Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't Require User Input to Account for LimitRange Min #2020

Merged
merged 1 commit into from
Feb 18, 2020
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 5 additions & 27 deletions docs/pipelineruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ Creation of a `PipelineRun` will trigger the creation of
- [Cancelling a PipelineRun](#cancelling-a-pipelinerun)
- [Examples](https://github.com/tektoncd/pipeline/tree/master/examples/pipelineruns)
- [Logs](logs.md)
- [LimitRange Name](#limitrange-name)
- [LimitRanges](#limitrange-name)

## Syntax

Expand Down Expand Up @@ -51,10 +51,6 @@ following fields:
follow the instruction [here](taskruns.md#Configuring-default-timeout) to configure the
default timeout, the same way as `TaskRun`.
- [`podTemplate`](#pod-template) - Specifies a [pod template](./podtemplates.md) that will be used as the basis for the `Task` pod.
- [`limitRangeName`](#limitrange-name) - Specifies the name of a LimitRange that exists in the namespace of the `PipelineRun`. This LimitRange's minimum
for container resource requests will be used as part of requesting the appropriate amount of CPU, memory, and ephemeral storage for containers that are
part of the `TaskRuns` of a `PipelineRun`. This property only needs to be specified if the `PipelineRun` is happening in a namespace with a LimitRange
minimum specified for container resource requests.

[kubernetes-overview]:
https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields
Expand Down Expand Up @@ -377,7 +373,7 @@ spec:
status: "PipelineRunCancelled"
```

## LimitRange Name
## LimitRanges

In order to request the minimum amount of resources needed to support the containers
for `steps` that are part of a `TaskRun`, Tekton only requests the maximum values for CPU,
Expand All @@ -387,28 +383,10 @@ All requests that are not the max values are set to zero as a result.

When a [LimitRange](https://kubernetes.io/docs/concepts/policy/limit-range/) is present in a namespace
with a minimum set for container resource requests (i.e. CPU, memory, and ephemeral storage) where `PipelineRuns`
are attempting to run, the `limitRangeName` property must be specified to appropriately apply the LimitRange's
minimum values to containers that are part of a `TaskRun` associated with a `PipelineRun`. This property helps
prevent failures of `TaskRuns` not meeting the minimum requirements specified by a LimitRange for containers.
are attempting to run, Tekton will search through all LimitRanges present in the namespace and use the minimum
set for container resource requests instead of requesting 0.

In the example below, the LimitRange `limit-mem-cpu-per-container` will be applied to all `TaskRuns` associated
with the `PipelineRun`:

```yaml
apiVersion: tekton.dev/v1alpha1
kind: PipelineRun
metadata:
creationTimestamp: null
generateName: deploy-pipeline-run-
namespace: default
spec:
pipelineRef:
name: deploy-pipeline-hello
limitRangeName: "limit-mem-cpu-per-container"
status: {}
```

An example `PipelineRun` using `limitRangeName` is available [here](../examples/pipelineruns/no-ci/limitrange.yaml).
An example `PipelineRun` with a LimitRange is available [here](../examples/pipelineruns/no-ci/limitrange.yaml).

---

Expand Down
34 changes: 5 additions & 29 deletions docs/taskruns.md
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ A `TaskRun` runs until all `steps` have completed or until a failure occurs.
- [Examples](#examples)
- [Sidecars](#sidecars)
- [Logs](logs.md)
- [LimitRange Name](#limitrange-name)
- [LimitRanges](#limitrange-name)

---

Expand Down Expand Up @@ -61,9 +61,6 @@ following fields:
- [`podTemplate`](#pod-template) - Specifies a [pod template](./podtemplates.md) that will be used as the basis for the `Task` pod.
- [`workspaces`](#workspaces) - Specify the actual volumes to use for the
[workspaces](tasks.md#workspaces) declared by a `Task`
- [`limitRangeName`](#limitrange-name) - Specifies the name of a LimitRange that exists in the namespace of the `TaskRun`. This LimitRange's minimum
for container resource requests will be used as part of requesting the appropriate amount of CPU, memory, and ephemeral storage for containers that are
part of a `TaskRun`. This property only needs to be specified if the `TaskRun` is happening in a namespace with a LimitRange minimum specified for container resource requests.

[kubernetes-overview]:
https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields
Expand Down Expand Up @@ -704,7 +701,7 @@ with the `get pods` command. The Pod description will instead show a Status of
Failed and the individual container statuses will correctly reflect how and why
they exited.

## LimitRange Name
## LimitRanges

In order to request the minimum amount of resources needed to support the containers
for `steps` that are part of a `TaskRun`, Tekton only requests the maximum values for CPU,
Expand All @@ -714,31 +711,10 @@ All requests that are not the max values are set to zero as a result.

When a [LimitRange](https://kubernetes.io/docs/concepts/policy/limit-range/) is present in a namespace
with a minimum set for container resource requests (i.e. CPU, memory, and ephemeral storage) where `TaskRuns`
are attempting to run, the `limitRangeName` property must be specified to appropriately apply the LimitRange's
minimum values to `steps` that are part of a `TaskRun`. This property helps prevent failures of `TaskRuns` not
meeting the minimum requirements specified by a LimitRange for containers.
are attempting to run, Tekton will search through all LimitRanges present in the namespace and use the minimum
set for container resource requests instead of requesting 0.

In the example below, the LimitRange `limit-mem-cpu-per-container` will be applied to all `steps` associated with
a `TaskRun` in namespace `default`:

```yaml
apiVersion: tekton.dev/v1alpha1
kind: TaskRun
metadata:
creationTimestamp: null
generateName: echo-hello-world-run-
namespace: default
spec:
inputs: {}
outputs: {}
serviceAccountName: ""
taskRef:
name: echo-hello-world
timeout: 1h0m0s
limitRangeName: "limit-mem-cpu-per-container"
```

An example `TaskRun` using `limitRangeName` is available [here](../examples/taskruns/no-ci/limitrange.yaml).
An example `TaskRun` with a LimitRange is available [here](../examples/taskruns/no-ci/limitrange.yaml).

---

Expand Down
1 change: 0 additions & 1 deletion examples/pipelineruns/no-ci/limitrange.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -53,5 +53,4 @@ metadata:
spec:
pipelineRef:
name: pipeline-hello
limitRangeName: "limit-mem-cpu-per-container"
status: {}
1 change: 0 additions & 1 deletion examples/taskruns/no-ci/limitrange.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,5 @@ spec:
taskRef:
name: echo-hello-world
timeout: 1h0m0s
limitRangeName: "limit-mem-cpu-per-container"
status:
podName: ""
2 changes: 0 additions & 2 deletions pkg/apis/pipeline/v1alpha1/pipelinerun_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,6 @@ func (source *PipelineRunSpec) ConvertUp(ctx context.Context, sink *v1alpha2.Pip
sink.Timeout = source.Timeout
sink.PodTemplate = source.PodTemplate
sink.Workspaces = source.Workspaces
sink.LimitRangeName = source.LimitRangeName
return nil
}

Expand Down Expand Up @@ -93,6 +92,5 @@ func (sink *PipelineRunSpec) ConvertDown(ctx context.Context, source *v1alpha2.P
sink.Timeout = source.Timeout
sink.PodTemplate = source.PodTemplate
sink.Workspaces = source.Workspaces
sink.LimitRangeName = source.LimitRangeName
return nil
}
2 changes: 0 additions & 2 deletions pkg/apis/pipeline/v1alpha1/pipelinerun_conversion_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,6 @@ func TestPipelineRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Params: []Param{{
Name: "p1",
Value: v1alpha2.ArrayOrString{StringVal: "baz"},
Expand Down Expand Up @@ -134,7 +133,6 @@ func TestPipelineRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Params: []Param{{
Name: "p1",
Value: v1alpha2.ArrayOrString{StringVal: "baz"},
Expand Down
6 changes: 0 additions & 6 deletions pkg/apis/pipeline/v1alpha1/pipelinerun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -87,12 +87,6 @@ type PipelineRunSpec struct {
// with those declared in the pipeline.
// +optional
Workspaces []WorkspaceBinding `json:"workspaces,omitempty"`
// Used to specify name of LimitRange that exists in namespace
// where PipelineRun will run so that the LimitRange's minimum for
// container requests can be used by containers of TaskRuns associated
// with PipelineRun
// +optional
LimitRangeName string `json:"limitRangeName"`
}

// PipelineRunSpecStatus defines the pipelinerun spec status the user can provide
Expand Down
2 changes: 0 additions & 2 deletions pkg/apis/pipeline/v1alpha1/taskrun_conversion.go
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,6 @@ func (source *TaskRunSpec) ConvertUp(ctx context.Context, sink *v1alpha2.TaskRun
sink.Timeout = source.Timeout
sink.PodTemplate = source.PodTemplate
sink.Workspaces = source.Workspaces
sink.LimitRangeName = source.LimitRangeName
sink.Params = source.Params
sink.Resources = source.Resources
// Deprecated fields
Expand Down Expand Up @@ -140,7 +139,6 @@ func (sink *TaskRunSpec) ConvertDown(ctx context.Context, source *v1alpha2.TaskR
sink.Timeout = source.Timeout
sink.PodTemplate = source.PodTemplate
sink.Workspaces = source.Workspaces
sink.LimitRangeName = source.LimitRangeName
sink.Params = source.Params
sink.Resources = source.Resources
return nil
Expand Down
5 changes: 0 additions & 5 deletions pkg/apis/pipeline/v1alpha1/taskrun_conversion_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,6 @@ func TestTaskRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Params: []Param{{
Name: "p1",
Value: v1alpha2.ArrayOrString{StringVal: "baz"},
Expand Down Expand Up @@ -125,7 +124,6 @@ func TestTaskRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Params: []Param{{
Name: "p1",
Value: v1alpha2.ArrayOrString{StringVal: "baz"},
Expand Down Expand Up @@ -171,7 +169,6 @@ func TestTaskRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Params: []Param{{
Name: "p1",
Value: v1alpha2.ArrayOrString{StringVal: "baz"},
Expand Down Expand Up @@ -209,7 +206,6 @@ func TestTaskRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Resources: &v1alpha2.TaskRunResources{
Inputs: []v1alpha2.TaskResourceBinding{{
PipelineResourceBinding: v1alpha2.PipelineResourceBinding{
Expand Down Expand Up @@ -255,7 +251,6 @@ func TestTaskRunConversion(t *testing.T) {
SubPath: "foo",
EmptyDir: &corev1.EmptyDirVolumeSource{},
}},
LimitRangeName: "foo",
Resources: &v1alpha2.TaskRunResources{
Outputs: []v1alpha2.TaskResourceBinding{{
PipelineResourceBinding: v1alpha2.PipelineResourceBinding{
Expand Down
7 changes: 0 additions & 7 deletions pkg/apis/pipeline/v1alpha1/taskrun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -49,18 +49,11 @@ type TaskRunSpec struct {
// Workspaces is a list of WorkspaceBindings from volumes to workspaces.
// +optional
Workspaces []WorkspaceBinding `json:"workspaces,omitempty"`
// Used to specify name of LimitRange that exists in namespace
// where TaskRun will run so that the LimitRange's minimum for
// container requests can be used by containers of TaskRun
// +optional
LimitRangeName string `json:"limitRangeName"`

// From v1alpha2
// +optional
Params []Param `json:"params,omitempty"`
// +optional
Resources *v1alpha2.TaskRunResources `json:"resources,omitempty"`

// Deprecated
// +optional
Inputs TaskRunInputs `json:"inputs,omitempty"`
Expand Down
6 changes: 0 additions & 6 deletions pkg/apis/pipeline/v1alpha2/pipelinerun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -155,12 +155,6 @@ type PipelineRunSpec struct {
// with those declared in the pipeline.
// +optional
Workspaces []WorkspaceBinding `json:"workspaces,omitempty"`
// Used to specify name of LimitRange that exists in namespace
// where PipelineRun will run so that the LimitRange's minimum for
// container requests can be used by containers of TaskRuns associated
// with PipelineRun
// +optional
LimitRangeName string `json:"limitRangeName"`
}

// PipelineRunSpecStatus defines the pipelinerun spec status the user can provide
Expand Down
5 changes: 0 additions & 5 deletions pkg/apis/pipeline/v1alpha2/taskrun_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -53,11 +53,6 @@ type TaskRunSpec struct {
// Workspaces is a list of WorkspaceBindings from volumes to workspaces.
// +optional
Workspaces []WorkspaceBinding `json:"workspaces,omitempty"`
// Used to specify name of LimitRange that exists in namespace
// where TaskRun will run so that the LimitRange's minimum for
// container requests can be used by containers of TaskRun
// +optional
LimitRangeName string `json:"limitRangeName"`
}

// TaskRunSpecStatus defines the taskrun spec status the user can provide
Expand Down
43 changes: 34 additions & 9 deletions pkg/pod/pod.go
Original file line number Diff line number Diff line change
Expand Up @@ -119,18 +119,13 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha
initContainers = append(initContainers, entrypointInit)
volumes = append(volumes, toolsVolume, downwardVolume)

// If present on TaskRunSpec, use LimitRangeName to get LimitRange
// so it can be used in resolveResourceRequests
var limitRange *corev1.LimitRange
if taskRun.Spec.LimitRangeName != "" {
limitRange, err = kubeclient.CoreV1().LimitRanges(taskRun.Namespace).Get(taskRun.Spec.LimitRangeName, metav1.GetOptions{})
if err != nil {
return nil, err
}
limitRangeMin, err := getLimitRangeMinimum(taskRun.Namespace, kubeclient)
if err != nil {
return nil, err
}

// Zero out non-max resource requests.
stepContainers = resolveResourceRequests(stepContainers, limitRange)
stepContainers = resolveResourceRequests(stepContainers, limitRangeMin)

// Add implicit env vars.
// They're prepended to the list, so that if the user specified any
Expand Down Expand Up @@ -262,3 +257,33 @@ func MakeLabels(s *v1alpha1.TaskRun) map[string]string {
labels[taskRunLabelKey] = s.Name
return labels
}

// getLimitRangeMinimum gets all LimitRanges in a namespace and
// searches for if a container minimum is specified. Due to
// https://github.com/kubernetes/kubernetes/issues/79496, the
// max LimitRange minimum must be found in the event of conflicting
// container minimums specified.
func getLimitRangeMinimum(namespace string, kubeclient kubernetes.Interface) (corev1.ResourceList, error) {
limitRanges, err := kubeclient.CoreV1().LimitRanges(namespace).List(metav1.ListOptions{})
if err != nil {
return nil, err
}

min := allZeroQty()
for _, lr := range limitRanges.Items {
lrItems := lr.Spec.Limits
for _, lrItem := range lrItems {
if lrItem.Type == corev1.LimitTypeContainer {
if lrItem.Min != nil {
for k, v := range lrItem.Min {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Open to not having this approach, which is to search for the max LimitRange container min in the event there are conflicting container mins.

An alternative approach would just be to break the loop after the first container min is found and let it potentially fail.

if v.Cmp(min[k]) > 0 {
min[k] = v
}
}
}
}
}
}

return min, nil
}
Loading