mirror of https://github.com/k3s-io/k3s
Merge pull request #60653 from ravisantoshgudimetla/fix-60596
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Critical pods shouldn't be restricted to kube-system **What this PR does / why we need it**: To make sure that critical pods are not restricted to kube-system namespace. **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: Fixes #60596 **Special notes for your reviewer**: @bsalamat @liggitt @aveshagarwal - Can we hold this till we merge quota restriction PR #57963. **Release note**: ```release-note NONE ```pull/8/head
Kubernetes Submit Queue
GitHub
commit
5d1a3287b6
|
|
@ -144,7 +144,7 @@ func (sp SyncPodType) String() string {
|
||||||
// or equal to SystemCriticalPriority. Both the rescheduler(deprecated in 1.10) and the kubelet use this function
|
// or equal to SystemCriticalPriority. Both the rescheduler(deprecated in 1.10) and the kubelet use this function
|
||||||
// to make admission and scheduling decisions.
|
// to make admission and scheduling decisions.
|
||||||
func IsCriticalPod(pod *v1.Pod) bool {
|
func IsCriticalPod(pod *v1.Pod) bool {
|
||||||
return IsCritical(pod.Namespace, pod.Annotations) || (pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(pod.Namespace, *pod.Spec.Priority))
|
return IsCritical(pod.Namespace, pod.Annotations) || (pod.Spec.Priority != nil && IsCriticalPodBasedOnPriority(*pod.Spec.Priority))
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsCritical returns true if parameters bear the critical pod annotation
|
// IsCritical returns true if parameters bear the critical pod annotation
|
||||||
|
|
@ -163,11 +163,7 @@ func IsCritical(ns string, annotations map[string]string) bool {
|
||||||
}
|
}
|
||||||
|
|
||||||
// IsCriticalPodBasedOnPriority checks if the given pod is a critical pod based on priority resolved from pod Spec.
|
// IsCriticalPodBasedOnPriority checks if the given pod is a critical pod based on priority resolved from pod Spec.
|
||||||
func IsCriticalPodBasedOnPriority(ns string, priority int32) bool {
|
func IsCriticalPodBasedOnPriority(priority int32) bool {
|
||||||
// Critical pods are restricted to "kube-system" namespace as of now.
|
|
||||||
if ns != kubeapi.NamespaceSystem {
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
if priority >= scheduling.SystemCriticalPriority {
|
if priority >= scheduling.SystemCriticalPriority {
|
||||||
return true
|
return true
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -176,3 +176,28 @@ func TestIsCriticalPod(t *testing.T) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestIsCriticalPodBasedOnPriority(t *testing.T) {
|
||||||
|
tests := []struct {
|
||||||
|
priority int32
|
||||||
|
description string
|
||||||
|
expected bool
|
||||||
|
}{
|
||||||
|
{
|
||||||
|
priority: int32(2000000001),
|
||||||
|
description: "A system critical pod",
|
||||||
|
expected: true,
|
||||||
|
},
|
||||||
|
{
|
||||||
|
priority: int32(1000000000),
|
||||||
|
description: "A non system critical pod",
|
||||||
|
expected: false,
|
||||||
|
},
|
||||||
|
}
|
||||||
|
for _, test := range tests {
|
||||||
|
actual := IsCriticalPodBasedOnPriority(test.priority)
|
||||||
|
if actual != test.expected {
|
||||||
|
t.Errorf("IsCriticalPodBased on priority should have returned %v for test %v but got %v", test.expected, test.description, actual)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue