upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-03-02 13:40:39 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
kubernetes/pkg/controller/resourceclaim/controller_test.go

1513 lines
54 KiB
Go
Raw Normal View History

kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
/*
Copyright 2020 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
package resourceclaim
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
import (
"errors"
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
"fmt"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"sort"
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
"sync"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"testing"
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
"time"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
"github.com/onsi/gomega"
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
"github.com/stretchr/testify/assert"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
v1 "k8s.io/api/core/v1"
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
resourceapi "k8s.io/api/resource/v1"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
apierrors "k8s.io/apimachinery/pkg/api/errors"
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
"k8s.io/apimachinery/pkg/util/diff"
fix resource claims deallocation for extended resource when pod is completed Signed-off-by: Alay Patel <alayp@nvidia.com>
2025-09-27 17:13:13 -04:00
utilfeature "k8s.io/apiserver/pkg/util/feature"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes/fake"
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
resourcelisters "k8s.io/client-go/listers/resource/v1"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
k8stesting "k8s.io/client-go/testing"
fix resource claims deallocation for extended resource when pod is completed Signed-off-by: Alay Patel <alayp@nvidia.com>
2025-09-27 17:13:13 -04:00
featuregatetesting "k8s.io/component-base/featuregate/testing"
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
"k8s.io/component-base/metrics"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"k8s.io/component-base/metrics/testutil"
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
"k8s.io/klog/v2"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
"k8s.io/kubernetes/pkg/controller"
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
resourceclaimmetrics "k8s.io/kubernetes/pkg/controller/resourceclaim/metrics"
fix resource claims deallocation for extended resource when pod is completed Signed-off-by: Alay Patel <alayp@nvidia.com>
2025-09-27 17:13:13 -04:00
"k8s.io/kubernetes/pkg/features"
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
"k8s.io/kubernetes/test/utils/ktesting"
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
"k8s.io/utils/ptr"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
)
var (
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
testPodName = "test-pod"
testNamespace = "my-namespace"
testPodUID = types.UID("uidpod1")
otherNamespace = "not-my-namespace"
podResourceClaimName = "acme-resource"
templateName = "my-template"
className = "my-resource-class"
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
nodeName = "worker"
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
testPod = makePod(testPodName, testNamespace, testPodUID)
testPodWithResource = makePod(testPodName, testNamespace, testPodUID, *makePodResourceClaim(podResourceClaimName, templateName))
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
otherTestPod = makePod(testPodName+"-II", testNamespace, testPodUID+"-II")
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
testClaim = makeClaim(testPodName+"-"+podResourceClaimName, testNamespace, className, makeOwnerReference(testPodWithResource, true))
testClaimAllocated = allocateClaim(testClaim)
testClaimReserved = reserveClaim(testClaimAllocated, testPodWithResource)
testClaimReservedTwice = reserveClaim(testClaimReserved, otherTestPod)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
testClaimKey = claimKeyPrefix + testClaim.Namespace + "/" + testClaim.Name
Fix the issue of slow creation of ResourceClaim in specific scenarios
2025-12-30 00:44:48 -05:00
testPodKey = podKeyPrefix + testNamespace + "/" + testPodName
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
templatedTestClaim = makeTemplatedClaim(podResourceClaimName, testPodName+"-"+podResourceClaimName+"-", testNamespace, className, 1, makeOwnerReference(testPodWithResource, true), nil)
templatedTestClaimAllocated = allocateClaim(templatedTestClaim)
templatedTestClaimReserved = reserveClaim(templatedTestClaimAllocated, testPodWithResource)
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
templatedTestClaimWithAdmin = makeTemplatedClaim(podResourceClaimName, testPodName+"-"+podResourceClaimName+"-", testNamespace, className, 1, makeOwnerReference(testPodWithResource, true), ptr.To(true))
templatedTestClaimWithAdminAllocated = allocateClaim(templatedTestClaimWithAdmin)
extendedTestClaim = makeExtendedResourceClaim(testPodName, testNamespace, 1, makeOwnerReference(testPodWithResource, true))
extendedTestClaimAllocated = allocateClaim(extendedTestClaim)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
conflictingClaim = makeClaim(testPodName+"-"+podResourceClaimName, testNamespace, className, nil)
otherNamespaceClaim = makeClaim(testPodName+"-"+podResourceClaimName, otherNamespace, className, nil)
template = makeTemplate(templateName, testNamespace, className, nil)
templateWithAdminAccess = makeTemplate(templateName, testNamespace, className, ptr.To(true))
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
testPodWithNodeName = func() *v1.Pod {
pod := testPodWithResource.DeepCopy()
pod.Spec.NodeName = nodeName
pod.Status.ResourceClaimStatuses = append(pod.Status.ResourceClaimStatuses, v1.PodResourceClaimStatus{
Name: pod.Spec.ResourceClaims[0].Name,
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
ResourceClaimName: &templatedTestClaim.Name,
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
})
return pod
}()
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
adminAccessFeatureOffError = "admin access is requested, but the feature is disabled"
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
)
func TestSyncHandler(t *testing.T) {
tests := []struct {
DRA: Update controller for Prioritized Alternatives in Device Requests
2025-02-28 14:32:59 -05:00
name string
key string
adminAccessEnabled bool
prioritizedListEnabled bool
claims []*resourceapi.ResourceClaim
claimsInCache []*resourceapi.ResourceClaim
pods []*v1.Pod
podsLater []*v1.Pod
templates []*resourceapi.ResourceClaimTemplate
expectedClaims []resourceapi.ResourceClaim
expectedStatuses map[string][]v1.PodResourceClaimStatus
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
expectedError string
DRA: Update controller for Prioritized Alternatives in Device Requests
2025-02-28 14:32:59 -05:00
expectedMetrics expectedMetrics
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}{
{
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
name: "create",
pods: []*v1.Pod{testPodWithResource},
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaim},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{1, 0, 0, 0},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
{
name: "create with admin and feature gate off",
pods: []*v1.Pod{testPodWithResource},
templates: []*resourceapi.ResourceClaimTemplate{templateWithAdminAccess},
key: podKey(testPodWithResource),
expectedError: adminAccessFeatureOffError,
},
{
name: "create with admin and feature gate on",
pods: []*v1.Pod{testPodWithResource},
templates: []*resourceapi.ResourceClaimTemplate{templateWithAdminAccess},
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaimWithAdmin},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaimWithAdmin.Name},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
},
},
adminAccessEnabled: true,
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 1, 0, 0},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
{
name: "nop",
pods: []*v1.Pod{func() *v1.Pod {
pod := testPodWithResource.DeepCopy()
pod.Status.ResourceClaimStatuses = []v1.PodResourceClaimStatus{
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
}
return pod
}()},
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
claims: []*resourceapi.ResourceClaim{templatedTestClaim},
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaim},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
{
name: "recreate",
pods: []*v1.Pod{func() *v1.Pod {
pod := testPodWithResource.DeepCopy()
pod.Status.ResourceClaimStatuses = []v1.PodResourceClaimStatus{
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
}
return pod
}()},
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaim},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{1, 0, 0, 0},
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
name: "missing-template",
pods: []*v1.Pod{testPodWithResource},
templates: nil,
key: podKey(testPodWithResource),
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
expectedError: "resource claim template \"my-template\": resourceclaimtemplate.resource.k8s.io \"my-template\" not found",
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
},
{
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
name: "find-existing-claim-by-label",
pods: []*v1.Pod{testPodWithResource},
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
claims: []*resourceapi.ResourceClaim{templatedTestClaim},
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaim},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
dra: store generated ResourceClaims in cache This addresses the following bad sequence of events: - controller creates ResourceClaim - updating pod status fails - pod gets retried before the informer receives the created ResourceClaim - another ResourceClaim gets created Storing the generated ResourceClaim in a MutationCache ensures that the controller knows about it during the retry. A positive side effect is that ResourceClaims now get index by pod owner and thus iterating over existing ones becomes a bit more efficient.
2023-07-06 12:39:47 -04:00
{
name: "find-created-claim-in-cache",
pods: []*v1.Pod{testPodWithResource},
key: podKey(testPodWithResource),
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
claimsInCache: []*resourceapi.ResourceClaim{templatedTestClaim},
dra: store generated ResourceClaims in cache This addresses the following bad sequence of events: - controller creates ResourceClaim - updating pod status fails - pod gets retried before the informer receives the created ResourceClaim - another ResourceClaim gets created Storing the generated ResourceClaim in a MutationCache ensures that the controller knows about it during the retry. A positive side effect is that ResourceClaims now get index by pod owner and thus iterating over existing ones becomes a bit more efficient.
2023-07-06 12:39:47 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: store generated ResourceClaims in cache This addresses the following bad sequence of events: - controller creates ResourceClaim - updating pod status fails - pod gets retried before the informer receives the created ResourceClaim - another ResourceClaim gets created Storing the generated ResourceClaim in a MutationCache ensures that the controller knows about it during the retry. A positive side effect is that ResourceClaims now get index by pod owner and thus iterating over existing ones becomes a bit more efficient.
2023-07-06 12:39:47 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra: store generated ResourceClaims in cache This addresses the following bad sequence of events: - controller creates ResourceClaim - updating pod status fails - pod gets retried before the informer receives the created ResourceClaim - another ResourceClaim gets created Storing the generated ResourceClaim in a MutationCache ensures that the controller knows about it during the retry. A positive side effect is that ResourceClaims now get index by pod owner and thus iterating over existing ones becomes a bit more efficient.
2023-07-06 12:39:47 -04:00
},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
{
name: "no-such-pod",
key: podKey(testPodWithResource),
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
name: "pod-deleted",
pods: func() []*v1.Pod {
deleted := metav1.Now()
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
pods := []*v1.Pod{testPodWithResource.DeepCopy()}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
pods[0].DeletionTimestamp = &deleted
return pods
}(),
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
key: podKey(testPodWithResource),
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
name: "no-volumes",
pods: []*v1.Pod{testPod},
key: podKey(testPod),
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
name: "create-with-other-claim",
pods: []*v1.Pod{testPodWithResource},
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
key: podKey(testPodWithResource),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{otherNamespaceClaim},
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
expectedClaims: []resourceapi.ResourceClaim{*otherNamespaceClaim, *templatedTestClaim},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithResource.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithResource.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{1, 0, 0, 0},
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
name: "wrong-claim-owner",
pods: []*v1.Pod{testPodWithResource},
key: podKey(testPodWithResource),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{conflictingClaim},
expectedClaims: []resourceapi.ResourceClaim{*conflictingClaim},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
expectedError: "resource claim template \"my-template\": resourceclaimtemplate.resource.k8s.io \"my-template\" not found",
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
{
name: "create-conflict",
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
pods: []*v1.Pod{testPodWithResource},
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
key: podKey(testPodWithResource),
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{1, 0, 1, 0},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
expectedError: "create ResourceClaim : Operation cannot be fulfilled on resourceclaims.resource.k8s.io \"fake name\": fake conflict",
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
{
name: "stay-reserved-seen",
pods: []*v1.Pod{testPodWithResource},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{testClaimReserved},
expectedClaims: []resourceapi.ResourceClaim{*testClaimReserved},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
},
{
name: "stay-reserved-not-seen",
podsLater: []*v1.Pod{testPodWithResource},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{testClaimReserved},
expectedClaims: []resourceapi.ResourceClaim{*testClaimReserved},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
},
dra controller: unit tests
2024-03-14 12:34:39 -04:00
{
DRA: remove immediate allocation As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate allocation is one of those features which can be removed because it makes no sense for structured parameters and the justification for classic DRA is weak.
2024-06-13 11:25:39 -04:00
name: "clear-reserved-structured",
dra controller: unit tests
2024-03-14 12:34:39 -04:00
pods: []*v1.Pod{},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{structuredParameters(testClaimReserved)},
expectedClaims: func() []resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := testClaimAllocated.DeepCopy()
claim.Finalizers = []string{}
claim.Status.Allocation = nil
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []resourceapi.ResourceClaim{*claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra controller: unit tests
2024-03-14 12:34:39 -04:00
},
{
DRA: remove immediate allocation As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate allocation is one of those features which can be removed because it makes no sense for structured parameters and the justification for classic DRA is weak.
2024-06-13 11:25:39 -04:00
name: "dont-clear-reserved-structured",
dra controller: unit tests
2024-03-14 12:34:39 -04:00
pods: []*v1.Pod{testPodWithResource},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: func() []*resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := structuredParameters(testClaimReserved)
claim = reserveClaim(claim, otherTestPod)
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []*resourceapi.ResourceClaim{claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
expectedClaims: []resourceapi.ResourceClaim{*structuredParameters(testClaimReserved)},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra controller: unit tests
2024-03-14 12:34:39 -04:00
},
dra resourceclaim controller: remove reservation for completed pods When a pod is known to never run (again), the reservation for it also can be removed. This is relevant in particular for the job controller.
2023-06-22 08:13:42 -04:00
{
DRA: remove immediate allocation As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate allocation is one of those features which can be removed because it makes no sense for structured parameters and the justification for classic DRA is weak.
2024-06-13 11:25:39 -04:00
name: "clear-reserved-structured-deleted",
dra controller: unit tests
2024-03-14 12:34:39 -04:00
pods: []*v1.Pod{},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: func() []*resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := structuredParameters(testClaimReserved.DeepCopy())
claim.DeletionTimestamp = &metav1.Time{}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []*resourceapi.ResourceClaim{claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
expectedClaims: func() []resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := structuredParameters(testClaimAllocated.DeepCopy())
claim.DeletionTimestamp = &metav1.Time{}
claim.Finalizers = []string{}
claim.Status.Allocation = nil
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []resourceapi.ResourceClaim{*claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra controller: unit tests
2024-03-14 12:34:39 -04:00
},
{
DRA: remove immediate allocation As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate allocation is one of those features which can be removed because it makes no sense for structured parameters and the justification for classic DRA is weak.
2024-06-13 11:25:39 -04:00
name: "structured-deleted",
dra controller: unit tests
2024-03-14 12:34:39 -04:00
pods: []*v1.Pod{},
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: func() []*resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := structuredParameters(testClaimAllocated.DeepCopy())
claim.DeletionTimestamp = &metav1.Time{}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []*resourceapi.ResourceClaim{claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
expectedClaims: func() []resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim := structuredParameters(testClaimAllocated.DeepCopy())
claim.DeletionTimestamp = &metav1.Time{}
claim.Finalizers = []string{}
claim.Status.Allocation = nil
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
return []resourceapi.ResourceClaim{*claim}
dra controller: unit tests
2024-03-14 12:34:39 -04:00
}(),
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra controller: unit tests
2024-03-14 12:34:39 -04:00
},
dra controller: enhance testing The allocation mode is relevant when clearing the reservedFor: for delayed allocation, deallocation gets requested, for immediate allocation not. Both should get tested. All pre-defined claims now use delayed allocation, just as they would if created normally.
2023-07-07 13:27:22 -04:00
{
DRA: remove immediate allocation As agreed in https://github.com/kubernetes/enhancements/pull/4709, immediate allocation is one of those features which can be removed because it makes no sense for structured parameters and the justification for classic DRA is weak.
2024-06-13 11:25:39 -04:00
name: "clear-reserved-when-done",
dra resourceclaim controller: remove reservation for completed pods When a pod is known to never run (again), the reservation for it also can be removed. This is relevant in particular for the job controller.
2023-06-22 08:13:42 -04:00
pods: func() []*v1.Pod {
pods := []*v1.Pod{testPodWithResource.DeepCopy()}
pods[0].Status.Phase = v1.PodSucceeded
return pods
}(),
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: func() []*resourceapi.ResourceClaim {
claims := []*resourceapi.ResourceClaim{testClaimReserved.DeepCopy()}
dra resourceclaim controller: remove reservation for completed pods When a pod is known to never run (again), the reservation for it also can be removed. This is relevant in particular for the job controller.
2023-06-22 08:13:42 -04:00
claims[0].OwnerReferences = nil
return claims
}(),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
expectedClaims: func() []resourceapi.ResourceClaim {
claims := []resourceapi.ResourceClaim{*testClaimAllocated.DeepCopy()}
dra resourceclaim controller: remove reservation for completed pods When a pod is known to never run (again), the reservation for it also can be removed. This is relevant in particular for the job controller.
2023-06-22 08:13:42 -04:00
claims[0].OwnerReferences = nil
dra controller: enhance testing The allocation mode is relevant when clearing the reservedFor: for delayed allocation, deallocation gets requested, for immediate allocation not. Both should get tested. All pre-defined claims now use delayed allocation, just as they would if created normally.
2023-07-07 13:27:22 -04:00
return claims
}(),
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra controller: enhance testing The allocation mode is relevant when clearing the reservedFor: for delayed allocation, deallocation gets requested, for immediate allocation not. Both should get tested. All pre-defined claims now use delayed allocation, just as they would if created normally.
2023-07-07 13:27:22 -04:00
},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
{
name: "remove-reserved",
pods: []*v1.Pod{testPod},
key: claimKey(testClaimReservedTwice),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{testClaimReservedTwice},
expectedClaims: []resourceapi.ResourceClaim{*testClaimReserved},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
},
dra resourceclaim controller: delete generated claims when pod is done When a pod is done, but not getting removed yet for while, then a claim that got generated for that pod can be deleted already. This then also triggers deallocation.
2023-06-22 08:15:17 -04:00
{
name: "delete-claim-when-done",
pods: func() []*v1.Pod {
pods := []*v1.Pod{testPodWithResource.DeepCopy()}
pods[0].Status.Phase = v1.PodSucceeded
return pods
}(),
key: claimKey(testClaimReserved),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claims: []*resourceapi.ResourceClaim{testClaimReserved},
dra resourceclaim controller: delete generated claims when pod is done When a pod is done, but not getting removed yet for while, then a claim that got generated for that pod can be deleted already. This then also triggers deallocation.
2023-06-22 08:15:17 -04:00
expectedClaims: nil,
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra resourceclaim controller: delete generated claims when pod is done When a pod is done, but not getting removed yet for while, then a claim that got generated for that pod can be deleted already. This then also triggers deallocation.
2023-06-22 08:15:17 -04:00
},
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
{
name: "add-reserved",
pods: []*v1.Pod{testPodWithNodeName},
key: podKey(testPodWithNodeName),
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
templates: []*resourceapi.ResourceClaimTemplate{template},
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
claims: []*resourceapi.ResourceClaim{templatedTestClaimAllocated},
expectedClaims: []resourceapi.ResourceClaim{*templatedTestClaimReserved},
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
expectedStatuses: map[string][]v1.PodResourceClaimStatus{
testPodWithNodeName.Name: {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
{Name: testPodWithNodeName.Spec.ResourceClaims[0].Name, ResourceClaimName: &templatedTestClaim.Name},
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
},
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
expectedMetrics: expectedMetrics{0, 0, 0, 0},
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
},
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
for _, tc := range tests {
// Run sequentially because of global logging and global metrics.
t.Run(tc.name, func(t *testing.T) {
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
tCtx := ktesting.Init(t)
tCtx = ktesting.WithCancel(tCtx)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
var objects []runtime.Object
for _, pod := range tc.pods {
objects = append(objects, pod)
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
for _, claim := range tc.claims {
objects = append(objects, claim)
}
for _, template := range tc.templates {
objects = append(objects, template)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
fakeKubeClient := createTestClient(objects...)
if tc.expectedMetrics.numFailures > 0 {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
fakeKubeClient.PrependReactor("create", "resourceclaims", func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
return true, nil, apierrors.NewConflict(action.GetResource().GroupResource(), "fake name", errors.New("fake conflict"))
})
}
informerFactory := informers.NewSharedInformerFactory(fakeKubeClient, controller.NoResyncPeriodFunc())
podInformer := informerFactory.Core().V1().Pods()
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
claimInformer := informerFactory.Resource().V1().ResourceClaims()
templateInformer := informerFactory.Resource().V1().ResourceClaimTemplates()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
setupMetrics()
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
DRA: Update controller for Prioritized Alternatives in Device Requests
2025-02-28 14:32:59 -05:00
features := Features{
AdminAccess: tc.adminAccessEnabled,
PrioritizedList: tc.prioritizedListEnabled,
}
ec, err := NewController(tCtx.Logger(), features, fakeKubeClient, podInformer, claimInformer, templateInformer)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
if err != nil {
t.Fatalf("error creating ephemeral controller : %v", err)
}
// Ensure informers are up-to-date.
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
informerFactory.Start(tCtx.Done())
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
stopInformers := func() {
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
tCtx.Cancel("stopping informers")
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
informerFactory.Shutdown()
}
defer stopInformers()
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
informerFactory.WaitForCacheSync(tCtx.Done())
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
dra: store generated ResourceClaims in cache This addresses the following bad sequence of events: - controller creates ResourceClaim - updating pod status fails - pod gets retried before the informer receives the created ResourceClaim - another ResourceClaim gets created Storing the generated ResourceClaim in a MutationCache ensures that the controller knows about it during the retry. A positive side effect is that ResourceClaims now get index by pod owner and thus iterating over existing ones becomes a bit more efficient.
2023-07-06 12:39:47 -04:00
// Add claims that only exist in the mutation cache.
for _, claim := range tc.claimsInCache {
ec.claimCache.Mutation(claim)
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
// Simulate race: stop informers, add more pods that the controller doesn't know about.
stopInformers()
for _, pod := range tc.podsLater {
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
_, err := fakeKubeClient.CoreV1().Pods(pod.Namespace).Create(tCtx, pod, metav1.CreateOptions{})
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
if err != nil {
t.Fatalf("unexpected error while creating pod: %v", err)
}
}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
err = ec.syncHandler(tCtx, tc.key)
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
if err != nil {
assert.ErrorContains(t, err, tc.expectedError, "the error message should have contained the expected error message")
return
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
if tc.expectedError != "" {
t.Fatalf("expected error, got none")
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
claims, err := fakeKubeClient.ResourceV1().ResourceClaims("").List(tCtx, metav1.ListOptions{})
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
if err != nil {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
t.Fatalf("unexpected error while listing claims: %v", err)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
assert.Equal(t, normalizeClaims(tc.expectedClaims), normalizeClaims(claims.Items))
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
pods, err := fakeKubeClient.CoreV1().Pods("").List(tCtx, metav1.ListOptions{})
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
if err != nil {
t.Fatalf("unexpected error while listing pods: %v", err)
}
var actualStatuses map[string][]v1.PodResourceClaimStatus
for _, pod := range pods.Items {
if len(pod.Status.ResourceClaimStatuses) == 0 {
continue
}
if actualStatuses == nil {
actualStatuses = make(map[string][]v1.PodResourceClaimStatus)
}
actualStatuses[pod.Name] = pod.Status.ResourceClaimStatuses
}
assert.Equal(t, tc.expectedStatuses, actualStatuses, "pod resource claim statuses")
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
expectMetrics(t, tc.expectedMetrics)
})
}
}
Fix the issue of slow creation of ResourceClaim in specific scenarios
2025-12-30 00:44:48 -05:00
func TestResourceClaimTemplateEventHandler(t *testing.T) {
tCtx := ktesting.Init(t)
tCtx = ktesting.WithCancel(tCtx)
fakeKubeClient := createTestClient()
informerFactory := informers.NewSharedInformerFactory(fakeKubeClient, controller.NoResyncPeriodFunc())
podInformer := informerFactory.Core().V1().Pods()
claimInformer := informerFactory.Resource().V1().ResourceClaims()
templateInformer := informerFactory.Resource().V1().ResourceClaimTemplates()
claimTemplateClient := fakeKubeClient.ResourceV1().ResourceClaimTemplates(testNamespace)
claimTemplateTmpClient := fakeKubeClient.ResourceV1().ResourceClaimTemplates("tmp")
podClient := fakeKubeClient.CoreV1().Pods(testNamespace)
podTmpClient := fakeKubeClient.CoreV1().Pods("tmp")
ec, err := NewController(tCtx.Logger(), Features{}, fakeKubeClient, podInformer, claimInformer, templateInformer)
tCtx.ExpectNoError(err, "creating ephemeral controller")
informerFactory.Start(tCtx.Done())
stopInformers := func() {
tCtx.Cancel("stopping informers")
informerFactory.Shutdown()
}
defer stopInformers()
expectQueue := func(tCtx ktesting.TContext, expectedKeys []string, expectedIndexerKeys []string) {
g := gomega.NewWithT(tCtx)
tCtx.Helper()
lenDiffMessage := func() string {
actualKeys := []string{}
for ec.queue.Len() > 0 {
actual, _ := ec.queue.Get()
actualKeys = append(actualKeys, actual)
ec.queue.Forget(actual)
ec.queue.Done(actual)
}
return "Workqueue does not contain expected number of elements\n" +
"Diff of elements (- expected, + actual):\n" +
diff.Diff(expectedKeys, actualKeys)
}
g.Eventually(ec.queue.Len).
WithTimeout(5*time.Second).
Should(gomega.Equal(len(expectedKeys)), lenDiffMessage)
g.Consistently(ec.queue.Len).
WithTimeout(1*time.Second).
Should(gomega.Equal(len(expectedKeys)), lenDiffMessage)
g.Eventually(func() int { return len(ec.podIndexer.ListIndexFuncValues(podResourceClaimTemplateIndexKey)) }).
WithTimeout(5 * time.Second).
Should(gomega.Equal(len(expectedIndexerKeys)))
g.Consistently(func() int { return len(ec.podIndexer.ListIndexFuncValues(podResourceClaimTemplateIndexKey)) }).
WithTimeout(1 * time.Second).
Should(gomega.Equal(len(expectedIndexerKeys)))
for _, expected := range expectedKeys {
actual, shuttingDown := ec.queue.Get()
g.Expect(shuttingDown).To(gomega.BeFalseBecause("workqueue is unexpectedly shutting down"))
g.Expect(actual).To(gomega.Equal(expected))
ec.queue.Forget(actual)
ec.queue.Done(actual)
}
for _, src := range expectedIndexerKeys {
objects, err := ec.podIndexer.ByIndex(podResourceClaimTemplateIndexKey, src)
g.Expect(err).NotTo(gomega.HaveOccurred(), "should not error when getting objects by index for key %s", src)
g.Expect(objects).NotTo(gomega.BeEmpty(), "should have at least one object indexed for key %s", src)
// Verify that the indexed objects are the expected pods
found := false
for _, obj := range objects {
pod, ok := obj.(*v1.Pod)
if !ok {
continue
}
// Check if this pod matches the expected template reference
for _, claim := range pod.Spec.ResourceClaims {
if claim.ResourceClaimTemplateName != nil {
// Build the expected index key for this pod
expectedKey := pod.Namespace + "/" + *claim.ResourceClaimTemplateName
if expectedKey == src {
found = true
break
}
}
}
}
g.Expect(found).To(gomega.BeTrueBecause("should find a pod with template %s in index for key %s", templateName, src))
}
}
tmpNamespace := "tmp"
expectQueue(tCtx, []string{}, []string{})
// Create two pods:
// - testPodWithResource in the my-namespace namespace
// - fake-1 in the tmp namespace
_, err = podClient.Create(tCtx, testPodWithResource, metav1.CreateOptions{})
_, err1 := podTmpClient.Create(tCtx, makePod("fake-1", tmpNamespace, "uidpod2", *makePodResourceClaim(podResourceClaimName, templateName)), metav1.CreateOptions{})
ktesting.Step(tCtx, "create pod", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
tCtx.ExpectNoError(err1)
expectQueue(tCtx, []string{testPodKey, podKeyPrefix + tmpNamespace + "/" + "fake-1"}, []string{testNamespace + "/" + templateName, tmpNamespace + "/" + templateName})
})
// The item has been forgotten and marked as done in the workqueue,so queue is nil
ktesting.Step(tCtx, "expect queue is nil", func(tCtx ktesting.TContext) {
expectQueue(tCtx, []string{}, []string{testNamespace + "/" + templateName, tmpNamespace + "/" + templateName})
})
// After create claim template,queue should have test pod key
_, err = claimTemplateClient.Create(tCtx, template, metav1.CreateOptions{})
ktesting.Step(tCtx, "create claim template after pod backoff", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
expectQueue(tCtx, []string{testPodKey}, []string{testNamespace + "/" + templateName, tmpNamespace + "/" + templateName})
})
// The item has been forgotten and marked as done in the workqueue,so queue is nil
ktesting.Step(tCtx, "expect queue is nil", func(tCtx ktesting.TContext) {
expectQueue(tCtx, []string{}, []string{testNamespace + "/" + templateName, tmpNamespace + "/" + templateName})
})
// After create tmp namespace claim template,queue should have fake pod key
TmpNamespaceTemplate := makeTemplate(templateName, "tmp", className, nil)
_, err = claimTemplateTmpClient.Create(tCtx, TmpNamespaceTemplate, metav1.CreateOptions{})
ktesting.Step(tCtx, "create claim template in tmp namespace after pod backoff in test namespace", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
expectQueue(tCtx, []string{podKeyPrefix + tmpNamespace + "/" + "fake-1"}, []string{testNamespace + "/" + templateName, tmpNamespace + "/" + templateName})
})
}
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
func TestResourceClaimEventHandler(t *testing.T) {
tCtx := ktesting.Init(t)
tCtx = ktesting.WithCancel(tCtx)
fakeKubeClient := createTestClient()
informerFactory := informers.NewSharedInformerFactory(fakeKubeClient, controller.NoResyncPeriodFunc())
podInformer := informerFactory.Core().V1().Pods()
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
claimInformer := informerFactory.Resource().V1().ResourceClaims()
templateInformer := informerFactory.Resource().V1().ResourceClaimTemplates()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
setupMetrics()
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
claimClient := fakeKubeClient.ResourceV1().ResourceClaims(testNamespace)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
ec, err := NewController(tCtx.Logger(), Features{}, fakeKubeClient, podInformer, claimInformer, templateInformer)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
tCtx.ExpectNoError(err, "creating ephemeral controller")
informerFactory.Start(tCtx.Done())
stopInformers := func() {
tCtx.Cancel("stopping informers")
informerFactory.Shutdown()
}
defer stopInformers()
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em := newNumMetrics(claimInformer.Lister())
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue := func(tCtx ktesting.TContext, expectedKeys []string) {
g := gomega.NewWithT(tCtx)
tCtx.Helper()
lenDiffMessage := func() string {
actualKeys := []string{}
for ec.queue.Len() > 0 {
actual, _ := ec.queue.Get()
actualKeys = append(actualKeys, actual)
ec.queue.Forget(actual)
ec.queue.Done(actual)
}
return "Workqueue does not contain expected number of elements\n" +
"Diff of elements (- expected, + actual):\n" +
diff.Diff(expectedKeys, actualKeys)
}
g.Eventually(ec.queue.Len).
WithTimeout(5*time.Second).
Should(gomega.Equal(len(expectedKeys)), lenDiffMessage)
g.Consistently(ec.queue.Len).
WithTimeout(1*time.Second).
Should(gomega.Equal(len(expectedKeys)), lenDiffMessage)
for _, expected := range expectedKeys {
actual, shuttingDown := ec.queue.Get()
g.Expect(shuttingDown).To(gomega.BeFalseBecause("workqueue is unexpectedly shutting down"))
g.Expect(actual).To(gomega.Equal(expected))
ec.queue.Forget(actual)
ec.queue.Done(actual)
}
}
expectQueue(tCtx, []string{})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
_, err = claimClient.Create(tCtx, testClaim, metav1.CreateOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: ""}, 1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "create claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
modifiedClaim := testClaim.DeepCopy()
modifiedClaim.Labels = map[string]string{"foo": "bar"}
_, err = claimClient.Update(tCtx, modifiedClaim, metav1.UpdateOptions{})
ktesting.Step(tCtx, "modify claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Consistently(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
_, err = claimClient.Update(tCtx, testClaimAllocated, metav1.UpdateOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: ""}, -1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: ""}, 1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "allocate claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
modifiedClaim = testClaimAllocated.DeepCopy()
modifiedClaim.Labels = map[string]string{"foo": "bar2"}
_, err = claimClient.Update(tCtx, modifiedClaim, metav1.UpdateOptions{})
ktesting.Step(tCtx, "modify claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Consistently(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
otherClaimAllocated := testClaimAllocated.DeepCopy()
otherClaimAllocated.Name += "2"
_, err = claimClient.Create(tCtx, otherClaimAllocated, metav1.CreateOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: ""}, 1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "create allocated claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey + "2"})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
_, err = claimClient.Update(tCtx, testClaim, metav1.UpdateOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: ""}, 1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: ""}, -1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "deallocate claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{testClaimKey})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
err = claimClient.Delete(tCtx, testClaim.Name, metav1.DeleteOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: ""}, -1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "delete deallocated claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
err = claimClient.Delete(tCtx, otherClaimAllocated.Name, metav1.DeleteOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: ""}, -1)
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
ktesting.Step(tCtx, "delete allocated claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
fixup! DRA: fix deleting orphaned ResourceClaim on startup
2025-06-27 00:21:18 -04:00
expectQueue(tCtx, []string{})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
_, err = claimClient.Create(tCtx, templatedTestClaimWithAdmin, metav1.CreateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "true", Source: "resource_claim_template"}, 1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "create claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
modifiedClaim = templatedTestClaimWithAdmin.DeepCopy()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
modifiedClaim.Labels = map[string]string{"foo": "bar"}
_, err = claimClient.Update(tCtx, modifiedClaim, metav1.UpdateOptions{})
ktesting.Step(tCtx, "modify claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Consistently(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
_, err = claimClient.Update(tCtx, templatedTestClaimWithAdminAllocated, metav1.UpdateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "true", Source: "resource_claim_template"}, -1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "true", Source: "resource_claim_template"}, 1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "allocate claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
modifiedClaim = templatedTestClaimWithAdminAllocated.DeepCopy()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
modifiedClaim.Labels = map[string]string{"foo": "bar2"}
_, err = claimClient.Update(tCtx, modifiedClaim, metav1.UpdateOptions{})
ktesting.Step(tCtx, "modify claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Consistently(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
otherClaimAllocated = templatedTestClaimWithAdminAllocated.DeepCopy()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
otherClaimAllocated.Name += "2"
_, err = claimClient.Create(tCtx, otherClaimAllocated, metav1.CreateOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "true", Source: "resource_claim_template"}, 1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "create allocated claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
_, err = claimClient.Update(tCtx, templatedTestClaimWithAdmin, metav1.UpdateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "true", Source: "resource_claim_template"}, 1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "true", Source: "resource_claim_template"}, -1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "deallocate claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
err = claimClient.Delete(tCtx, templatedTestClaimWithAdmin.Name, metav1.DeleteOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "true", Source: "resource_claim_template"}, -1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "delete deallocated claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
err = claimClient.Delete(tCtx, otherClaimAllocated.Name, metav1.DeleteOptions{})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "true", Source: "resource_claim_template"}, -1)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
ktesting.Step(tCtx, "delete allocated claim with admin access", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
_, err = claimClient.Create(tCtx, extendedTestClaim, metav1.CreateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: "extended_resource"}, 1)
ktesting.Step(tCtx, "create extended resource claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
_, err = claimClient.Update(tCtx, extendedTestClaimAllocated, metav1.UpdateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: "extended_resource"}, -1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: "extended_resource"}, 1)
ktesting.Step(tCtx, "allocate extended resource claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
_, err = claimClient.Update(tCtx, extendedTestClaim, metav1.UpdateOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: "extended_resource"}, 1)
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "true", AdminAccess: "false", Source: "extended_resource"}, -1)
ktesting.Step(tCtx, "deallocate extended resource claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
err = claimClient.Delete(tCtx, extendedTestClaim.Name, metav1.DeleteOptions{})
em = em.withUpdates(resourceclaimmetrics.NumResourceClaimLabels{Allocated: "false", AdminAccess: "false", Source: "extended_resource"}, -1)
ktesting.Step(tCtx, "delete extended resource claim", func(tCtx ktesting.TContext) {
tCtx.ExpectNoError(err)
em.Eventually(tCtx)
})
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
em.Consistently(tCtx)
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
func TestGetAdminAccessMetricLabel(t *testing.T) {
tests := []struct {
name string
claim *resourceapi.ResourceClaim
want string
}{
{
name: "nil claim",
claim: nil,
want: "false",
},
{
name: "no requests",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: nil,
},
},
},
want: "false",
},
{
name: "admin access false",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: ptr.To(false),
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
},
},
},
},
want: "false",
},
{
name: "admin access true",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: ptr.To(true),
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
},
},
},
},
want: "true",
},
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
{
name: "prioritized list",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
FirstAvailable: []resourceapi.DeviceSubRequest{{}},
},
},
},
},
},
want: "false",
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
{
name: "multiple requests, one with admin access true",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: ptr.To(false),
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: ptr.To(true),
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
},
},
},
},
want: "true",
},
{
name: "multiple requests, all admin access false or nil",
claim: &resourceapi.ResourceClaim{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: nil,
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Exactly: &resourceapi.ExactDeviceRequest{
AdminAccess: ptr.To(false),
},
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
},
},
},
},
},
want: "false",
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got := getAdminAccessMetricLabel(tt.claim)
if got != tt.want {
t.Errorf("GetAdminAccessMetricLabel() = %v, want %v", got, tt.want)
}
})
}
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func makeClaim(name, namespace, classname string, owner *metav1.OwnerReference) *resourceapi.ResourceClaim {
claim := &resourceapi.ResourceClaim{
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace},
}
if owner != nil {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
claim.OwnerReferences = []metav1.OwnerReference{*owner}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
return claim
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
func makeTemplatedClaim(podClaimName, generateName, namespace, classname string, createCounter int, owner *metav1.OwnerReference, adminAccess *bool) *resourceapi.ResourceClaim {
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claim := &resourceapi.ResourceClaim{
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%d", generateName, createCounter),
GenerateName: generateName,
Namespace: namespace,
Annotations: map[string]string{"resource.kubernetes.io/pod-claim-name": podClaimName},
},
}
if owner != nil {
claim.OwnerReferences = []metav1.OwnerReference{*owner}
}
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
if adminAccess != nil {
claim.Spec = resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Name: "req-0",
Exactly: &resourceapi.ExactDeviceRequest{
DeviceClassName: "class",
AdminAccess: adminAccess,
},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
},
},
},
}
}
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
return claim
}
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
func makeExtendedResourceClaim(podName, namespace string, createCounter int, owner *metav1.OwnerReference) *resourceapi.ResourceClaim {
generateName := podName + "-extended-resources-"
claim := &resourceapi.ResourceClaim{
ObjectMeta: metav1.ObjectMeta{
Name: fmt.Sprintf("%s-%d", generateName, createCounter),
GenerateName: generateName,
Namespace: namespace,
Annotations: map[string]string{"resource.kubernetes.io/extended-resource-claim": "true"},
},
}
if owner != nil {
claim.OwnerReferences = []metav1.OwnerReference{*owner}
}
return claim
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func allocateClaim(claim *resourceapi.ResourceClaim) *resourceapi.ResourceClaim {
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
claim = claim.DeepCopy()
DRA: remove "sharable" from claim allocation result Now all claims are shareable up to the limit imposed by the size of the "reserverFor" array. This is one of the agreed simplifications for 1.31.
2024-06-13 12:43:17 -04:00
claim.Status.Allocation = &resourceapi.AllocationResult{}
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
return claim
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func structuredParameters(claim *resourceapi.ResourceClaim) *resourceapi.ResourceClaim {
dra controller: unit tests
2024-03-14 12:34:39 -04:00
claim = claim.DeepCopy()
// As far the controller is concerned, a claim was allocated by us if it has
// this finalizer. For testing we don't need to update the allocation result.
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claim.Finalizers = append(claim.Finalizers, resourceapi.Finalizer)
dra controller: unit tests
2024-03-14 12:34:39 -04:00
return claim
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func reserveClaim(claim *resourceapi.ResourceClaim, pod *v1.Pod) *resourceapi.ResourceClaim {
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
claim = claim.DeepCopy()
claim.Status.ReservedFor = append(claim.Status.ReservedFor,
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
resourceapi.ResourceClaimConsumerReference{
dra: handle scheduled pods in kube-controller-manager When someone decides that a Pod should definitely run on a specific node, they can create the Pod with spec.nodeName already set. Some custom scheduler might do that. Then kubelet starts to check the pod and (if DRA is enabled) will refuse to run it, either because the claims are still waiting for the first consumer or the pod wasn't added to reservedFor. Both are things the scheduler normally does. Also, if a pod got scheduled while the DRA feature was off in the kube-scheduler, a pod can reach the same state. The resource claim controller can handle these two cases by taking over for the kube-scheduler when nodeName is set. Triggering an allocation is simpler than in the scheduler because all it takes is creating the right PodSchedulingContext with spec.selectedNode set. There's no need to list nodes because that choice was already made, permanently. Adding the pod to reservedFor also isn't hard. What's currently missing is triggering de-allocation of claims to re-allocate them for the desired node. This is not important for claims that get created for the pod from a template and then only get used once, but it might be worthwhile to add de-allocation in the future.
2023-05-22 13:44:58 -04:00
Resource: "pods",
Name: pod.Name,
UID: pod.UID,
},
)
return claim
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
func makePodResourceClaim(name, templateName string) *v1.PodResourceClaim {
return &v1.PodResourceClaim{
DRA: remove "source" indirection from v1 Pod API This makes the API nicer: resourceClaims: - name: with-template resourceClaimTemplateName: test-inline-claim-template - name: with-claim resourceClaimName: test-shared-claim Previously, this was: resourceClaims: - name: with-template source: resourceClaimTemplateName: test-inline-claim-template - name: with-claim source: resourceClaimName: test-shared-claim A more long-term benefit is that other, future alternatives might not make sense under the "source" umbrella. This is a breaking change. It's justified because DRA is still alpha and will have several other API breaks in 1.31.
2024-05-24 09:24:24 -04:00
Name: name,
ResourceClaimTemplateName: &templateName,
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
func makePod(name, namespace string, uid types.UID, podClaims ...v1.PodResourceClaim) *v1.Pod {
pod := &v1.Pod{
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace, UID: uid},
Spec: v1.PodSpec{
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
ResourceClaims: podClaims,
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
},
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
return pod
}
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
func makeTemplate(name, namespace, classname string, adminAccess *bool) *resourceapi.ResourceClaimTemplate {
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
template := &resourceapi.ResourceClaimTemplate{
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace},
}
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
if adminAccess != nil {
template.Spec = resourceapi.ResourceClaimTemplateSpec{
Spec: resourceapi.ResourceClaimSpec{
Devices: resourceapi.DeviceClaim{
Requests: []resourceapi.DeviceRequest{
{
DRA: use v1 API As before when adding v1beta2, DRA drivers built using the k8s.io/dynamic-resource-allocation helper packages remain compatible with all Kubernetes release >= 1.32. The helper code picks whatever API version is enabled from v1beta1/v1beta2/v1. However, the control plane now depends on v1, so a cluster configuration where only v1beta1 or v1beta2 are enabled without the v1 won't work.
2025-07-04 11:43:31 -04:00
Name: "req-0",
Exactly: &resourceapi.ExactDeviceRequest{
DeviceClassName: "class",
AdminAccess: adminAccess,
},
DRA: AdminAccess validate based on namespace label Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2024-12-30 18:56:45 -05:00
},
},
},
},
}
}
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
return template
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
func podKey(pod *v1.Pod) string {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
return podKeyPrefix + pod.Namespace + "/" + pod.Name
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func claimKey(claim *resourceapi.ResourceClaim) string {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
return claimKeyPrefix + claim.Namespace + "/" + claim.Name
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
func makeOwnerReference(pod *v1.Pod, isController bool) *metav1.OwnerReference {
return &metav1.OwnerReference{
removed BlockOwnerDeletion
2025-10-24 17:34:31 -04:00
APIVersion: "v1",
Kind: "Pod",
Name: pod.Name,
UID: pod.UID,
Controller: &isController,
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
}
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
func normalizeClaims(claims []resourceapi.ResourceClaim) []resourceapi.ResourceClaim {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
sort.Slice(claims, func(i, j int) bool {
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
if claims[i].Namespace < claims[j].Namespace {
return true
}
if claims[i].Namespace > claims[j].Namespace {
return false
}
return claims[i].Name < claims[j].Name
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
})
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
for i := range claims {
if len(claims[i].Status.ReservedFor) == 0 {
claims[i].Status.ReservedFor = nil
}
}
return claims
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
func createTestClient(objects ...runtime.Object) *fake.Clientset {
fakeClient := fake.NewSimpleClientset(objects...)
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
fakeClient.PrependReactor("create", "resourceclaims", createResourceClaimReactor())
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
return fakeClient
}
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
// createResourceClaimReactor implements the logic required for the GenerateName field to work when using
// the fake client. Add it with client.PrependReactor to your fake client.
func createResourceClaimReactor() func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
nameCounter := 1
var mutex sync.Mutex
return func(action k8stesting.Action) (handled bool, ret runtime.Object, err error) {
mutex.Lock()
defer mutex.Unlock()
DRA: bump API v1alpha2 -> v1alpha3 This is in preparation for revamping the resource.k8s.io completely. Because there will be no support for transitioning from v1alpha2 to v1alpha3, the roundtrip test data for that API in 1.29 and 1.30 gets removed. Repeating the version in the import name of the API packages is not really required. It was done for a while to support simpler grepping for usage of alpha APIs, but there are better ways for that now. So during this transition, "resourceapi" gets used instead of "resourcev1alpha3" and the version gets dropped from informer and lister imports. The advantage is that the next bump to v1beta1 will affect fewer source code lines. Only source code where the version really matters (like API registration) retains the versioned import.
2024-06-14 06:40:48 -04:00
claim := action.(k8stesting.CreateAction).GetObject().(*resourceapi.ResourceClaim)
dra: generated name for ResourceClaim from template Generating the name avoids all potential name collisions. It's not clear how much of a problem that was because users can avoid them and the deterministic names for generic ephemeral volumes have not led to reports from users. But using generated names is not too hard either. What makes it relatively easy is that the new pod.status.resourceClaimStatus map stores the generated name for kubelet and node authorizer, i.e. the information in the pod is sufficient to determine the name of the ResourceClaim. The resource claim controller becomes a bit more complex and now needs permission to modify the pod status. The new failure scenario of "ResourceClaim created, updating pod status fails" is handled with the help of a new special "resource.kubernetes.io/pod-claim-name" annotation that together with the owner reference identifies exactly for what a ResourceClaim was generated, so updating the pod status can be retried for existing ResourceClaims. The transition from deterministic names is handled with a special case for that recovery code path: a ResourceClaim with no annotation and a name that follows the Kubernetes <= 1.27 naming pattern is assumed to be generated for that pod claim and gets added to the pod status. There's no immediate need for it, but just in case that it may become relevant, the name of the generated ResourceClaim may also be left unset to record that no claim was needed. Components processing such a pod can skip whatever they normally would do for the claim. To ensure that they do and also cover other cases properly ("no known field is set", "must check ownership"), resourceclaim.Name gets extended.
2023-04-14 03:50:52 -04:00
if claim.Name == "" && claim.GenerateName != "" {
claim.Name = fmt.Sprintf("%s-%d", claim.GenerateName, nameCounter)
}
nameCounter++
return false, nil, nil
}
}
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
type numMetrics struct {
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
metrics map[resourceclaimmetrics.NumResourceClaimLabels]float64
lister resourcelisters.ResourceClaimLister
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
func getNumMetric(lister resourcelisters.ResourceClaimLister, logger klog.Logger) (em numMetrics, err error) {
if lister == nil {
return numMetrics{}, nil
}
// Create a fresh collector instance for each call to avoid registration conflicts
freshCollector := newCustomCollector(lister, getAdminAccessMetricLabel, logger)
testRegistry := metrics.NewKubeRegistry()
testRegistry.CustomMustRegister(freshCollector)
gatheredMetrics, err := testRegistry.Gather()
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
if err != nil {
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
return numMetrics{}, fmt.Errorf("failed to gather metrics: %w", err)
}
metricName := "resourceclaim_controller_resource_claims"
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em = newNumMetrics(lister)
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
for _, mf := range gatheredMetrics {
if mf.GetName() != metricName {
continue
}
for _, metric := range mf.GetMetric() {
labels := make(map[string]string)
for _, labelPair := range metric.GetLabel() {
labels[labelPair.GetName()] = labelPair.GetValue()
}
allocated := labels["allocated"]
adminAccess := labels["admin_access"]
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
source := labels["source"]
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
value := metric.GetGauge().GetValue()
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
em.metrics[resourceclaimmetrics.NumResourceClaimLabels{
Allocated: allocated,
AdminAccess: adminAccess,
Source: source,
}] = value
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
}
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
return em, nil
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
}
func (em numMetrics) Eventually(tCtx ktesting.TContext) {
g := gomega.NewWithT(tCtx)
tCtx.Helper()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
g.Eventually(func() (numMetrics, error) {
result, err := getNumMetric(em.lister, tCtx.Logger())
result.lister = em.lister
return result, err
}).WithTimeout(5 * time.Second).Should(gomega.Equal(em))
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
}
func (em numMetrics) Consistently(tCtx ktesting.TContext) {
g := gomega.NewWithT(tCtx)
tCtx.Helper()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
g.Consistently(func() (numMetrics, error) {
result, err := getNumMetric(em.lister, tCtx.Logger())
result.lister = em.lister
return result, err
}).WithTimeout(time.Second).Should(gomega.Equal(em))
DRA resourceclaims: maintain metric of total and allocated claims These metrics can provide insights into ResourceClaim usage. The total count is redundant because the apiserver also provides count of resources, but having it in the same sub-system next to the count of allocated claims might be more discoverable and helps monitor the controller itself.
2024-09-26 08:43:12 -04:00
}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
type expectedMetrics struct {
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
numCreated int
numCreatedWithAdmin int
numFailures int
numFailureWithAdmin int
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
func expectMetrics(t *testing.T, em expectedMetrics) {
t.Helper()
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
// Check created claims
actualCreated, err := testutil.GetCounterMetricValue(resourceclaimmetrics.ResourceClaimCreate.WithLabelValues("success", "false"))
handleErr(t, err, "ResourceClaimCreateSuccesses")
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
if actualCreated != float64(em.numCreated) {
kube-controller-manager: add ResourceClaim controller The controller uses the exact same logic as the generic ephemeral inline volume controller, just for inline ResourceClaimTemplate -> ResourceClaim. In addition, it supports removal of pods from the ReservedFor field when those pods are known to not need the claim anymore. At the moment, only this special case is supported. Removal of arbitrary objects would imply granting full read access to all types to determine whether a) an object is gone and b) if the current incarnation is the one which is listed in ReservedFor. This may get added later.
2022-03-22 11:56:49 -04:00
t.Errorf("Expected claims to be created %d, got %v", em.numCreated, actualCreated)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
// Check created claims with admin access
actualCreatedWithAdmin, err := testutil.GetCounterMetricValue(resourceclaimmetrics.ResourceClaimCreate.WithLabelValues("success", "true"))
handleErr(t, err, "ResourceClaimCreateSuccessesWithAdminAccess")
if actualCreatedWithAdmin != float64(em.numCreatedWithAdmin) {
t.Errorf("Expected claims with admin access to be created %d, got %v", em.numCreatedWithAdmin, actualCreatedWithAdmin)
}
// Check failed claims
actualFailed, err := testutil.GetCounterMetricValue(resourceclaimmetrics.ResourceClaimCreate.WithLabelValues("failure", "false"))
handleErr(t, err, "ResourceClaimCreateFailures")
if actualFailed != float64(em.numFailures) {
t.Errorf("Expected claims to have failed %d, got %v", em.numFailures, actualFailed)
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
// Check failed claims with admin access
actualFailedWithAdmin, err := testutil.GetCounterMetricValue(resourceclaimmetrics.ResourceClaimCreate.WithLabelValues("failure", "true"))
handleErr(t, err, "ResourceClaimCreateFailuresWithAdminAccess")
if actualFailedWithAdmin != float64(em.numFailureWithAdmin) {
t.Errorf("Expected claims with admin access to have failed %d, got %v", em.numFailureWithAdmin, actualFailedWithAdmin)
}
}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
func handleErr(t *testing.T, err error, metricName string) {
if err != nil {
t.Errorf("Failed to get %s value, err: %v", metricName, err)
}
}
func setupMetrics() {
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
// Enable test mode to prevent global custom collector registration
resourceclaimmetrics.SetTestMode(true)
// Reset counter metrics for each test (they are registered by the controller itself)
resourceclaimmetrics.ResourceClaimCreate.Reset()
}
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
func newNumMetrics(lister resourcelisters.ResourceClaimLister) numMetrics {
metrics := make(map[resourceclaimmetrics.NumResourceClaimLabels]float64)
for _, allocated := range []string{"false", "true"} {
for _, adminAccess := range []string{"false", "true"} {
for _, source := range []string{"", "extended_resource", "resource_claim_template"} {
metrics[resourceclaimmetrics.NumResourceClaimLabels{
Allocated: allocated,
AdminAccess: adminAccess,
Source: source,
}] = 0
}
}
}
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
return numMetrics{
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
metrics: metrics,
lister: lister,
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
}
}
Addressed comments
2025-10-29 06:38:05 -04:00
func (em numMetrics) withUpdates(rcLabels resourceclaimmetrics.NumResourceClaimLabels, n float64) numMetrics {
em.metrics[rcLabels] += n
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
return numMetrics{
Refactor resource claim metrics to use structured labels and add "source" dimension. Signed-off-by: Ayato Tokubi <atokubi@redhat.com>
2025-10-08 09:16:42 -04:00
metrics: em.metrics,
lister: em.lister,
DRAAdminAccess: add metrics Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
2025-07-08 00:24:31 -04:00
}
kube-controller-manager: clone resource controller from volume/ephemeral
2022-03-22 04:59:20 -04:00
}
fix resource claims deallocation for extended resource when pod is completed Signed-off-by: Alay Patel <alayp@nvidia.com>
2025-09-27 17:13:13 -04:00
func TestEnqueuePodExtendedResourceClaims(t *testing.T) {
tests := []struct {
name string
pod *v1.Pod
featureGateEnabled bool
deleted bool
expectEarlyReturn bool
expectExtendedClaimEnqueued bool
}{
{
name: "pod with no resource claims",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{},
},
featureGateEnabled: true,
expectEarlyReturn: true,
expectExtendedClaimEnqueued: false,
},
{
name: "pod with regular resource claims only",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{
ResourceClaims: []v1.PodResourceClaim{{Name: "regular-claim"}},
},
Status: v1.PodStatus{Phase: v1.PodRunning},
},
featureGateEnabled: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: false,
},
{
name: "pod with extended resource claim, feature enabled, running pod",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{
Phase: v1.PodRunning,
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: false,
},
{
name: "pod with extended resource claim, feature enabled, completed pod",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{
Phase: v1.PodSucceeded,
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: true,
},
{
name: "pod with extended resource claim, feature enabled, failed pod",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{
Phase: v1.PodFailed, // Failed pod
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: true,
},
{
name: "pod with extended resource claim, feature disabled",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{
Phase: v1.PodSucceeded,
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: false,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: true,
},
{
name: "deleted pod with extended resource claim",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{},
Status: v1.PodStatus{
Phase: v1.PodSucceeded,
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: true,
deleted: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: true,
},
{
name: "pod with both regular and extended resource claims, completed",
pod: &v1.Pod{
ObjectMeta: metav1.ObjectMeta{Name: "test-pod", Namespace: "default"},
Spec: v1.PodSpec{
ResourceClaims: []v1.PodResourceClaim{{Name: "regular-claim"}},
},
Status: v1.PodStatus{
Phase: v1.PodSucceeded,
ExtendedResourceClaimStatus: &v1.PodExtendedResourceClaimStatus{
ResourceClaimName: "test-extended-claim",
},
},
},
featureGateEnabled: true,
expectEarlyReturn: false,
expectExtendedClaimEnqueued: true,
},
}
for _, test := range tests {
t.Run(test.name, func(t *testing.T) {
featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.DRAExtendedResource, test.featureGateEnabled)
tCtx := ktesting.Init(t)
tCtx = ktesting.WithCancel(tCtx)
fakeKubeClient := createTestClient()
informerFactory := informers.NewSharedInformerFactory(fakeKubeClient, controller.NoResyncPeriodFunc())
podInformer := informerFactory.Core().V1().Pods()
claimInformer := informerFactory.Resource().V1().ResourceClaims()
templateInformer := informerFactory.Resource().V1().ResourceClaimTemplates()
setupMetrics()
ec, err := NewController(tCtx.Logger(), Features{}, fakeKubeClient, podInformer, claimInformer, templateInformer)
if err != nil {
t.Fatalf("error creating controller: %v", err)
}
ec.enqueuePod(tCtx.Logger(), test.pod, test.deleted)
var keys []string
for ec.queue.Len() > 0 {
k, _ := ec.queue.Get()
keys = append(keys, k)
ec.queue.Forget(k)
ec.queue.Done(k)
}
if test.expectEarlyReturn {
if len(keys) != 0 {
t.Errorf("expected no keys enqueued on early return, got: %v", keys)
}
return
}
var expectedClaimKey string
if test.pod.Status.ExtendedResourceClaimStatus != nil {
expectedClaimKey = claimKeyPrefix + test.pod.Namespace + "/" + test.pod.Status.ExtendedResourceClaimStatus.ResourceClaimName
}
found := false
for _, k := range keys {
if k == expectedClaimKey {
found = true
break
}
}
if test.expectExtendedClaimEnqueued && !found {
t.Errorf("expected extended claim key %q to be enqueued, got keys: %v", expectedClaimKey, keys)
}
if !test.expectExtendedClaimEnqueued && found {
t.Errorf("did not expect extended claim key %q to be enqueued, got keys: %v", expectedClaimKey, keys)
}
})
}
}
Reference in a new issue Copy permalink