diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile.go b/pkg/webhook/pod/validating/cluster_colocation_profile.go index 53b6d0a09..a8b29d7cd 100644 --- a/pkg/webhook/pod/validating/cluster_colocation_profile.go +++ b/pkg/webhook/pod/validating/cluster_colocation_profile.go @@ -56,7 +56,9 @@ func (h *PodValidatingHandler) clusterColocationProfileValidatingPod(ctx context allErrs = append(allErrs, validateRequiredQoSClass(newPod)...) allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSBE, extension.PriorityNone, extension.PriorityProd)...) + allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLS, extension.PriorityNone, extension.PriorityBatch, extension.PriorityFree)...) allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLSR, extension.PriorityNone, extension.PriorityMid, extension.PriorityBatch, extension.PriorityFree)...) + allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLSE, extension.PriorityNone, extension.PriorityMid, extension.PriorityBatch, extension.PriorityFree)...) allErrs = append(allErrs, validateResources(newPod)...) err := allErrs.ToAggregate() allowed := true diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile_test.go b/pkg/webhook/pod/validating/cluster_colocation_profile_test.go index dc3221cdd..2dcbcd27b 100644 --- a/pkg/webhook/pod/validating/cluster_colocation_profile_test.go +++ b/pkg/webhook/pod/validating/cluster_colocation_profile_test.go @@ -77,6 +77,9 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) { extension.LabelPodQoS: string(extension.QoSLS), }, }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityMidValueMin), + }, }, oldPod: &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ @@ -84,6 +87,9 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) { extension.LabelPodQoS: string(extension.QoSBE), }, }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityMidValueMin), + }, }, wantAllowed: false, wantReason: `labels.koordinator.sh/qosClass: Invalid value: "LS": field is immutable`, @@ -355,7 +361,7 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) { wantReason: `Pod: Forbidden: koordinator.sh/qosClass=LSR and priorityClass=koord-free cannot be used in combination`, }, { - name: "validate resources - LSR And Prod", + name: "validate resources - LS And Prod", operation: admissionv1.Create, newPod: &corev1.Pod{ ObjectMeta: metav1.ObjectMeta{ @@ -383,6 +389,69 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) { }, wantAllowed: true, }, + { + name: "forbidden resources - LS And Batch", + operation: admissionv1.Create, + newPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + extension.LabelPodQoS: string(extension.QoSLS), + }, + }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityBatchValueMax), + }, + }, + wantAllowed: false, + wantReason: `Pod: Forbidden: koordinator.sh/qosClass=LS and priorityClass=koord-batch cannot be used in combination`, + }, + { + name: "forbidden resources - LS And Free", + operation: admissionv1.Create, + newPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + extension.LabelPodQoS: string(extension.QoSLS), + }, + }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityFreeValueMax), + }, + }, + wantAllowed: false, + wantReason: `Pod: Forbidden: koordinator.sh/qosClass=LS and priorityClass=koord-free cannot be used in combination`, + }, + { + name: "forbidden resources - LSE And Free", + operation: admissionv1.Create, + newPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + extension.LabelPodQoS: string(extension.QoSLSE), + }, + }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityFreeValueMax), + Containers: []corev1.Container{ + { + Name: "test-container-skip", + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1000m"), + corev1.ResourceMemory: resource.MustParse("4Gi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1000m"), + corev1.ResourceMemory: resource.MustParse("0Gi"), + }, + }, + }, + }, + }, + }, + wantAllowed: false, + wantReason: `Pod: Forbidden: koordinator.sh/qosClass=LSE and priorityClass=koord-free cannot be used in combination`, + }, { name: "forbidden resources - LSR And Prod: unset CPUs", operation: admissionv1.Create, @@ -443,6 +512,36 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) { wantAllowed: false, wantReason: `pod.spec.containers[*].resources.requests: Invalid value: "100m": the requested CPUs of LSR Pod must be integer`, }, + { + name: "validate resources - LSE And Prod", + operation: admissionv1.Create, + newPod: &corev1.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Labels: map[string]string{ + extension.LabelPodQoS: string(extension.QoSLSE), + }, + }, + Spec: corev1.PodSpec{ + Priority: pointer.Int32(extension.PriorityProdValueMax), + Containers: []corev1.Container{ + { + Name: "test-container-skip", + Resources: corev1.ResourceRequirements{ + Limits: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1000m"), + corev1.ResourceMemory: resource.MustParse("4Gi"), + }, + Requests: corev1.ResourceList{ + corev1.ResourceCPU: resource.MustParse("1000m"), + corev1.ResourceMemory: resource.MustParse("0Gi"), + }, + }, + }, + }, + }, + }, + wantAllowed: true, + }, } for _, tt := range tests {