mirror of https://github.com/k3s-io/k3s
108 lines
2.7 KiB
Go
108 lines
2.7 KiB
Go
/*
|
|
Copyright 2017 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package tolerations
|
|
|
|
import (
|
|
apiequality "k8s.io/apimachinery/pkg/api/equality"
|
|
"k8s.io/klog/v2"
|
|
api "k8s.io/kubernetes/pkg/apis/core"
|
|
)
|
|
|
|
// VerifyAgainstWhitelist checks if the provided tolerations
|
|
// satisfy the provided whitelist and returns true, otherwise returns false
|
|
func VerifyAgainstWhitelist(tolerations, whitelist []api.Toleration) bool {
|
|
if len(whitelist) == 0 || len(tolerations) == 0 {
|
|
return true
|
|
}
|
|
|
|
next:
|
|
for _, t := range tolerations {
|
|
for _, w := range whitelist {
|
|
if isSuperset(w, t) {
|
|
continue next
|
|
}
|
|
}
|
|
return false
|
|
}
|
|
|
|
return true
|
|
}
|
|
|
|
// MergeTolerations merges two sets of tolerations into one. If one toleration is a superset of
|
|
// another, only the superset is kept.
|
|
func MergeTolerations(first, second []api.Toleration) []api.Toleration {
|
|
all := append(first, second...)
|
|
var merged []api.Toleration
|
|
|
|
next:
|
|
for i, t := range all {
|
|
for _, t2 := range merged {
|
|
if isSuperset(t2, t) {
|
|
continue next // t is redundant; ignore it
|
|
}
|
|
}
|
|
if i+1 < len(all) {
|
|
for _, t2 := range all[i+1:] {
|
|
// If the tolerations are equal, prefer the first.
|
|
if !apiequality.Semantic.DeepEqual(&t, &t2) && isSuperset(t2, t) {
|
|
continue next // t is redundant; ignore it
|
|
}
|
|
}
|
|
}
|
|
merged = append(merged, t)
|
|
}
|
|
|
|
return merged
|
|
}
|
|
|
|
// isSuperset checks whether ss tolerates a superset of t.
|
|
func isSuperset(ss, t api.Toleration) bool {
|
|
if apiequality.Semantic.DeepEqual(&t, &ss) {
|
|
return true
|
|
}
|
|
|
|
if t.Key != ss.Key &&
|
|
// An empty key with Exists operator means match all keys & values.
|
|
(ss.Key != "" || ss.Operator != api.TolerationOpExists) {
|
|
return false
|
|
}
|
|
|
|
// An empty effect means match all effects.
|
|
if t.Effect != ss.Effect && ss.Effect != "" {
|
|
return false
|
|
}
|
|
|
|
if ss.Effect == api.TaintEffectNoExecute {
|
|
if ss.TolerationSeconds != nil {
|
|
if t.TolerationSeconds == nil ||
|
|
*t.TolerationSeconds > *ss.TolerationSeconds {
|
|
return false
|
|
}
|
|
}
|
|
}
|
|
|
|
switch ss.Operator {
|
|
case api.TolerationOpEqual, "": // empty operator means Equal
|
|
return t.Operator == api.TolerationOpEqual && t.Value == ss.Value
|
|
case api.TolerationOpExists:
|
|
return true
|
|
default:
|
|
klog.Errorf("Unknown toleration operator: %s", ss.Operator)
|
|
return false
|
|
}
|
|
}
|