github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #30302 from aveshagarwal/master-project-node-selector-taints-tolerations

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 43870, 30302, 42722, 43736)

Admission plugin to merge pod and namespace tolerations for restricting pod placement on nodes

```release-note
This admission plugin checks for tolerations on the pod being admitted and its namespace, and verifies if there is any conflict. If there is no conflict, then it merges the pod's namespace tolerations with the the pod's tolerations and it verifies them against its namespace' whitelist of tolerations and returns. If a namespace does not have its default or whitelist tolerations specified, then cluster level default and whitelist is used. An example of its versioned config:

apiVersion: apiserver.k8s.io/v1alpha1
kind: AdmissionConfiguration
plugins:
- name: "PodTolerationRestriction"
  configuration:
    apiVersion: podtolerationrestriction.admission.k8s.io/v1alpha1
    kind: Configuration
    default:
     - Key: key1
       Value: value1
     - Key: key2
       Value: value2
    whitelist:
    - Key: key1
      Value: value1
    - Key: key2
      Value: value2
```
This commit is contained in:
Kubernetes Submit Queue
2017-04-10 13:33:13 -07:00
committed by GitHub
parent fddc0b4a85 5f309eec9a
commit d2e4f54791
33 changed files with 1635 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
pkg/api/validation/validation.go
View File

@@ -146,7 +146,7 @@ func ValidateTolerationsInPodAnnotations(annotations map[string]string, fldPath
}
if len(tolerations) > 0 {
allErrs = append(allErrs, validateTolerations(tolerations, fldPath.Child(api.TolerationsAnnotationKey))...)
allErrs = append(allErrs, ValidateTolerations(tolerations, fldPath.Child(api.TolerationsAnnotationKey))...)
}
return allErrs
@@ -1994,12 +1994,12 @@ func validateOnlyAddedTolerations(newTolerations []api.Toleration, oldToleration
}
}
allErrs = append(allErrs, validateTolerations(newTolerations, fldPath)...)
allErrs = append(allErrs, ValidateTolerations(newTolerations, fldPath)...)
return allErrs
}
// validateTolerations tests if given tolerations have valid data.
func validateTolerations(tolerations []api.Toleration, fldPath *field.Path) field.ErrorList {
// ValidateTolerations tests if given tolerations have valid data.
func ValidateTolerations(tolerations []api.Toleration, fldPath *field.Path) field.ErrorList {
allErrors := field.ErrorList{}
for i, toleration := range tolerations {
idxPath := fldPath.Index(i)
@@ -2096,7 +2096,7 @@ func ValidatePodSpec(spec *api.PodSpec, fldPath *field.Path) field.ErrorList {
}
if len(spec.Tolerations) > 0 {
allErrs = append(allErrs, validateTolerations(spec.Tolerations, fldPath.Child("tolerations"))...)
allErrs = append(allErrs, ValidateTolerations(spec.Tolerations, fldPath.Child("tolerations"))...)
}
return allErrs