fix: supplement validating webhook for priority and QOS validation in…

… clusterColocationProfile. Signed-off-by: wangyang60 <wangy9834@163.com>
koordinator-sh · Nov 14, 2024 · 1688cdb · 1688cdb
1 parent b4c53c8
commit 1688cdb
Show file tree

Hide file tree

Showing 2 changed files with 102 additions and 1 deletion.
diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile.go b/pkg/webhook/pod/validating/cluster_colocation_profile.go
@@ -56,7 +56,9 @@ func (h *PodValidatingHandler) clusterColocationProfileValidatingPod(ctx context
 
 	allErrs = append(allErrs, validateRequiredQoSClass(newPod)...)
 	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSBE, extension.PriorityNone, extension.PriorityProd)...)
+	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLS, extension.PriorityNone, extension.PriorityBatch, extension.PriorityFree)...)
 	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLSR, extension.PriorityNone, extension.PriorityMid, extension.PriorityBatch, extension.PriorityFree)...)
+	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLSE, extension.PriorityNone, extension.PriorityMid, extension.PriorityBatch, extension.PriorityFree)...)
 	allErrs = append(allErrs, validateResources(newPod)...)
 	err := allErrs.ToAggregate()
 	allowed := true

diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile_test.go b/pkg/webhook/pod/validating/cluster_colocation_profile_test.go
@@ -77,13 +77,19 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) {
 						extension.LabelPodQoS: string(extension.QoSLS),
 					},
 				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityMidValueMin),
+				},
 			},
 			oldPod: &corev1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
 					Labels: map[string]string{
 						extension.LabelPodQoS: string(extension.QoSBE),
 					},
 				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityMidValueMin),
+				},
 			},
 			wantAllowed: false,
 			wantReason:  `labels.koordinator.sh/qosClass: Invalid value: "LS": field is immutable`,
@@ -355,7 +361,7 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) {
 			wantReason:  `Pod: Forbidden: koordinator.sh/qosClass=LSR and priorityClass=koord-free cannot be used in combination`,
 		},
 		{
-			name:      "validate resources - LSR And Prod",
+			name:      "validate resources - LS And Prod",
 			operation: admissionv1.Create,
 			newPod: &corev1.Pod{
 				ObjectMeta: metav1.ObjectMeta{
@@ -383,6 +389,69 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) {
 			},
 			wantAllowed: true,
 		},
+		{
+			name:      "forbidden resources - LS And Batch",
+			operation: admissionv1.Create,
+			newPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						extension.LabelPodQoS: string(extension.QoSLS),
+					},
+				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityBatchValueMax),
+				},
+			},
+			wantAllowed: false,
+			wantReason:  `Pod: Forbidden: koordinator.sh/qosClass=LS and priorityClass=koord-batch cannot be used in combination`,
+		},
+		{
+			name:      "forbidden resources - LS And Free",
+			operation: admissionv1.Create,
+			newPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						extension.LabelPodQoS: string(extension.QoSLS),
+					},
+				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityFreeValueMax),
+				},
+			},
+			wantAllowed: false,
+			wantReason:  `Pod: Forbidden: koordinator.sh/qosClass=LS and priorityClass=koord-free cannot be used in combination`,
+		},
+		{
+			name:      "forbidden resources - LSE And Free",
+			operation: admissionv1.Create,
+			newPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						extension.LabelPodQoS: string(extension.QoSLSE),
+					},
+				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityFreeValueMax),
+					Containers: []corev1.Container{
+						{
+							Name: "test-container-skip",
+							Resources: corev1.ResourceRequirements{
+								Limits: corev1.ResourceList{
+									corev1.ResourceCPU:    resource.MustParse("1000m"),
+									corev1.ResourceMemory: resource.MustParse("4Gi"),
+								},
+								Requests: corev1.ResourceList{
+									corev1.ResourceCPU:    resource.MustParse("1000m"),
+									corev1.ResourceMemory: resource.MustParse("0Gi"),
+								},
+							},
+						},
+					},
+				},
+			},
+			wantAllowed: false,
+			wantReason:  `Pod: Forbidden: koordinator.sh/qosClass=LSE and priorityClass=koord-free cannot be used in combination`,
+		},
 		{
 			name:      "forbidden resources - LSR And Prod: unset CPUs",
 			operation: admissionv1.Create,
@@ -443,6 +512,36 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) {
 			wantAllowed: false,
 			wantReason:  `pod.spec.containers[*].resources.requests: Invalid value: "100m": the requested CPUs of LSR Pod must be integer`,
 		},
+		{
+			name:      "validate resources - LSE And Prod",
+			operation: admissionv1.Create,
+			newPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Labels: map[string]string{
+						extension.LabelPodQoS: string(extension.QoSLSE),
+					},
+				},
+				Spec: corev1.PodSpec{
+					Priority: pointer.Int32(extension.PriorityProdValueMax),
+					Containers: []corev1.Container{
+						{
+							Name: "test-container-skip",
+							Resources: corev1.ResourceRequirements{
+								Limits: corev1.ResourceList{
+									corev1.ResourceCPU:    resource.MustParse("1000m"),
+									corev1.ResourceMemory: resource.MustParse("4Gi"),
+								},
+								Requests: corev1.ResourceList{
+									corev1.ResourceCPU:    resource.MustParse("1000m"),
+									corev1.ResourceMemory: resource.MustParse("0Gi"),
+								},
+							},
+						},
+					},
+				},
+			},
+			wantAllowed: true,
+		},
 	}
 
 	for _, tt := range tests {