Merge pull request #6097 from derekwaynecarr/limit_range_default_value

Limit range supporting a default resource limits value
kubernetes · Apr 2, 2015 · 620af16 · 620af16
2 parents e0cbe38 + dbe4d42
commit 620af16
Show file tree

Hide file tree

Showing 14 changed files with 265 additions and 179 deletions.
diff --git a/docs/design/admission_control_limit_range.md b/docs/design/admission_control_limit_range.md
@@ -25,6 +25,8 @@ type LimitRangeItem struct {
   Max ResourceList `json:"max,omitempty"`
   // Min usage constraints on this kind by resource name
   Min ResourceList `json:"min,omitempty"`
+  // Default usage constraints on this kind by resource name
+  Default ResourceList `json:"default,omitempty"`
 }
 
 // LimitRangeSpec defines a min/max usage limit for resources that match on kind
@@ -74,6 +76,14 @@ The following min/max limits are imposed:
 | cpu | Min/Max amount of cpu per pod |
 | memory | Min/Max amount of memory per pod |
 
+If a resource specifies a default value, it may get applied on the incoming resource.  For example, if a default
+value is provided for container cpu, it is set on the incoming container if and only if the incoming container
+does not specify a resource requirements limit field.
+
+If a resource specifies a min value, it may get applied on the incoming resource.  For example, if a min
+value is provided for container cpu, it is set on the incoming container if and only if the incoming container does
+not specify a resource requirements requests field.
+
 If the incoming object would cause a violation of the enumerated constraints, the request is denied with a set of
 messages explaining what constraints were the source of the denial.
 
@@ -105,12 +115,12 @@ NAME
 limits
 $ kubectl describe limits limits
 Name:           limits
-Type            Resource        Min     Max
-----            --------        ---     ---
-Pod             memory          1Mi     1Gi
-Pod             cpu             250m    2
-Container       memory          1Mi     1Gi
-Container       cpu             250m    2
+Type            Resource        Min     Max     Default
+----            --------        ---     ---     ---
+Pod             memory          1Mi     1Gi     -
+Pod             cpu             250m    2       -
+Container       memory          1Mi     1Gi     1Mi
+Container       cpu             250m    250m    250m
 ```
 
 ## Future Enhancements: Define limits for a particular pod or container.

diff --git a/examples/limitrange/invalid-pod.json b/examples/limitrange/invalid-pod.json
@@ -11,7 +11,9 @@
       "id": "invalid-pod",
       "containers": [{
         "name": "kubernetes-serve-hostname",
-        "image": "gcr.io/google_containers/serve_hostname"
+        "image": "gcr.io/google_containers/serve_hostname",
+        "cpu": 10,
+        "memory": 1048576
       }]
     }
   }

diff --git a/examples/limitrange/limit-range.json b/examples/limitrange/limit-range.json
@@ -24,7 +24,11 @@
       "min": {
         "memory": "1048576",
         "cpu": "0.25"
-      }
+      },
+      "default": {
+        "memory": "1048576",
+        "cpu": "0.25"
+      }      
     }
     ]
   }

diff --git a/examples/limitrange/v1beta3/invalid-pod.json b/examples/limitrange/v1beta3/invalid-pod.json
@@ -10,7 +10,13 @@
   "spec": {
       "containers": [{
         "name": "kubernetes-serve-hostname",
-        "image": "gcr.io/google_containers/serve_hostname"
-      }]
-    }
+        "image": "gcr.io/google_containers/serve_hostname",
+        "resources": {
+          "limits": {
+            "cpu": "10m",
+            "memory": "1Mi"
+         }        
+      }
+    }]
+  }
 }
diff --git a/examples/limitrange/v1beta3/limit-range.json b/examples/limitrange/v1beta3/limit-range.json
@@ -26,7 +26,11 @@
       "min": {
         "memory": "1Mi",
         "cpu": "250m"
-      }
+      },
+      "default": {
+        "memory": "1Mi",
+        "cpu": "250m"
+      }       
     }
     ]
   }

diff --git a/pkg/api/types.go b/pkg/api/types.go
@@ -1554,6 +1554,8 @@ type LimitRangeItem struct {
 	Max ResourceList `json:"max,omitempty"`
 	// Min usage constraints on this kind by resource name
 	Min ResourceList `json:"min,omitempty"`
+	// Default usage constraints on this kind by resource name
+	Default ResourceList `json:"default,omitempty"`
 }
 
 // LimitRangeSpec defines a min/max usage limit for resources that match on kind

diff --git a/pkg/api/v1beta1/conversion.go b/pkg/api/v1beta1/conversion.go
@@ -922,6 +922,9 @@ func init() {
 			if err := s.Convert(&in.Min, &out.Min, 0); err != nil {
 				return err
 			}
+			if err := s.Convert(&in.Default, &out.Default, 0); err != nil {
+				return err
+			}
 			return nil
 		},
 		func(in *LimitRangeItem, out *newer.LimitRangeItem, s conversion.Scope) error {
@@ -933,6 +936,9 @@ func init() {
 			if err := s.Convert(&in.Min, &out.Min, 0); err != nil {
 				return err
 			}
+			if err := s.Convert(&in.Default, &out.Default, 0); err != nil {
+				return err
+			}
 			return nil
 		},
 

diff --git a/pkg/api/v1beta1/types.go b/pkg/api/v1beta1/types.go
@@ -1358,6 +1358,8 @@ type LimitRangeItem struct {
 	Max ResourceList `json:"max,omitempty" description:"max usage constraints on this kind by resource name"`
 	// Min usage constraints on this kind by resource name
 	Min ResourceList `json:"min,omitempty" description:"min usage constraints on this kind by resource name"`
+	// Default usage constraints on this kind by resource name
+	Default ResourceList `json:"default,omitempty" description:"default values on this kind by resource name if omitted"`
 }
 
 // LimitRangeSpec defines a min/max usage limit for resources that match on kind

diff --git a/pkg/api/v1beta2/conversion.go b/pkg/api/v1beta2/conversion.go
@@ -853,6 +853,9 @@ func init() {
 			if err := s.Convert(&in.Min, &out.Min, 0); err != nil {
 				return err
 			}
+			if err := s.Convert(&in.Default, &out.Default, 0); err != nil {
+				return err
+			}
 			return nil
 		},
 		func(in *LimitRangeItem, out *newer.LimitRangeItem, s conversion.Scope) error {
@@ -864,6 +867,9 @@ func init() {
 			if err := s.Convert(&in.Min, &out.Min, 0); err != nil {
 				return err
 			}
+			if err := s.Convert(&in.Default, &out.Default, 0); err != nil {
+				return err
+			}
 			return nil
 		},
 

diff --git a/pkg/api/v1beta2/types.go b/pkg/api/v1beta2/types.go
@@ -1420,6 +1420,8 @@ type LimitRangeItem struct {
 	Max ResourceList `json:"max,omitempty" description:"max usage constraints on this kind by resource name"`
 	// Min usage constraints on this kind by resource name
 	Min ResourceList `json:"min,omitempty" description:"min usage constraints on this kind by resource name"`
+	// Default usage constraints on this kind by resource name
+	Default ResourceList `json:"default,omitempty" description:"default values on this kind by resource name if omitted"`
 }
 
 // LimitRangeSpec defines a min/max usage limit for resources that match on kind

diff --git a/pkg/api/v1beta3/types.go b/pkg/api/v1beta3/types.go
@@ -1459,6 +1459,8 @@ type LimitRangeItem struct {
 	Max ResourceList `json:"max,omitempty" description:"max usage constraints on this kind by resource name"`
 	// Min usage constraints on this kind by resource name
 	Min ResourceList `json:"min,omitempty" description:"min usage constraints on this kind by resource name"`
+	// Default usage constraints on this kind by resource name
+	Default ResourceList `json:"default,omitempty" description:"default values on this kind by resource name if omitted"`
 }
 
 // LimitRangeSpec defines a min/max usage limit for resources that match on kind

diff --git a/pkg/kubectl/describe.go b/pkg/kubectl/describe.go
@@ -115,12 +115,13 @@ func (d *LimitRangeDescriber) Describe(namespace, name string) (string, error) {
 func describeLimitRange(limitRange *api.LimitRange) (string, error) {
 	return tabbedString(func(out io.Writer) error {
 		fmt.Fprintf(out, "Name:\t%s\n", limitRange.Name)
-		fmt.Fprintf(out, "Type\tResource\tMin\tMax\n")
-		fmt.Fprintf(out, "----\t--------\t---\t---\n")
+		fmt.Fprintf(out, "Type\tResource\tMin\tMax\tDefault\n")
+		fmt.Fprintf(out, "----\t--------\t---\t---\t---\n")
 		for i := range limitRange.Spec.Limits {
 			item := limitRange.Spec.Limits[i]
 			maxResources := item.Max
 			minResources := item.Min
+			defaultResources := item.Default
 
 			set := map[api.ResourceName]bool{}
 			for k := range maxResources {
@@ -129,11 +130,15 @@ func describeLimitRange(limitRange *api.LimitRange) (string, error) {
 			for k := range minResources {
 				set[k] = true
 			}
+			for k := range defaultResources {
+				set[k] = true
+			}
 
 			for k := range set {
 				// if no value is set, we output -
 				maxValue := "-"
 				minValue := "-"
+				defaultValue := "-"
 
 				maxQuantity, maxQuantityFound := maxResources[k]
 				if maxQuantityFound {
@@ -145,8 +150,13 @@ func describeLimitRange(limitRange *api.LimitRange) (string, error) {
 					minValue = minQuantity.String()
 				}
 
-				msg := "%v\t%v\t%v\t%v\n"
-				fmt.Fprintf(out, msg, item.Type, k, minValue, maxValue)
+				defaultQuantity, defaultQuantityFound := defaultResources[k]
+				if defaultQuantityFound {
+					defaultValue = defaultQuantity.String()
+				}
+
+				msg := "%v\t%v\t%v\t%v\t%v\n"
+				fmt.Fprintf(out, msg, item.Type, k, minValue, maxValue, defaultValue)
 			}
 		}
 		return nil

diff --git a/plugin/pkg/admission/limitranger/admission.go b/plugin/pkg/admission/limitranger/admission.go
@@ -35,7 +35,7 @@ import (
 
 func init() {
 	admission.RegisterPlugin("LimitRanger", func(client client.Interface, config io.Reader) (admission.Interface, error) {
-		return NewLimitRanger(client, PodLimitFunc), nil
+		return NewLimitRanger(client, Limit), nil
 	})
 }
 
@@ -114,13 +114,67 @@ func Max(a int64, b int64) int64 {
 	return b
 }
 
-// PodLimitFunc enforces that a pod spec does not exceed any limits specified on the supplied limit range
-func PodLimitFunc(limitRange *api.LimitRange, resourceName string, obj runtime.Object) error {
-	if resourceName != "pods" {
-		return nil
+// Limit enforces resource requirements of incoming resources against enumerated constraints
+// on the LimitRange.  It may modify the incoming object to apply default resource requirements
+// if not specified, and enumerated on the LimitRange
+func Limit(limitRange *api.LimitRange, resourceName string, obj runtime.Object) error {
+	switch resourceName {
+	case "pods":
+		return PodLimitFunc(limitRange, obj.(*api.Pod))
+	}
+	return nil
+}
+
+// defaultContainerResourceRequirements returns the default requirements for a container
+// the requirement.Limits are taken from the LimitRange defaults (if specified)
+// the requirement.Requests are taken from the LimitRange min (if specified)
+func defaultContainerResourceRequirements(limitRange *api.LimitRange) api.ResourceRequirements {
+	requirements := api.ResourceRequirements{}
+	requirements.Limits = api.ResourceList{}
+	requirements.Requests = api.ResourceList{}
+
+	for i := range limitRange.Spec.Limits {
+		limit := limitRange.Spec.Limits[i]
+		if limit.Type == api.LimitTypeContainer {
+			for k, v := range limit.Default {
+				value := v.Copy()
+				requirements.Limits[k] = *value
+			}
+			for k, v := range limit.Min {
+				value := v.Copy()
+				requirements.Requests[k] = *value
+			}
+		}
 	}
+	return requirements
+}
+
+// mergePodResourceRequirements merges enumerated requirements with default requirements
+func mergePodResourceRequirements(pod *api.Pod, defaultRequirements *api.ResourceRequirements) {
+	for i := range pod.Spec.Containers {
+		container := pod.Spec.Containers[i]
+		for k, v := range defaultRequirements.Limits {
+			_, found := container.Resources.Limits[k]
+			if !found {
+				container.Resources.Limits[k] = *v.Copy()
+			}
+		}
+		for k, v := range defaultRequirements.Requests {
+			_, found := container.Resources.Requests[k]
+			if !found {
+				container.Resources.Requests[k] = *v.Copy()
+			}
+		}
+	}
+}
+
+// PodLimitFunc enforces resource requirements enumerated by the pod against
+// the specified LimitRange.  The pod may be modified to apply default resource
+// requirements if not specified, and enumerated on the LimitRange
+func PodLimitFunc(limitRange *api.LimitRange, pod *api.Pod) error {
 
-	pod := obj.(*api.Pod)
+	defaultResources := defaultContainerResourceRequirements(limitRange)
+	mergePodResourceRequirements(pod, &defaultResources)
 
 	podCPU := int64(0)
 	podMem := int64(0)
@@ -190,11 +244,11 @@ func PodLimitFunc(limitRange *api.LimitRange, resourceName string, obj runtime.O
 				switch minOrMax {
 				case "Min":
 					if observed < enforced {
-						return apierrors.NewForbidden(resourceName, pod.Name, err)
+						return apierrors.NewForbidden("pods", pod.Name, err)
 					}
 				case "Max":
 					if observed > enforced {
-						return apierrors.NewForbidden(resourceName, pod.Name, err)
+						return apierrors.NewForbidden("pods", pod.Name, err)
 					}
 				}
 			}