k3s/vendor/k8s.io/kubernetes/pkg/util/tolerations/tolerations.go

108 lines
2.7 KiB
Go

/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package tolerations
import (
apiequality "k8s.io/apimachinery/pkg/api/equality"
"k8s.io/klog/v2"
api "k8s.io/kubernetes/pkg/apis/core"
)
// VerifyAgainstWhitelist checks if the provided tolerations
// satisfy the provided whitelist and returns true, otherwise returns false
func VerifyAgainstWhitelist(tolerations, whitelist []api.Toleration) bool {
if len(whitelist) == 0 || len(tolerations) == 0 {
return true
}
next:
for _, t := range tolerations {
for _, w := range whitelist {
if isSuperset(w, t) {
continue next
}
}
return false
}
return true
}
// MergeTolerations merges two sets of tolerations into one. If one toleration is a superset of
// another, only the superset is kept.
func MergeTolerations(first, second []api.Toleration) []api.Toleration {
all := append(first, second...)
var merged []api.Toleration
next:
for i, t := range all {
for _, t2 := range merged {
if isSuperset(t2, t) {
continue next // t is redundant; ignore it
}
}
if i+1 < len(all) {
for _, t2 := range all[i+1:] {
// If the tolerations are equal, prefer the first.
if !apiequality.Semantic.DeepEqual(&t, &t2) && isSuperset(t2, t) {
continue next // t is redundant; ignore it
}
}
}
merged = append(merged, t)
}
return merged
}
// isSuperset checks whether ss tolerates a superset of t.
func isSuperset(ss, t api.Toleration) bool {
if apiequality.Semantic.DeepEqual(&t, &ss) {
return true
}
if t.Key != ss.Key &&
// An empty key with Exists operator means match all keys & values.
(ss.Key != "" || ss.Operator != api.TolerationOpExists) {
return false
}
// An empty effect means match all effects.
if t.Effect != ss.Effect && ss.Effect != "" {
return false
}
if ss.Effect == api.TaintEffectNoExecute {
if ss.TolerationSeconds != nil {
if t.TolerationSeconds == nil ||
*t.TolerationSeconds > *ss.TolerationSeconds {
return false
}
}
}
switch ss.Operator {
case api.TolerationOpEqual, "": // empty operator means Equal
return t.Operator == api.TolerationOpEqual && t.Value == ss.Value
case api.TolerationOpExists:
return true
default:
klog.Errorf("Unknown toleration operator: %s", ss.Operator)
return false
}
}