-
Notifications
You must be signed in to change notification settings - Fork 450
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add ResourceQuota admission plugin #2627
Conversation
/invite @mvladev |
I still recall the time when @rfranzke wanted to update to the latest K8S version only to give up after spending an entire day trying. I managed to do it in only 5 hours. I would like to avoid I would rather have a discussion with
|
Another thing which would help us reduce the blast radius of having |
Thanks for your input @mvladev. Moving the resource quota capabilities to |
I just had a quick view and I don't thing that moving that would be a viable approach - the |
eb0352b
to
3155875
Compare
3155875
to
ec1bb4e
Compare
Update: I've removed the general dependency to "k8s.io/kubernetes" and instead copied the necessary logic for the quota admission plugin to |
I separated the steps (adding the admission plugin + copying K8s sources) into two commits to make reviewing easier. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Thanks for all your great work here, well done!
/second-opinion |
ec1bb4e
to
03d5ca6
Compare
PR update after discussing with @timebertt:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, @timuthy!
No further comments from my side. Tested it locally, worked perfectly fine :)
/lgtm
@timuthy @rfranzke
When I set the k/k dep in
|
Sorry about that @timebertt. The |
Thanks for taking care! 😄 |
How to categorize this PR?
/area robustness
/kind enhancement
/priority normal
What this PR does / why we need it:
This PR adds the ResourceQuota admission plugin to the Gardener API server. For the beginning, it supports a simple "object count" quota for API groups that are handled by the Gardener API server (e.g. shoots, seeds, secretbindings, etc.).
Example quota:
Please make sure the Kube-Controller-Manager of your Gardener cluster runs with the
resourcequota
controller. It is responsible for decrementing the count in case of a deletion.Which issue(s) this PR fixes:
Fixes partly #1650
Special notes for your reviewer:
this PR introduces a dependency tok8s.io/kubernetes
. I kindly ask for your opinion if and why you see any perils of having this dependency (esp. /cc @mvladev @ialidzhikov @rfranzke).this PR copies the necessary logic from
k8s.io/kubernetes
to/third_party/fork/kubernetes
instead of defining a general dependency tok8s.io/kubernetes
which turned out to be problematic due to maintainability reasons (thanks @mvladev @rfranzke). This copy can be removed as soon as we vendor the sources to Kubernetes v1.20.x because of Move ResourceQuota admission to k8s.io/apiserver lib kubernetes/kubernetes#93537.Release note: