Add request value verification for hugepage
This commit is contained in:
lala123912
@@ -39,6 +39,21 @@ func IsHugePageResourceName(name core.ResourceName) bool {
|
||||
return strings.HasPrefix(string(name), core.ResourceHugePagesPrefix)
|
||||
}
|
||||
|
||||
// IsHugePageResourceValueDivisible returns true if the resource value of storage is
|
||||
// integer multiple of page size.
|
||||
func IsHugePageResourceValueDivisible(name core.ResourceName, quantity resource.Quantity) bool {
|
||||
pageSize, err := HugePageSizeFromResourceName(name)
|
||||
if err != nil {
|
||||
return false
|
||||
}
|
||||
|
||||
if pageSize.Sign() <= 0 || pageSize.MilliValue()%int64(1000) != int64(0) {
|
||||
return false
|
||||
}
|
||||
|
||||
return quantity.Value()%pageSize.Value() == 0
|
||||
}
|
||||
|
||||
// IsQuotaHugePageResourceName returns true if the resource name has the quota
|
||||
// related huge page resource prefix.
|
||||
func IsQuotaHugePageResourceName(name core.ResourceName) bool {
|
||||
|
||||
@@ -211,6 +211,60 @@ func TestIsHugePageResourceName(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestIsHugePageResourceValueDivisible(t *testing.T) {
|
||||
testCases := []struct {
|
||||
name core.ResourceName
|
||||
quantity resource.Quantity
|
||||
result bool
|
||||
}{
|
||||
{
|
||||
name: core.ResourceName("hugepages-2Mi"),
|
||||
quantity: resource.MustParse("4Mi"),
|
||||
result: true,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-2Mi"),
|
||||
quantity: resource.MustParse("5Mi"),
|
||||
result: false,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-1Gi"),
|
||||
quantity: resource.MustParse("2Gi"),
|
||||
result: true,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-1Gi"),
|
||||
quantity: resource.MustParse("2.1Gi"),
|
||||
result: false,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-1Mi"),
|
||||
quantity: resource.MustParse("2.1Mi"),
|
||||
result: false,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-64Ki"),
|
||||
quantity: resource.MustParse("128Ki"),
|
||||
result: true,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages-"),
|
||||
quantity: resource.MustParse("128Ki"),
|
||||
result: false,
|
||||
},
|
||||
{
|
||||
name: core.ResourceName("hugepages"),
|
||||
quantity: resource.MustParse("128Ki"),
|
||||
result: false,
|
||||
},
|
||||
}
|
||||
for _, testCase := range testCases {
|
||||
if testCase.result != IsHugePageResourceValueDivisible(testCase.name, testCase.quantity) {
|
||||
t.Errorf("resource: %v storage:%v expected result: %v", testCase.name, testCase.quantity, testCase.result)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestHugePageResourceName(t *testing.T) {
|
||||
testCases := []struct {
|
||||
pageSize resource.Quantity
|
||||
|
||||
@@ -292,9 +292,9 @@ func ValidateRuntimeClassName(name string, fldPath *field.Path) field.ErrorList
|
||||
}
|
||||
|
||||
// validateOverhead can be used to check whether the given Overhead is valid.
|
||||
func validateOverhead(overhead core.ResourceList, fldPath *field.Path) field.ErrorList {
|
||||
func validateOverhead(overhead core.ResourceList, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
|
||||
// reuse the ResourceRequirements validation logic
|
||||
return ValidateResourceRequirements(&core.ResourceRequirements{Limits: overhead}, fldPath)
|
||||
return ValidateResourceRequirements(&core.ResourceRequirements{Limits: overhead}, fldPath, opts)
|
||||
}
|
||||
|
||||
// Validates that given value is not negative.
|
||||
@@ -2880,7 +2880,7 @@ func validateContainers(containers []core.Container, isInitContainers bool, volu
|
||||
allErrs = append(allErrs, ValidateVolumeMounts(ctr.VolumeMounts, volDevices, volumes, &ctr, idxPath.Child("volumeMounts"))...)
|
||||
allErrs = append(allErrs, ValidateVolumeDevices(ctr.VolumeDevices, volMounts, volumes, idxPath.Child("volumeDevices"))...)
|
||||
allErrs = append(allErrs, validatePullPolicy(ctr.ImagePullPolicy, idxPath.Child("imagePullPolicy"))...)
|
||||
allErrs = append(allErrs, ValidateResourceRequirements(&ctr.Resources, idxPath.Child("resources"))...)
|
||||
allErrs = append(allErrs, ValidateResourceRequirements(&ctr.Resources, idxPath.Child("resources"), opts)...)
|
||||
allErrs = append(allErrs, ValidateSecurityContext(ctr.SecurityContext, idxPath.Child("securityContext"))...)
|
||||
}
|
||||
|
||||
@@ -3193,6 +3193,8 @@ type PodValidationOptions struct {
|
||||
AllowDownwardAPIHugePages bool
|
||||
// Allow invalid pod-deletion-cost annotation value for backward compatibility.
|
||||
AllowInvalidPodDeletionCost bool
|
||||
// Allow pod spec to use non-integer multiple of huge page unit size
|
||||
AllowIndivisibleHugePagesValues bool
|
||||
}
|
||||
|
||||
// ValidatePodSingleHugePageResources checks if there are multiple huge
|
||||
@@ -3366,7 +3368,7 @@ func ValidatePodSpec(spec *core.PodSpec, podMeta *metav1.ObjectMeta, fldPath *fi
|
||||
}
|
||||
|
||||
if spec.Overhead != nil {
|
||||
allErrs = append(allErrs, validateOverhead(spec.Overhead, fldPath.Child("overhead"))...)
|
||||
allErrs = append(allErrs, validateOverhead(spec.Overhead, fldPath.Child("overhead"), opts)...)
|
||||
}
|
||||
|
||||
return allErrs
|
||||
@@ -5321,7 +5323,7 @@ func validateBasicResource(quantity resource.Quantity, fldPath *field.Path) fiel
|
||||
}
|
||||
|
||||
// Validates resource requirement spec.
|
||||
func ValidateResourceRequirements(requirements *core.ResourceRequirements, fldPath *field.Path) field.ErrorList {
|
||||
func ValidateResourceRequirements(requirements *core.ResourceRequirements, fldPath *field.Path, opts PodValidationOptions) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
limPath := fldPath.Child("limits")
|
||||
reqPath := fldPath.Child("requests")
|
||||
@@ -5341,6 +5343,9 @@ func ValidateResourceRequirements(requirements *core.ResourceRequirements, fldPa
|
||||
|
||||
if helper.IsHugePageResourceName(resourceName) {
|
||||
limContainsHugePages = true
|
||||
if err := validateResourceQuantityHugePageValue(resourceName, quantity, opts); err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), err.Error()))
|
||||
}
|
||||
}
|
||||
|
||||
if supportedQoSComputeResources.Has(string(resourceName)) {
|
||||
@@ -5368,6 +5373,9 @@ func ValidateResourceRequirements(requirements *core.ResourceRequirements, fldPa
|
||||
}
|
||||
if helper.IsHugePageResourceName(resourceName) {
|
||||
reqContainsHugePages = true
|
||||
if err := validateResourceQuantityHugePageValue(resourceName, quantity, opts); err != nil {
|
||||
allErrs = append(allErrs, field.Invalid(fldPath, quantity.String(), err.Error()))
|
||||
}
|
||||
}
|
||||
if supportedQoSComputeResources.Has(string(resourceName)) {
|
||||
reqContainsCPUOrMemory = true
|
||||
@@ -5381,6 +5389,18 @@ func ValidateResourceRequirements(requirements *core.ResourceRequirements, fldPa
|
||||
return allErrs
|
||||
}
|
||||
|
||||
func validateResourceQuantityHugePageValue(name core.ResourceName, quantity resource.Quantity, opts PodValidationOptions) error {
|
||||
if !helper.IsHugePageResourceName(name) {
|
||||
return nil
|
||||
}
|
||||
|
||||
if !opts.AllowIndivisibleHugePagesValues && !helper.IsHugePageResourceValueDivisible(name, quantity) {
|
||||
return fmt.Errorf("%s is not positive integer multiple of %s", quantity.String(), name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// validateResourceQuotaScopes ensures that each enumerated hard resource constraint is valid for set of scopes
|
||||
func validateResourceQuotaScopes(resourceQuotaSpec *core.ResourceQuotaSpec, opts ResourceQuotaValidationOptions, fld *field.Path) field.ErrorList {
|
||||
allErrs := field.ErrorList{}
|
||||
|
||||
@@ -4446,7 +4446,7 @@ func TestAlphaLocalStorageCapacityIsolation(t *testing.T) {
|
||||
resource.BinarySI),
|
||||
},
|
||||
}
|
||||
if errs := ValidateResourceRequirements(&containerLimitCase, field.NewPath("resources")); len(errs) != 0 {
|
||||
if errs := ValidateResourceRequirements(&containerLimitCase, field.NewPath("resources"), PodValidationOptions{}); len(errs) != 0 {
|
||||
t.Errorf("expected success: %v", errs)
|
||||
}
|
||||
}
|
||||
@@ -16410,7 +16410,7 @@ func TestValidateOverhead(t *testing.T) {
|
||||
},
|
||||
}
|
||||
for _, tc := range successCase {
|
||||
if errs := validateOverhead(tc.overhead, field.NewPath("overheads")); len(errs) != 0 {
|
||||
if errs := validateOverhead(tc.overhead, field.NewPath("overheads"), PodValidationOptions{}); len(errs) != 0 {
|
||||
t.Errorf("%q unexpected error: %v", tc.Name, errs)
|
||||
}
|
||||
}
|
||||
@@ -16427,7 +16427,7 @@ func TestValidateOverhead(t *testing.T) {
|
||||
},
|
||||
}
|
||||
for _, tc := range errorCase {
|
||||
if errs := validateOverhead(tc.overhead, field.NewPath("resources")); len(errs) == 0 {
|
||||
if errs := validateOverhead(tc.overhead, field.NewPath("resources"), PodValidationOptions{}); len(errs) == 0 {
|
||||
t.Errorf("%q expected error", tc.Name)
|
||||
}
|
||||
}
|
||||
@@ -17087,3 +17087,86 @@ func TestValidatePodTemplateSpecSeccomp(t *testing.T) {
|
||||
asserttestify.Equal(t, test.expectedErr, err, "TestCase[%d]: %s", i, test.description)
|
||||
}
|
||||
}
|
||||
|
||||
func TestValidateResourceRequirements(t *testing.T) {
|
||||
path := field.NewPath("resources")
|
||||
tests := []struct {
|
||||
name string
|
||||
requirements core.ResourceRequirements
|
||||
opts PodValidationOptions
|
||||
}{
|
||||
{
|
||||
name: "limits and requests of hugepage resource are equal",
|
||||
requirements: core.ResourceRequirements{
|
||||
Limits: core.ResourceList{
|
||||
core.ResourceCPU: resource.MustParse("10"),
|
||||
core.ResourceName(core.ResourceHugePagesPrefix + "2Mi"): resource.MustParse("2Mi"),
|
||||
},
|
||||
Requests: core.ResourceList{
|
||||
core.ResourceCPU: resource.MustParse("10"),
|
||||
core.ResourceName(core.ResourceHugePagesPrefix + "2Mi"): resource.MustParse("2Mi"),
|
||||
},
|
||||
},
|
||||
opts: PodValidationOptions{},
|
||||
},
|
||||
{
|
||||
name: "limits and requests of memory resource are equal",
|
||||
requirements: core.ResourceRequirements{
|
||||
Limits: core.ResourceList{
|
||||
core.ResourceMemory: resource.MustParse("2Mi"),
|
||||
},
|
||||
Requests: core.ResourceList{
|
||||
core.ResourceMemory: resource.MustParse("2Mi"),
|
||||
},
|
||||
},
|
||||
opts: PodValidationOptions{},
|
||||
},
|
||||
{
|
||||
name: "limits and requests of cpu resource are equal",
|
||||
requirements: core.ResourceRequirements{
|
||||
Limits: core.ResourceList{
|
||||
core.ResourceCPU: resource.MustParse("10"),
|
||||
},
|
||||
Requests: core.ResourceList{
|
||||
core.ResourceCPU: resource.MustParse("10"),
|
||||
},
|
||||
},
|
||||
opts: PodValidationOptions{},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range tests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if errs := ValidateResourceRequirements(&tc.requirements, path, tc.opts); len(errs) != 0 {
|
||||
t.Errorf("unexpected errors: %v", errs)
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
errTests := []struct {
|
||||
name string
|
||||
requirements core.ResourceRequirements
|
||||
opts PodValidationOptions
|
||||
}{
|
||||
{
|
||||
name: "hugepage resource without cpu or memory",
|
||||
requirements: core.ResourceRequirements{
|
||||
Limits: core.ResourceList{
|
||||
core.ResourceName(core.ResourceHugePagesPrefix + "2Mi"): resource.MustParse("2Mi"),
|
||||
},
|
||||
Requests: core.ResourceList{
|
||||
core.ResourceName(core.ResourceHugePagesPrefix + "2Mi"): resource.MustParse("2Mi"),
|
||||
},
|
||||
},
|
||||
opts: PodValidationOptions{},
|
||||
},
|
||||
}
|
||||
|
||||
for _, tc := range errTests {
|
||||
t.Run(tc.name, func(t *testing.T) {
|
||||
if errs := ValidateResourceRequirements(&tc.requirements, path, tc.opts); len(errs) == 0 {
|
||||
t.Error("expected errors")
|
||||
}
|
||||
})
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user