Skip to content
This repository has been archived by the owner on Apr 18, 2024. It is now read-only.

Commit

Permalink
Merge pull request #65 from flanksource/moshloop
Browse files Browse the repository at this point in the history 
fix cluster resource quotas
  • Loading branch information
@moshloop
moshloop committed May 2, 2021
2 parents e4a82b1 + 712a646 commit 6dda280
Show file tree
Hide file tree
Showing 28 changed files with 657 additions and 674 deletions.
2 changes: 1 addition & 1 deletion Makefile
View file
Expand Up @@ -21,7 +21,7 @@ endif
# download controller-gen if necessary
controller-gen:
ifeq ($(shell command -v controller-gen),)
@(cd /tmp; GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.2.4)
@(cd /tmp; GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0)
CONTROLLER_GEN=$(GOBIN)/controller-gen
else
CONTROLLER_GEN=$(shell which controller-gen)
Expand Down
2 changes: 1 addition & 1 deletion cmd/manager/main.go
View file
Expand Up @@ -127,7 +127,7 @@ func main() {
setupLog.Error(err, "unable to create controller", "controller", "ClusterResourceQuota")
os.Exit(1)
}
hookServer.Register("/validate-clusterresourcequota-platform-flanksource-com-v1", clusterresourcequota.NewClusterResourceQuotaValidatingWebhook(mgr.GetClient(), mtx, enableClusterResourceQuota))
hookServer.Register("/validate-clusterresourcequota-v1", clusterresourcequota.NewClusterResourceQuotaValidatingWebhook(mgr.GetClient(), mtx, enableClusterResourceQuota))
hookServer.Register("/validate-resourcequota-v1", clusterresourcequota.NewResourceQuotaValidatingWebhook(mgr.GetClient(), mtx, enableClusterResourceQuota))

}
Expand Down
140 changes: 54 additions & 86 deletions config/crds/bases/platform.flanksource.com_clusterresourcequotas.yaml
View file
Expand Up @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.0
controller-gen.kubebuilder.io/version: v0.5.0
creationTimestamp: null
name: clusterresourcequotas.platform.flanksource.com
spec:
Expand All @@ -19,104 +19,79 @@ spec:
- name: v1
schema:
openAPIV3Schema:
description: ClusterResourceQuota is the Schema for the clusterresourcequotas
API
description: ClusterResourceQuota is the Schema for the clusterresourcequotas API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: Spec defines the desired quota
properties:
quota:
description: Quota sets aggregate quota restrictions enforced across
all namespaces
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
matchLabels:
additionalProperties:
type: string
type: object
scopeSelector:
description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'hard is the set of desired hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
scopeSelector:
description: scopeSelector is also a collection of filters like
scopes that must match each object tracked by a quota but expressed
using ScopeSelectorOperator in combination with possible values.
For a resource to match, both scopes AND scopeSelector (if specified
in spec), must be matched.
properties:
matchExpressions:
description: A list of scope selector requirements by scope
of the resources.
items:
description: A scoped-resource selector requirement is a
selector that contains values, a scope name, and an operator
that relates the scope name and values.
properties:
operator:
description: Represents a scope's relationship to a
set of values. Valid operators are In, NotIn, Exists,
DoesNotExist.
type: string
scopeName:
description: The name of the scope that the selector
applies to.
type: string
values:
description: An array of string values. If the operator
is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during
a strategic merge patch.
items:
type: string
type: array
required:
- operator
- scopeName
type: object
type: array
type: object
scopes:
description: A collection of filters that must match each object
tracked by a quota. If not specified, the quota matches all
objects.
matchExpressions:
description: A list of scope selector requirements by scope of the resources.
items:
description: A ResourceQuotaScope defines a filter that must
match each object tracked by a quota
type: string
description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values.
properties:
operator:
description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist.
type: string
scopeName:
description: The name of the scope that the selector applies to.
type: string
values:
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- operator
- scopeName
type: object
type: array
type: object
scopes:
description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects.
items:
description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota
type: string
type: array
required:
- matchLabels
type: object
status:
description: Status defines the actual enforced quota and its current
usage
description: Status defines the actual enforced quota and its current usage
properties:
namespaces:
description: Slices the quota used per namespace
items:
description: ResourceQuotaStatusByNamespace gives status for a particular
name
description: ResourceQuotaStatusByNamespace gives status for a particular name
properties:
namespace:
description: Namespace the project this status applies to
type: string
status:
description: Status indicates how many resources have been consumed
by this project
description: Status indicates how many resources have been consumed by this project
properties:
hard:
additionalProperties:
Expand All @@ -125,8 +100,7 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Hard is the set of enforced hard limits for
each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
used:
additionalProperties:
Expand All @@ -135,8 +109,7 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of
the resource in the namespace.
description: Used is the current observed total usage of the resource in the namespace.
type: object
type: object
required:
Expand All @@ -145,8 +118,7 @@ spec:
type: object
type: array
total:
description: Total defines the actual enforced quota and its current
usage across all namespaces
description: Total defines the actual enforced quota and its current usage across all namespaces
properties:
hard:
additionalProperties:
Expand All @@ -155,8 +127,7 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Hard is the set of enforced hard limits for each
named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/'
type: object
used:
additionalProperties:
Expand All @@ -165,12 +136,9 @@ spec:
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the resource
in the namespace.
description: Used is the current observed total usage of the resource in the namespace.
type: object
type: object
required:
- namespaces
type: object
type: object
served: true
Expand Down
3 changes: 1 addition & 2 deletions config/deploy/base.yml
View file
Expand Up @@ -106,10 +106,8 @@ rules:
resources:
- namespaces
verbs:
- delete
- get
- list
- watch
- apiGroups:
- ""
resources:
Expand Down Expand Up @@ -146,6 +144,7 @@ rules:
- update
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
Expand Down

0 comments on commit 6dda280

Please sign in to comment.