Promote Local storage capacity isolation feature to GA

This change is to promote local storage capacity isolation feature to GA At the same time, to allow rootless system disable this feature due to unable to get root fs, this change introduced a new kubelet config "localStorageCapacityIsolation". By default it is set to true. For rootless systems, they can set this configuration to false to disable the feature. Once it is set, user cannot set ephemeral-storage request/limit because capacity and allocatable will not be set. Change-Id: I48a52e737c6a09e9131454db6ad31247b56c000a
2022-07-28 08:03:20 -07:00
parent bc4c4930ff
commit 0064010cdd
42 changed files with 267 additions and 383 deletions
--- a/pkg/kubelet/cm/container_manager_linux_test.go
+++ b/pkg/kubelet/cm/container_manager_linux_test.go
@@ -28,9 +28,6 @@ import (

 	gomock "github.com/golang/mock/gomock"
 	cadvisorapiv2 "github.com/google/cadvisor/info/v2"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
-	featuregatetesting "k8s.io/component-base/featuregate/testing"
-	kubefeatures "k8s.io/kubernetes/pkg/features"

 	"github.com/opencontainers/runc/libcontainer/cgroups"
 	"github.com/stretchr/testify/assert"
@@ -193,11 +190,11 @@ func TestGetCapacity(t *testing.T) {
 	mockCadvisorError := cadvisortest.NewMockInterface(mockCtrlError)
 	mockCadvisorError.EXPECT().RootFsInfo().Return(cadvisorapiv2.FsInfo{}, errors.New("Unable to get rootfs data from cAdvisor interface"))
 	cases := []struct {
-		name                                string
-		cm                                  *containerManagerImpl
-		expectedResourceQuantity            *resource.Quantity
-		expectedNoEphemeralStorage          bool
-		enableLocalStorageCapacityIsolation bool
+		name                                 string
+		cm                                   *containerManagerImpl
+		expectedResourceQuantity             *resource.Quantity
+		expectedNoEphemeralStorage           bool
+		disablelocalStorageCapacityIsolation bool
 	}{
 		{
 			name: "capacity property has ephemeral-storage",
@@ -207,9 +204,8 @@ func TestGetCapacity(t *testing.T) {
 					v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStorageFromCapacity, resource.BinarySI),
 				},
 			},
-			expectedResourceQuantity:            resource.NewQuantity(ephemeralStorageFromCapacity, resource.BinarySI),
-			expectedNoEphemeralStorage:          false,
-			enableLocalStorageCapacityIsolation: true,
+			expectedResourceQuantity:   resource.NewQuantity(ephemeralStorageFromCapacity, resource.BinarySI),
+			expectedNoEphemeralStorage: false,
 		},
 		{
 			name: "capacity property does not have ephemeral-storage",
@@ -217,9 +213,8 @@ func TestGetCapacity(t *testing.T) {
 				cadvisorInterface: mockCadvisor,
 				capacity:          v1.ResourceList{},
 			},
-			expectedResourceQuantity:            resource.NewQuantity(ephemeralStorageFromCadvisor, resource.BinarySI),
-			expectedNoEphemeralStorage:          false,
-			enableLocalStorageCapacityIsolation: true,
+			expectedResourceQuantity:   resource.NewQuantity(ephemeralStorageFromCadvisor, resource.BinarySI),
+			expectedNoEphemeralStorage: false,
 		},
 		{
 			name: "capacity property does not have ephemeral-storage, error from rootfs",
@@ -227,8 +222,7 @@ func TestGetCapacity(t *testing.T) {
 				cadvisorInterface: mockCadvisorError,
 				capacity:          v1.ResourceList{},
 			},
-			expectedNoEphemeralStorage:          true,
-			enableLocalStorageCapacityIsolation: true,
+			expectedNoEphemeralStorage: true,
 		},
 		{
 			name: "capacity property does not have ephemeral-storage, cadvisor interface is nil",
@@ -236,26 +230,24 @@ func TestGetCapacity(t *testing.T) {
 				cadvisorInterface: nil,
 				capacity:          v1.ResourceList{},
 			},
-			expectedNoEphemeralStorage:          true,
-			enableLocalStorageCapacityIsolation: true,
+			expectedNoEphemeralStorage: true,
 		},
 		{
-			name: "LocalStorageCapacityIsolation feature flag is disabled",
+			name: "capacity property has ephemeral-storage, but localStorageCapacityIsolation is disabled",
 			cm: &containerManagerImpl{
 				cadvisorInterface: mockCadvisor,
 				capacity: v1.ResourceList{
-					v1.ResourceCPU:    resource.MustParse("4"),
-					v1.ResourceMemory: resource.MustParse("16G"),
+					v1.ResourceEphemeralStorage: *resource.NewQuantity(ephemeralStorageFromCapacity, resource.BinarySI),
 				},
 			},
-			expectedNoEphemeralStorage:          true,
-			enableLocalStorageCapacityIsolation: false,
+			expectedResourceQuantity:             resource.NewQuantity(ephemeralStorageFromCapacity, resource.BinarySI),
+			expectedNoEphemeralStorage:           true,
+			disablelocalStorageCapacityIsolation: true,
 		},
 	}
 	for _, c := range cases {
 		t.Run(c.name, func(t *testing.T) {
-			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, kubefeatures.LocalStorageCapacityIsolation, c.enableLocalStorageCapacityIsolation)()
-			ret := c.cm.GetCapacity()
+			ret := c.cm.GetCapacity(!c.disablelocalStorageCapacityIsolation)
 			if v, exists := ret[v1.ResourceEphemeralStorage]; !exists {
 				if !c.expectedNoEphemeralStorage {
 					t.Errorf("did not get any ephemeral storage data")