131 | 135 |
return config, nil |
| 132 | 136 |
} |
| 133 | 137 |
|
| ... | ... |
@@ -86,10 +86,12 @@ func TestConfigReader(t *testing.T) {
|
| 86 | 86 |
name: "choke on out-of-bounds ratio", |
| 87 | 87 |
config: bytes.NewReader([]byte(invalidConfig)), |
| 88 | 88 |
expectInvalid: true, |
| 89 |
+ expectErr: true, |
|
| 89 | 90 |
}, {
|
| 90 | 91 |
name: "complain about no settings", |
| 91 | 92 |
config: bytes.NewReader([]byte(invalidConfig2)), |
| 92 | 93 |
expectInvalid: true, |
| 94 |
+ expectErr: true, |
|
| 93 | 95 |
}, |
| 94 | 96 |
} |
| 95 | 97 |
for _, test := range tests {
|
| ... | ... |
@@ -213,15 +215,7 @@ func TestLimitRequestAdmission(t *testing.T) {
|
| 213 | 213 |
} |
| 214 | 214 |
|
| 215 | 215 |
for _, test := range tests {
|
| 216 |
- var reader io.Reader |
|
| 217 |
- if test.config != nil { // we would get nil with the plugin un-configured
|
|
| 218 |
- config, err := configapilatest.WriteYAML(test.config) |
|
| 219 |
- if err != nil {
|
|
| 220 |
- t.Fatalf("unexpected: %v", err)
|
|
| 221 |
- } |
|
| 222 |
- reader = bytes.NewReader(config) |
|
| 223 |
- } |
|
| 224 |
- c, err := newClusterResourceOverride(fake.NewSimpleClientset(), reader) |
|
| 216 |
+ c, err := newClusterResourceOverride(fake.NewSimpleClientset(), test.config) |
|
| 225 | 217 |
if err != nil {
|
| 226 | 218 |
t.Errorf("%s: config de/serialize failed: %v", test.name, err)
|
| 227 | 219 |
continue |
| ... | ... |
@@ -6,6 +6,8 @@ import ( |
| 6 | 6 |
"io" |
| 7 | 7 |
"strconv" |
| 8 | 8 |
|
| 9 |
+ "github.com/golang/glog" |
|
| 10 |
+ |
|
| 9 | 11 |
"k8s.io/kubernetes/pkg/admission" |
| 10 | 12 |
kapi "k8s.io/kubernetes/pkg/api" |
| 11 | 13 |
clientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" |
| ... | ... |
@@ -24,6 +26,10 @@ func init() {
|
| 24 | 24 |
if err != nil {
|
| 25 | 25 |
return nil, err |
| 26 | 26 |
} |
| 27 |
+ if pluginConfig == nil {
|
|
| 28 |
+ glog.Infof("Admission plugin %q is not configured so it will be disabled.", "RunOnceDuration")
|
|
| 29 |
+ return nil, nil |
|
| 30 |
+ } |
|
| 27 | 31 |
return NewRunOnceDuration(pluginConfig), nil |
| 28 | 32 |
}) |
| 29 | 33 |
} |
| ... | ... |
@@ -5,6 +5,8 @@ import ( |
| 5 | 5 |
"io" |
| 6 | 6 |
"reflect" |
| 7 | 7 |
|
| 8 |
+ "github.com/golang/glog" |
|
| 9 |
+ |
|
| 8 | 10 |
admission "k8s.io/kubernetes/pkg/admission" |
| 9 | 11 |
kapi "k8s.io/kubernetes/pkg/api" |
| 10 | 12 |
kapierrors "k8s.io/kubernetes/pkg/api/errors" |
| ... | ... |
@@ -27,6 +29,10 @@ func init() {
|
| 27 | 27 |
if err != nil {
|
| 28 | 28 |
return nil, err |
| 29 | 29 |
} |
| 30 |
+ if pluginConfig == nil {
|
|
| 31 |
+ glog.Infof("Admission plugin %q is not configured so it will be disabled.", "PodNodeConstraints")
|
|
| 32 |
+ return nil, nil |
|
| 33 |
+ } |
|
| 30 | 34 |
return NewPodNodeConstraints(pluginConfig), nil |
| 31 | 35 |
}) |
| 32 | 36 |
} |