Promote Local storage capacity isolation feature to GA

This change is to promote local storage capacity isolation feature to GA At the same time, to allow rootless system disable this feature due to unable to get root fs, this change introduced a new kubelet config "localStorageCapacityIsolation". By default it is set to true. For rootless systems, they can set this configuration to false to disable the feature. Once it is set, user cannot set ephemeral-storage request/limit because capacity and allocatable will not be set. Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
2022-07-28 08:03:20 -07:00
parent bc4c4930ff
commit 0064010cdd
42 changed files with 267 additions and 383 deletions
--- a/pkg/kubelet/apis/config/fuzzer/fuzzer.go
+++ b/pkg/kubelet/apis/config/fuzzer/fuzzer.go
@@ -20,7 +20,7 @@ import (
 	"math/rand"
 	"time"

-	"github.com/google/gofuzz"
+	fuzz "github.com/google/gofuzz"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer"
@@ -110,6 +110,7 @@ func Funcs(codecs runtimeserializer.CodecFactory) []interface{} {
 			}
 			obj.EnableSystemLogHandler = true
 			obj.MemoryThrottlingFactor = utilpointer.Float64Ptr(rand.Float64())
+			obj.LocalStorageCapacityIsolation = true
 		},
 	}
 }
--- a/pkg/kubelet/apis/config/helpers_test.go
+++ b/pkg/kubelet/apis/config/helpers_test.go
@@ -282,5 +282,6 @@ var (
 		"MemoryThrottlingFactor",
 		"Tracing.Endpoint",
 		"Tracing.SamplingRatePerMillion",
+		"LocalStorageCapacityIsolation",
 	)
 )
--- a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml
+++ b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/after/v1beta1.yaml
@@ -52,6 +52,7 @@ iptablesMasqueradeBit: 14
 kind: KubeletConfiguration
 kubeAPIBurst: 10
 kubeAPIQPS: 5
+localStorageCapacityIsolation: true
 logging:
  flushFrequency: 5000000000
  format: text
--- a/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml
+++ b/pkg/kubelet/apis/config/scheme/testdata/KubeletConfiguration/roundtrip/default/v1beta1.yaml
@@ -52,6 +52,7 @@ iptablesMasqueradeBit: 14
 kind: KubeletConfiguration
 kubeAPIBurst: 10
 kubeAPIQPS: 5
+localStorageCapacityIsolation: true
 logging:
  flushFrequency: 5000000000
  format: text
--- a/pkg/kubelet/apis/config/types.go
+++ b/pkg/kubelet/apis/config/types.go
@@ -450,6 +450,16 @@ type KubeletConfiguration struct {
 	// +featureGate=KubeletTracing
 	// +optional
 	Tracing *tracingapi.TracingConfiguration
+
+	// LocalStorageCapacityIsolation enables local ephemeral storage isolation feature. The default setting is true.
+	// This feature allows users to set request/limit for container's ephemeral storage and manage it in a similar way
+	// as cpu and memory. It also allows setting sizeLimit for emptyDir volume, which will trigger pod eviction if disk
+	// usage from the volume exceeds the limit.
+	// This feature depends on the capability of detecting correct root file system disk usage. For certain systems,
+	// such as kind rootless, if this capability cannot be supported, the feature LocalStorageCapacityIsolation should be
+	// disabled. Once disabled, user should not set request/limit for container's ephemeral storage, or sizeLimit for emptyDir.
+	// +optional
+	LocalStorageCapacityIsolation bool
 }

 // KubeletAuthorizationMode denotes the authorization mode for the kubelet
--- a/pkg/kubelet/apis/config/v1beta1/defaults.go
+++ b/pkg/kubelet/apis/config/v1beta1/defaults.go
@@ -264,4 +264,7 @@ func SetDefaults_KubeletConfiguration(obj *kubeletconfigv1beta1.KubeletConfigura
 	if obj.RegisterNode == nil {
 		obj.RegisterNode = utilpointer.BoolPtr(true)
 	}
+	if obj.LocalStorageCapacityIsolation == nil {
+		obj.LocalStorageCapacityIsolation = utilpointer.BoolPtr(true)
+	}
 }
--- a/pkg/kubelet/apis/config/v1beta1/defaults_test.go
+++ b/pkg/kubelet/apis/config/v1beta1/defaults_test.go
@@ -115,12 +115,13 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 					Format:         "text",
 					FlushFrequency: 5 * time.Second,
 				},
-				EnableSystemLogHandler:  utilpointer.BoolPtr(true),
-				EnableProfilingHandler:  utilpointer.BoolPtr(true),
-				EnableDebugFlagsHandler: utilpointer.BoolPtr(true),
-				SeccompDefault:          utilpointer.BoolPtr(false),
-				MemoryThrottlingFactor:  utilpointer.Float64Ptr(DefaultMemoryThrottlingFactor),
-				RegisterNode:            utilpointer.BoolPtr(true),
+				EnableSystemLogHandler:        utilpointer.BoolPtr(true),
+				EnableProfilingHandler:        utilpointer.BoolPtr(true),
+				EnableDebugFlagsHandler:       utilpointer.BoolPtr(true),
+				SeccompDefault:                utilpointer.BoolPtr(false),
+				MemoryThrottlingFactor:        utilpointer.Float64Ptr(DefaultMemoryThrottlingFactor),
+				RegisterNode:                  utilpointer.BoolPtr(true),
+				LocalStorageCapacityIsolation: utilpointer.BoolPtr(true),
 			},
 		},
 		{
@@ -245,6 +246,7 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 				SeccompDefault:                  utilpointer.Bool(false),
 				MemoryThrottlingFactor:          utilpointer.Float64(0),
 				RegisterNode:                    utilpointer.BoolPtr(false),
+				LocalStorageCapacityIsolation:   utilpointer.BoolPtr(false),
 			},
 			&v1beta1.KubeletConfiguration{
 				EnableServer:       utilpointer.BoolPtr(false),
@@ -333,13 +335,14 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 					Format:         "text",
 					FlushFrequency: 5 * time.Second,
 				},
-				EnableSystemLogHandler:  utilpointer.Bool(false),
-				ReservedMemory:          []v1beta1.MemoryReservation{},
-				EnableProfilingHandler:  utilpointer.Bool(false),
-				EnableDebugFlagsHandler: utilpointer.Bool(false),
-				SeccompDefault:          utilpointer.Bool(false),
-				MemoryThrottlingFactor:  utilpointer.Float64(0),
-				RegisterNode:            utilpointer.BoolPtr(false),
+				EnableSystemLogHandler:        utilpointer.Bool(false),
+				ReservedMemory:                []v1beta1.MemoryReservation{},
+				EnableProfilingHandler:        utilpointer.Bool(false),
+				EnableDebugFlagsHandler:       utilpointer.Bool(false),
+				SeccompDefault:                utilpointer.Bool(false),
+				MemoryThrottlingFactor:        utilpointer.Float64(0),
+				RegisterNode:                  utilpointer.BoolPtr(false),
+				LocalStorageCapacityIsolation: utilpointer.BoolPtr(false),
 			},
 		},
 		{
@@ -481,11 +484,12 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 						Limits:   v1.ResourceList{v1.ResourceMemory: resource.MustParse("1Gi")},
 					},
 				},
-				EnableProfilingHandler:  utilpointer.Bool(true),
-				EnableDebugFlagsHandler: utilpointer.Bool(true),
-				SeccompDefault:          utilpointer.Bool(true),
-				MemoryThrottlingFactor:  utilpointer.Float64(1),
-				RegisterNode:            utilpointer.BoolPtr(true),
+				EnableProfilingHandler:        utilpointer.Bool(true),
+				EnableDebugFlagsHandler:       utilpointer.Bool(true),
+				SeccompDefault:                utilpointer.Bool(true),
+				MemoryThrottlingFactor:        utilpointer.Float64(1),
+				RegisterNode:                  utilpointer.BoolPtr(true),
+				LocalStorageCapacityIsolation: utilpointer.BoolPtr(true),
 			},
 			&v1beta1.KubeletConfiguration{
 				EnableServer:       utilpointer.BoolPtr(true),
@@ -624,11 +628,12 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 						Limits:   v1.ResourceList{v1.ResourceMemory: resource.MustParse("1Gi")},
 					},
 				},
-				EnableProfilingHandler:  utilpointer.Bool(true),
-				EnableDebugFlagsHandler: utilpointer.Bool(true),
-				SeccompDefault:          utilpointer.Bool(true),
-				MemoryThrottlingFactor:  utilpointer.Float64(1),
-				RegisterNode:            utilpointer.BoolPtr(true),
+				EnableProfilingHandler:        utilpointer.Bool(true),
+				EnableDebugFlagsHandler:       utilpointer.Bool(true),
+				SeccompDefault:                utilpointer.Bool(true),
+				MemoryThrottlingFactor:        utilpointer.Float64(1),
+				RegisterNode:                  utilpointer.BoolPtr(true),
+				LocalStorageCapacityIsolation: utilpointer.BoolPtr(true),
 			},
 		},
 		{
@@ -709,12 +714,13 @@ func TestSetDefaultsKubeletConfiguration(t *testing.T) {
 					Format:         "text",
 					FlushFrequency: 5 * time.Second,
 				},
-				EnableSystemLogHandler:  utilpointer.BoolPtr(true),
-				EnableProfilingHandler:  utilpointer.BoolPtr(true),
-				EnableDebugFlagsHandler: utilpointer.BoolPtr(true),
-				SeccompDefault:          utilpointer.BoolPtr(false),
-				MemoryThrottlingFactor:  utilpointer.Float64Ptr(DefaultMemoryThrottlingFactor),
-				RegisterNode:            utilpointer.BoolPtr(true),
+				EnableSystemLogHandler:        utilpointer.BoolPtr(true),
+				EnableProfilingHandler:        utilpointer.BoolPtr(true),
+				EnableDebugFlagsHandler:       utilpointer.BoolPtr(true),
+				SeccompDefault:                utilpointer.BoolPtr(false),
+				MemoryThrottlingFactor:        utilpointer.Float64Ptr(DefaultMemoryThrottlingFactor),
+				RegisterNode:                  utilpointer.BoolPtr(true),
+				LocalStorageCapacityIsolation: utilpointer.BoolPtr(true),
 			},
 		},
 	}
--- a/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go
+++ b/pkg/kubelet/apis/config/v1beta1/zz_generated.conversion.go
@@ -508,6 +508,9 @@ func autoConvert_v1beta1_KubeletConfiguration_To_config_KubeletConfiguration(in
 		return err
 	}
 	out.Tracing = (*apiv1.TracingConfiguration)(unsafe.Pointer(in.Tracing))
+	if err := v1.Convert_Pointer_bool_To_bool(&in.LocalStorageCapacityIsolation, &out.LocalStorageCapacityIsolation, s); err != nil {
+		return err
+	}
 	return nil
 }

@@ -683,6 +686,9 @@ func autoConvert_config_KubeletConfiguration_To_v1beta1_KubeletConfiguration(in
 		return err
 	}
 	out.Tracing = (*apiv1.TracingConfiguration)(unsafe.Pointer(in.Tracing))
+	if err := v1.Convert_bool_To_Pointer_bool(&in.LocalStorageCapacityIsolation, &out.LocalStorageCapacityIsolation, s); err != nil {
+		return err
+	}
 	return nil
 }