From c5b35bd199229684a4e0613fe67da64db975ef84 Mon Sep 17 00:00:00 2001 From: Garrybest Date: Fri, 29 Jul 2022 21:06:25 +0800 Subject: [PATCH] add default tolerations for pp and cpp Signed-off-by: Garrybest --- cmd/webhook/app/options/options.go | 7 ++++ cmd/webhook/app/webhook.go | 6 ++- pkg/util/helper/taint.go | 40 +++++++++++++++++++ .../clusterpropagationpolicy/mutating.go | 13 ++++++ pkg/webhook/propagationpolicy/mutating.go | 13 ++++++ 5 files changed, 77 insertions(+), 2 deletions(-) diff --git a/cmd/webhook/app/options/options.go b/cmd/webhook/app/options/options.go index d9d7ef351..ff253f463 100644 --- a/cmd/webhook/app/options/options.go +++ b/cmd/webhook/app/options/options.go @@ -47,6 +47,9 @@ type Options struct { // Defaults to ":8000". HealthProbeBindAddress string + DefaultNotReadyTolerationSeconds int64 + DefaultUnreachableTolerationSeconds int64 + ProfileOpts profileflag.Options } @@ -73,5 +76,9 @@ func (o *Options) AddFlags(flags *pflag.FlagSet) { flags.StringVar(&o.MetricsBindAddress, "metrics-bind-address", ":8080", "The TCP address that the controller should bind to for serving prometheus metrics(e.g. 127.0.0.1:8088, :8088)") flags.StringVar(&o.HealthProbeBindAddress, "health-probe-bind-address", ":8000", "The TCP address that the controller should bind to for serving health probes(e.g. 127.0.0.1:8000, :8000)") + // webhook flags + flags.Int64Var(&o.DefaultNotReadyTolerationSeconds, "default-not-ready-toleration-seconds", 300, "Indicates the tolerationSeconds of the propagation policy toleration for notReady:NoExecute that is added by default to every propagation policy that does not already have such a toleration.") + flags.Int64Var(&o.DefaultUnreachableTolerationSeconds, "default-unreachable-toleration-seconds", 300, "Indicates the tolerationSeconds of the propagation policy toleration for unreachable:NoExecute that is added by default to every propagation policy that does not already have such a toleration.") + o.ProfileOpts.AddFlags(flags) } diff --git a/cmd/webhook/app/webhook.go b/cmd/webhook/app/webhook.go index b1b56e92c..a9140c80b 100644 --- a/cmd/webhook/app/webhook.go +++ b/cmd/webhook/app/webhook.go @@ -111,9 +111,11 @@ func Run(ctx context.Context, opts *options.Options) error { klog.Info("registering webhooks to the webhook server") hookServer := hookManager.GetWebhookServer() - hookServer.Register("/mutate-propagationpolicy", &webhook.Admission{Handler: &propagationpolicy.MutatingAdmission{}}) + hookServer.Register("/mutate-propagationpolicy", &webhook.Admission{Handler: propagationpolicy.NewMutatingHandler( + opts.DefaultNotReadyTolerationSeconds, opts.DefaultUnreachableTolerationSeconds)}) hookServer.Register("/validate-propagationpolicy", &webhook.Admission{Handler: &propagationpolicy.ValidatingAdmission{}}) - hookServer.Register("/mutate-clusterpropagationpolicy", &webhook.Admission{Handler: &clusterpropagationpolicy.MutatingAdmission{}}) + hookServer.Register("/mutate-clusterpropagationpolicy", &webhook.Admission{Handler: clusterpropagationpolicy.NewMutatingHandler( + opts.DefaultNotReadyTolerationSeconds, opts.DefaultUnreachableTolerationSeconds)}) hookServer.Register("/validate-clusterpropagationpolicy", &webhook.Admission{Handler: &clusterpropagationpolicy.ValidatingAdmission{}}) hookServer.Register("/mutate-overridepolicy", &webhook.Admission{Handler: &overridepolicy.MutatingAdmission{}}) hookServer.Register("/validate-overridepolicy", &webhook.Admission{Handler: &overridepolicy.ValidatingAdmission{}}) diff --git a/pkg/util/helper/taint.go b/pkg/util/helper/taint.go index ac35a801f..5eab8b0cf 100644 --- a/pkg/util/helper/taint.go +++ b/pkg/util/helper/taint.go @@ -9,6 +9,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1" + policyv1alpha1 "github.com/karmada-io/karmada/pkg/apis/policy/v1alpha1" ) // TaintExists checks if the given taint exists in list of taints. Returns true if exists false otherwise. @@ -21,6 +22,16 @@ func TaintExists(taints []corev1.Taint, taintToFind *corev1.Taint) bool { return false } +// TolerationExists checks if the given toleration exists in list of tolerations. Returns true if exists false otherwise. +func TolerationExists(tolerations []corev1.Toleration, tolerationToFind *corev1.Toleration) bool { + for _, toleration := range tolerations { + if toleration.MatchToleration(tolerationToFind) { + return true + } + } + return false +} + // UpdateClusterControllerTaint add and remove some taints. func UpdateClusterControllerTaint(ctx context.Context, client client.Client, taintsToAdd, taintsToRemove []*corev1.Taint, cluster *clusterv1alpha1.Cluster) error { var clusterTaintsToAdd, clusterTaintsToRemove []corev1.Taint @@ -62,6 +73,15 @@ func UpdateClusterControllerTaint(ctx context.Context, client client.Client, tai return client.Update(ctx, cluster) } +// AddTolerations add some tolerations if not existed. +func AddTolerations(placement *policyv1alpha1.Placement, tolerationsToAdd ...*corev1.Toleration) { + for _, tolerationToAdd := range tolerationsToAdd { + if !TolerationExists(placement.ClusterTolerations, tolerationToAdd) { + placement.ClusterTolerations = append(placement.ClusterTolerations, *tolerationToAdd) + } + } +} + // HasNoExecuteTaints check if NoExecute taints exist. func HasNoExecuteTaints(taints []corev1.Taint) bool { for i := range taints { @@ -156,3 +176,23 @@ func GetMatchingTolerations(taints []corev1.Taint, tolerations []corev1.Tolerati } return true, result } + +// NewNotReadyToleration returns a default not ready toleration. +func NewNotReadyToleration(tolerationSeconds int64) *corev1.Toleration { + return &corev1.Toleration{ + Key: clusterv1alpha1.TaintClusterNotReady, + Operator: corev1.TolerationOpExists, + Effect: corev1.TaintEffectNoExecute, + TolerationSeconds: &tolerationSeconds, + } +} + +// NewUnreachableToleration returns a default unreachable toleration. +func NewUnreachableToleration(tolerationSeconds int64) *corev1.Toleration { + return &corev1.Toleration{ + Key: clusterv1alpha1.TaintClusterUnreachable, + Operator: corev1.TolerationOpExists, + Effect: corev1.TaintEffectNoExecute, + TolerationSeconds: &tolerationSeconds, + } +} diff --git a/pkg/webhook/clusterpropagationpolicy/mutating.go b/pkg/webhook/clusterpropagationpolicy/mutating.go index bb5ad545b..7d1060ff6 100644 --- a/pkg/webhook/clusterpropagationpolicy/mutating.go +++ b/pkg/webhook/clusterpropagationpolicy/mutating.go @@ -16,12 +16,23 @@ import ( // MutatingAdmission mutates API request if necessary. type MutatingAdmission struct { decoder *admission.Decoder + + DefaultNotReadyTolerationSeconds int64 + DefaultUnreachableTolerationSeconds int64 } // Check if our MutatingAdmission implements necessary interface var _ admission.Handler = &MutatingAdmission{} var _ admission.DecoderInjector = &MutatingAdmission{} +// NewMutatingHandler builds a new admission.Handler. +func NewMutatingHandler(notReadyTolerationSeconds, unreachableTolerationSeconds int64) admission.Handler { + return &MutatingAdmission{ + DefaultNotReadyTolerationSeconds: notReadyTolerationSeconds, + DefaultUnreachableTolerationSeconds: unreachableTolerationSeconds, + } +} + // Handle yields a response to an AdmissionRequest. func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) admission.Response { policy := &policyv1alpha1.ClusterPropagationPolicy{} @@ -33,6 +44,8 @@ func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) a // Set default spread constraints if both 'SpreadByField' and 'SpreadByLabel' not set. helper.SetDefaultSpreadConstraints(policy.Spec.Placement.SpreadConstraints) + helper.AddTolerations(&policy.Spec.Placement, helper.NewNotReadyToleration(a.DefaultNotReadyTolerationSeconds), + helper.NewUnreachableToleration(a.DefaultUnreachableTolerationSeconds)) if len(policy.Name) > validation.LabelValueMaxLength { return admission.Errored(http.StatusBadRequest, fmt.Errorf("ClusterPropagationPolicy's name should be no more than %d characters", validation.LabelValueMaxLength)) diff --git a/pkg/webhook/propagationpolicy/mutating.go b/pkg/webhook/propagationpolicy/mutating.go index 98ef640a4..afef17ba4 100644 --- a/pkg/webhook/propagationpolicy/mutating.go +++ b/pkg/webhook/propagationpolicy/mutating.go @@ -17,12 +17,23 @@ import ( // MutatingAdmission mutates API request if necessary. type MutatingAdmission struct { decoder *admission.Decoder + + DefaultNotReadyTolerationSeconds int64 + DefaultUnreachableTolerationSeconds int64 } // Check if our MutatingAdmission implements necessary interface var _ admission.Handler = &MutatingAdmission{} var _ admission.DecoderInjector = &MutatingAdmission{} +// NewMutatingHandler builds a new admission.Handler. +func NewMutatingHandler(notReadyTolerationSeconds, unreachableTolerationSeconds int64) admission.Handler { + return &MutatingAdmission{ + DefaultNotReadyTolerationSeconds: notReadyTolerationSeconds, + DefaultUnreachableTolerationSeconds: unreachableTolerationSeconds, + } +} + // Handle yields a response to an AdmissionRequest. func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) admission.Response { policy := &policyv1alpha1.PropagationPolicy{} @@ -46,6 +57,8 @@ func (a *MutatingAdmission) Handle(ctx context.Context, req admission.Request) a } // Set default spread constraints if both 'SpreadByField' and 'SpreadByLabel' not set. helper.SetDefaultSpreadConstraints(policy.Spec.Placement.SpreadConstraints) + helper.AddTolerations(&policy.Spec.Placement, helper.NewNotReadyToleration(a.DefaultNotReadyTolerationSeconds), + helper.NewUnreachableToleration(a.DefaultUnreachableTolerationSeconds)) addedResourceSelectors := helper.GetFollowedResourceSelectorsWhenMatchServiceImport(policy.Spec.ResourceSelectors) if addedResourceSelectors != nil {