From 8e936b02dae1eca4dc1a3277cf516a0a1f58faf6 Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 29 Nov 2024 20:39:53 +0800 Subject: [PATCH 1/9] Enhance namespace restriction logic in informers Signed-off-by: 400Ping <43886578+400Ping@users.noreply.github.com> --- pkg/admission/informers.go | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/pkg/admission/informers.go b/pkg/admission/informers.go index 52da73648..2366a1659 100644 --- a/pkg/admission/informers.go +++ b/pkg/admission/informers.go @@ -40,17 +40,19 @@ type Informers struct { func NewInformers(kubeClient client.KubeClient, namespace string) *Informers { stopChan := make(chan struct{}) - informerFactory := informers.NewSharedInformerFactoryWithOptions(kubeClient.GetClientSet(), 0, informers.WithNamespace(namespace)) + informerFactory := informers.NewSharedInformerFactoryWithOptions( + kubeClient.GetClientSet(), + 0, + informers.WithNamespace(namespace), + ) informerFactory.Start(stopChan) - result := &Informers{ + return &Informers{ ConfigMap: informerFactory.Core().V1().ConfigMaps(), PriorityClass: informerFactory.Scheduling().V1().PriorityClasses(), Namespace: informerFactory.Core().V1().Namespaces(), stopChan: stopChan, } - - return result } func (i *Informers) Start() { From facfa3a44f3312b553e3d87de19661437d0e9017 Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 29 Nov 2024 20:40:43 +0800 Subject: [PATCH 2/9] Fix and refine namespace restriction logic and tests Signed-off-by: 400Ping <43886578+400Ping@users.noreply.github.com> --- pkg/admission/namespace_cache_test.go | 45 ++++++++++++++-------- pkg/admission/priority_class_cache_test.go | 30 +++++++++++---- pkg/cmd/admissioncontroller/main.go | 16 ++++++-- 3 files changed, 65 insertions(+), 26 deletions(-) diff --git a/pkg/admission/namespace_cache_test.go b/pkg/admission/namespace_cache_test.go index 5d9e2bcd1..25dfcdc39 100644 --- a/pkg/admission/namespace_cache_test.go +++ b/pkg/admission/namespace_cache_test.go @@ -20,16 +20,15 @@ package admission import ( "context" - "testing" - "time" - + "github.com/apache/yunikorn-k8shim/pkg/client" + "github.com/apache/yunikorn-k8shim/pkg/common/utils" "gotest.tools/v3/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "testing" + "time" - "github.com/apache/yunikorn-k8shim/pkg/client" "github.com/apache/yunikorn-k8shim/pkg/common/constants" - "github.com/apache/yunikorn-k8shim/pkg/common/utils" ) const testNS = "test-ns" @@ -69,15 +68,20 @@ func TestFlags(t *testing.T) { func TestNamespaceHandlers(t *testing.T) { kubeClient := client.NewKubeClientMock(false) - informers := NewInformers(kubeClient, "default") + // Specify the namespace for the informers to watch + namespace := "default" + informers := NewInformers(kubeClient, namespace) cache, nsErr := NewNamespaceCache(informers.Namespace) assert.NilError(t, nsErr) + + // Start the informers and ensure they stop after the test informers.Start() defer informers.Stop() - // nothing in the cache + // Ensure the cache is initially empty assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "cache should have been empty") + // Create a namespace object in the "default" namespace ns := &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: testNS, @@ -87,51 +91,62 @@ func TestNamespaceHandlers(t *testing.T) { nsInterface := kubeClient.GetClientSet().CoreV1().Namespaces() - // validate OnAdd + // Validate OnAdd _, err := nsInterface.Create(context.Background(), ns, metav1.CreateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { + // Check that the namespace exists in the cache return cache.namespaceExists(testNS) }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) - assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "cache should have contained NS") - // validate OnUpdate + // Validate OnUpdate (add YuniKorn enable annotation) ns2 := ns.DeepCopy() - ns2.Annotations = map[string]string{constants.AnnotationEnableYuniKorn: "true", - constants.AnnotationGenerateAppID: "false"} + ns2.Annotations = map[string]string{ + constants.AnnotationEnableYuniKorn: "true", + constants.AnnotationGenerateAppID: "false", + } _, err = nsInterface.Update(context.Background(), ns2, metav1.UpdateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { + // Check that the namespace has the YuniKorn annotation enabled return cache.enableYuniKorn(testNS) == TRUE }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) assert.Equal(t, FALSE, cache.generateAppID(testNS), "generate should have been set to false") + // Validate updating the generateAppID annotation ns2 = ns.DeepCopy() - ns2.Annotations = map[string]string{constants.AnnotationGenerateAppID: "true"} + ns2.Annotations = map[string]string{ + constants.AnnotationGenerateAppID: "true", + } _, err = nsInterface.Update(context.Background(), ns2, metav1.UpdateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { + // Check that the generateAppID annotation is enabled return cache.generateAppID(testNS) == TRUE }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "enable should have been cleared") - // validate OnDelete + // Validate OnDelete err = nsInterface.Delete(context.Background(), ns.Name, metav1.DeleteOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { + // Check that the namespace is removed from the cache return !cache.namespaceExists(testNS) }, 10*time.Millisecond, 5*time.Second) - assert.NilError(t, err, "ns not removed from cache") + assert.NilError(t, err, "namespace not removed from cache") + + // Validate namespace restriction + assert.Equal(t, "default", namespace, "namespace should be restricted to 'default'") } func TestGetAnnotations(t *testing.T) { diff --git a/pkg/admission/priority_class_cache_test.go b/pkg/admission/priority_class_cache_test.go index de755eb5c..d2dc0e4cd 100644 --- a/pkg/admission/priority_class_cache_test.go +++ b/pkg/admission/priority_class_cache_test.go @@ -49,53 +49,67 @@ func TestIsPreemptSelfAllowed(t *testing.T) { func TestPriorityClassHandlers(t *testing.T) { kubeClient := client.NewKubeClientMock(false) - informers := NewInformers(kubeClient, "default") + // Specify the namespace for the informers (this is still required for consistency, even if PriorityClasses are cluster-scoped) + namespace := "default" + informers := NewInformers(kubeClient, namespace) cache, pcErr := NewPriorityClassCache(informers.PriorityClass) assert.NilError(t, pcErr) + + // Start informers and ensure proper cleanup informers.Start() defer informers.Stop() - assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "non existing, should return true") + // Test behavior for a non-existing PriorityClass + assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "non-existing PriorityClass should return true by default") + // Define a PriorityClass priorityClass := &schedulingv1.PriorityClass{ ObjectMeta: metav1.ObjectMeta{ Name: testPC, }, } + // Simulate PriorityClass API interaction priorityClasses := kubeClient.GetClientSet().SchedulingV1().PriorityClasses() - // validate OnAdd + // Validate OnAdd: Add a new PriorityClass _, err := priorityClasses.Create(context.Background(), priorityClass, metav1.CreateOptions{}) assert.NilError(t, err) + // Wait until the cache reflects the new PriorityClass err = utils.WaitForCondition(func() bool { return cache.priorityClassExists(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) + assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "existing PriorityClass (not annotated) should return true") - assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "exists, not set should return true") - - // validate OnUpdate + // Validate OnUpdate: Update the PriorityClass with an annotation priorityClass2 := priorityClass.DeepCopy() - priorityClass2.Annotations = map[string]string{constants.AnnotationAllowPreemption: "false"} + priorityClass2.Annotations = map[string]string{ + constants.AnnotationAllowPreemption: "false", + } _, err = priorityClasses.Update(context.Background(), priorityClass2, metav1.UpdateOptions{}) assert.NilError(t, err) + // Wait until the cache reflects the updated PriorityClass err = utils.WaitForCondition(func() bool { return !cache.isPreemptSelfAllowed(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) - // validate OnDelete + // Validate OnDelete: Remove the PriorityClass err = priorityClasses.Delete(context.Background(), testPC, metav1.DeleteOptions{}) assert.NilError(t, err) + // Wait until the cache reflects the deleted PriorityClass err = utils.WaitForCondition(func() bool { return !cache.priorityClassExists(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) + + // Ensure proper namespace validation (though PriorityClasses are cluster-scoped, consistency matters) + assert.Equal(t, "default", namespace, "namespace should be restricted to 'default'") } func TestGetBoolAnnotation(t *testing.T) { diff --git a/pkg/cmd/admissioncontroller/main.go b/pkg/cmd/admissioncontroller/main.go index db1aa3062..8edaecdc7 100644 --- a/pkg/cmd/admissioncontroller/main.go +++ b/pkg/cmd/admissioncontroller/main.go @@ -62,12 +62,22 @@ func main() { amConf := conf.NewAdmissionControllerConf(configMaps) kubeClient := client.NewKubeClient(amConf.GetKubeConfig()) - informers := admission.NewInformers(kubeClient, amConf.GetNamespace()) + namespace := amConf.GetNamespace() + if namespace == "" { + log.Log(log.Admission).Fatal("Namespace is not configured or empty. Please specify a valid namespace.") + return + } + + log.Log(log.Admission).Info("Starting informers for namespace", zap.String("namespace", namespace)) - if hadlerErr := amConf.RegisterHandlers(informers.ConfigMap); hadlerErr != nil { - log.Log(log.Admission).Fatal("Failed to register handlers", zap.Error(hadlerErr)) + informers := admission.NewInformers(kubeClient, namespace) + + // Register ConfigMap handlers + if handlerErr := amConf.RegisterHandlers(informers.ConfigMap); handlerErr != nil { + log.Log(log.Admission).Fatal("Failed to register handlers", zap.Error(handlerErr)) return } + pcCache, pcErr := admission.NewPriorityClassCache(informers.PriorityClass) if pcErr != nil { log.Log(log.Admission).Fatal("Failed to create new priority class cache", zap.Error(pcErr)) From 380a2577b7ef84b070170167949b8d654dfa3994 Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Sat, 30 Nov 2024 10:04:34 +0800 Subject: [PATCH 3/9] Change imports back Signed-off-by: 400Ping <43886578+400Ping@users.noreply.github.com> --- pkg/admission/namespace_cache_test.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pkg/admission/namespace_cache_test.go b/pkg/admission/namespace_cache_test.go index 25dfcdc39..ea324b756 100644 --- a/pkg/admission/namespace_cache_test.go +++ b/pkg/admission/namespace_cache_test.go @@ -20,15 +20,16 @@ package admission import ( "context" - "github.com/apache/yunikorn-k8shim/pkg/client" - "github.com/apache/yunikorn-k8shim/pkg/common/utils" + "testing" + "time" + "gotest.tools/v3/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "testing" - "time" + "github.com/apache/yunikorn-k8shim/pkg/client" "github.com/apache/yunikorn-k8shim/pkg/common/constants" + "github.com/apache/yunikorn-k8shim/pkg/common/utils" ) const testNS = "test-ns" From 4a0fb284682374985682e2b9e50e279b27a1237a Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 20:51:37 +0800 Subject: [PATCH 4/9] Revert "Change imports back" This reverts commit 380a2577b7ef84b070170167949b8d654dfa3994. --- pkg/admission/namespace_cache_test.go | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkg/admission/namespace_cache_test.go b/pkg/admission/namespace_cache_test.go index ea324b756..25dfcdc39 100644 --- a/pkg/admission/namespace_cache_test.go +++ b/pkg/admission/namespace_cache_test.go @@ -20,16 +20,15 @@ package admission import ( "context" - "testing" - "time" - + "github.com/apache/yunikorn-k8shim/pkg/client" + "github.com/apache/yunikorn-k8shim/pkg/common/utils" "gotest.tools/v3/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "testing" + "time" - "github.com/apache/yunikorn-k8shim/pkg/client" "github.com/apache/yunikorn-k8shim/pkg/common/constants" - "github.com/apache/yunikorn-k8shim/pkg/common/utils" ) const testNS = "test-ns" From f303f6754989219edd779fbdf190008eae38e45c Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 20:52:09 +0800 Subject: [PATCH 5/9] Revert "Fix and refine namespace restriction logic and tests" This reverts commit facfa3a44f3312b553e3d87de19661437d0e9017. :igit push origin YUNIKORN-2850 --- pkg/admission/namespace_cache_test.go | 45 ++++++++-------------- pkg/admission/priority_class_cache_test.go | 30 ++++----------- pkg/cmd/admissioncontroller/main.go | 16 ++------ 3 files changed, 26 insertions(+), 65 deletions(-) diff --git a/pkg/admission/namespace_cache_test.go b/pkg/admission/namespace_cache_test.go index 25dfcdc39..5d9e2bcd1 100644 --- a/pkg/admission/namespace_cache_test.go +++ b/pkg/admission/namespace_cache_test.go @@ -20,15 +20,16 @@ package admission import ( "context" - "github.com/apache/yunikorn-k8shim/pkg/client" - "github.com/apache/yunikorn-k8shim/pkg/common/utils" + "testing" + "time" + "gotest.tools/v3/assert" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "testing" - "time" + "github.com/apache/yunikorn-k8shim/pkg/client" "github.com/apache/yunikorn-k8shim/pkg/common/constants" + "github.com/apache/yunikorn-k8shim/pkg/common/utils" ) const testNS = "test-ns" @@ -68,20 +69,15 @@ func TestFlags(t *testing.T) { func TestNamespaceHandlers(t *testing.T) { kubeClient := client.NewKubeClientMock(false) - // Specify the namespace for the informers to watch - namespace := "default" - informers := NewInformers(kubeClient, namespace) + informers := NewInformers(kubeClient, "default") cache, nsErr := NewNamespaceCache(informers.Namespace) assert.NilError(t, nsErr) - - // Start the informers and ensure they stop after the test informers.Start() defer informers.Stop() - // Ensure the cache is initially empty + // nothing in the cache assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "cache should have been empty") - // Create a namespace object in the "default" namespace ns := &v1.Namespace{ ObjectMeta: metav1.ObjectMeta{ Name: testNS, @@ -91,62 +87,51 @@ func TestNamespaceHandlers(t *testing.T) { nsInterface := kubeClient.GetClientSet().CoreV1().Namespaces() - // Validate OnAdd + // validate OnAdd _, err := nsInterface.Create(context.Background(), ns, metav1.CreateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { - // Check that the namespace exists in the cache return cache.namespaceExists(testNS) }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) + assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "cache should have contained NS") - // Validate OnUpdate (add YuniKorn enable annotation) + // validate OnUpdate ns2 := ns.DeepCopy() - ns2.Annotations = map[string]string{ - constants.AnnotationEnableYuniKorn: "true", - constants.AnnotationGenerateAppID: "false", - } + ns2.Annotations = map[string]string{constants.AnnotationEnableYuniKorn: "true", + constants.AnnotationGenerateAppID: "false"} _, err = nsInterface.Update(context.Background(), ns2, metav1.UpdateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { - // Check that the namespace has the YuniKorn annotation enabled return cache.enableYuniKorn(testNS) == TRUE }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) assert.Equal(t, FALSE, cache.generateAppID(testNS), "generate should have been set to false") - // Validate updating the generateAppID annotation ns2 = ns.DeepCopy() - ns2.Annotations = map[string]string{ - constants.AnnotationGenerateAppID: "true", - } + ns2.Annotations = map[string]string{constants.AnnotationGenerateAppID: "true"} _, err = nsInterface.Update(context.Background(), ns2, metav1.UpdateOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { - // Check that the generateAppID annotation is enabled return cache.generateAppID(testNS) == TRUE }, 10*time.Millisecond, 5*time.Second) assert.NilError(t, err) assert.Equal(t, UNSET, cache.enableYuniKorn(testNS), "enable should have been cleared") - // Validate OnDelete + // validate OnDelete err = nsInterface.Delete(context.Background(), ns.Name, metav1.DeleteOptions{}) assert.NilError(t, err) err = utils.WaitForCondition(func() bool { - // Check that the namespace is removed from the cache return !cache.namespaceExists(testNS) }, 10*time.Millisecond, 5*time.Second) - assert.NilError(t, err, "namespace not removed from cache") - - // Validate namespace restriction - assert.Equal(t, "default", namespace, "namespace should be restricted to 'default'") + assert.NilError(t, err, "ns not removed from cache") } func TestGetAnnotations(t *testing.T) { diff --git a/pkg/admission/priority_class_cache_test.go b/pkg/admission/priority_class_cache_test.go index d2dc0e4cd..de755eb5c 100644 --- a/pkg/admission/priority_class_cache_test.go +++ b/pkg/admission/priority_class_cache_test.go @@ -49,67 +49,53 @@ func TestIsPreemptSelfAllowed(t *testing.T) { func TestPriorityClassHandlers(t *testing.T) { kubeClient := client.NewKubeClientMock(false) - // Specify the namespace for the informers (this is still required for consistency, even if PriorityClasses are cluster-scoped) - namespace := "default" - informers := NewInformers(kubeClient, namespace) + informers := NewInformers(kubeClient, "default") cache, pcErr := NewPriorityClassCache(informers.PriorityClass) assert.NilError(t, pcErr) - - // Start informers and ensure proper cleanup informers.Start() defer informers.Stop() - // Test behavior for a non-existing PriorityClass - assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "non-existing PriorityClass should return true by default") + assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "non existing, should return true") - // Define a PriorityClass priorityClass := &schedulingv1.PriorityClass{ ObjectMeta: metav1.ObjectMeta{ Name: testPC, }, } - // Simulate PriorityClass API interaction priorityClasses := kubeClient.GetClientSet().SchedulingV1().PriorityClasses() - // Validate OnAdd: Add a new PriorityClass + // validate OnAdd _, err := priorityClasses.Create(context.Background(), priorityClass, metav1.CreateOptions{}) assert.NilError(t, err) - // Wait until the cache reflects the new PriorityClass err = utils.WaitForCondition(func() bool { return cache.priorityClassExists(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) - assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "existing PriorityClass (not annotated) should return true") - // Validate OnUpdate: Update the PriorityClass with an annotation + assert.Assert(t, cache.isPreemptSelfAllowed(testPC), "exists, not set should return true") + + // validate OnUpdate priorityClass2 := priorityClass.DeepCopy() - priorityClass2.Annotations = map[string]string{ - constants.AnnotationAllowPreemption: "false", - } + priorityClass2.Annotations = map[string]string{constants.AnnotationAllowPreemption: "false"} _, err = priorityClasses.Update(context.Background(), priorityClass2, metav1.UpdateOptions{}) assert.NilError(t, err) - // Wait until the cache reflects the updated PriorityClass err = utils.WaitForCondition(func() bool { return !cache.isPreemptSelfAllowed(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) - // Validate OnDelete: Remove the PriorityClass + // validate OnDelete err = priorityClasses.Delete(context.Background(), testPC, metav1.DeleteOptions{}) assert.NilError(t, err) - // Wait until the cache reflects the deleted PriorityClass err = utils.WaitForCondition(func() bool { return !cache.priorityClassExists(testPC) }, 10*time.Millisecond, 10*time.Second) assert.NilError(t, err) - - // Ensure proper namespace validation (though PriorityClasses are cluster-scoped, consistency matters) - assert.Equal(t, "default", namespace, "namespace should be restricted to 'default'") } func TestGetBoolAnnotation(t *testing.T) { diff --git a/pkg/cmd/admissioncontroller/main.go b/pkg/cmd/admissioncontroller/main.go index 8edaecdc7..db1aa3062 100644 --- a/pkg/cmd/admissioncontroller/main.go +++ b/pkg/cmd/admissioncontroller/main.go @@ -62,22 +62,12 @@ func main() { amConf := conf.NewAdmissionControllerConf(configMaps) kubeClient := client.NewKubeClient(amConf.GetKubeConfig()) - namespace := amConf.GetNamespace() - if namespace == "" { - log.Log(log.Admission).Fatal("Namespace is not configured or empty. Please specify a valid namespace.") - return - } - - log.Log(log.Admission).Info("Starting informers for namespace", zap.String("namespace", namespace)) + informers := admission.NewInformers(kubeClient, amConf.GetNamespace()) - informers := admission.NewInformers(kubeClient, namespace) - - // Register ConfigMap handlers - if handlerErr := amConf.RegisterHandlers(informers.ConfigMap); handlerErr != nil { - log.Log(log.Admission).Fatal("Failed to register handlers", zap.Error(handlerErr)) + if hadlerErr := amConf.RegisterHandlers(informers.ConfigMap); hadlerErr != nil { + log.Log(log.Admission).Fatal("Failed to register handlers", zap.Error(hadlerErr)) return } - pcCache, pcErr := admission.NewPriorityClassCache(informers.PriorityClass) if pcErr != nil { log.Log(log.Admission).Fatal("Failed to create new priority class cache", zap.Error(pcErr)) From 6451cfb455ac9e0142342d5bea5c5a90074b903a Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 20:53:09 +0800 Subject: [PATCH 6/9] Revert "Enhance namespace restriction logic in informers" This reverts commit 8e936b02dae1eca4dc1a3277cf516a0a1f58faf6. --- pkg/admission/informers.go | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/pkg/admission/informers.go b/pkg/admission/informers.go index 2366a1659..52da73648 100644 --- a/pkg/admission/informers.go +++ b/pkg/admission/informers.go @@ -40,19 +40,17 @@ type Informers struct { func NewInformers(kubeClient client.KubeClient, namespace string) *Informers { stopChan := make(chan struct{}) - informerFactory := informers.NewSharedInformerFactoryWithOptions( - kubeClient.GetClientSet(), - 0, - informers.WithNamespace(namespace), - ) + informerFactory := informers.NewSharedInformerFactoryWithOptions(kubeClient.GetClientSet(), 0, informers.WithNamespace(namespace)) informerFactory.Start(stopChan) - return &Informers{ + result := &Informers{ ConfigMap: informerFactory.Core().V1().ConfigMaps(), PriorityClass: informerFactory.Scheduling().V1().PriorityClasses(), Namespace: informerFactory.Core().V1().Namespaces(), stopChan: stopChan, } + + return result } func (i *Informers) Start() { From 06179ea64bf017b4c20cab84c0c3ba59f2a34d30 Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 20:59:49 +0800 Subject: [PATCH 7/9] Restrict ConfigMap informer to specific namespace Signed-off-by: 400Ping <43886578+400Ping@users.noreply.github.com> --- pkg/shim/scheduler.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/shim/scheduler.go b/pkg/shim/scheduler.go index 291083f4f..4a60adfc4 100644 --- a/pkg/shim/scheduler.go +++ b/pkg/shim/scheduler.go @@ -67,7 +67,7 @@ func NewShimScheduler(scheduler api.SchedulerAPI, configs *conf.SchedulerConf, b kubeClient := client.NewKubeClient(configs.KubeConfig) // we have disabled re-sync to keep ourselves up-to-date - informerFactory := informers.NewSharedInformerFactory(kubeClient.GetClientSet(), 0) + informerFactory := informers.NewSharedInformerFactoryWithOptions(kubeClient.GetClientSet(), 0, informers.WithNamespace(configs.Namespace)) apiFactory := client.NewAPIFactory(scheduler, informerFactory, configs, false) context := cache.NewContextWithBootstrapConfigMaps(apiFactory, bootstrapConfigMaps) From 644e2bd9aaa91b77788dfcefdda31fa70b8317f7 Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 21:01:20 +0800 Subject: [PATCH 8/9] Add prints to check namespace Signed-off-by: 400Ping <43886578+400Ping@users.noreply.github.com> --- pkg/cache/context.go | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/cache/context.go b/pkg/cache/context.go index 28cac93f5..bf209211a 100644 --- a/pkg/cache/context.go +++ b/pkg/cache/context.go @@ -472,9 +472,15 @@ func (ctx *Context) deleteForeignPod(pod *v1.Pod) { func (ctx *Context) filterConfigMaps(obj interface{}) bool { switch obj := obj.(type) { case *v1.ConfigMap: + fmt.Printf("Received ConfigMap: Name=%s, Namespace=%s\n", obj.Name, obj.Namespace) + return (obj.Name == constants.DefaultConfigMapName || obj.Name == constants.ConfigMapName) && obj.Namespace == ctx.namespace case cache.DeletedFinalStateUnknown: - return ctx.filterConfigMaps(obj.Obj) + if cm, ok := obj.Obj.(*v1.ConfigMap); ok { + fmt.Printf("Deleted ConfigMap: Name=%s, Namespace=%s\n", cm.Name, cm.Namespace) + return ctx.filterConfigMaps(cm) + } + return false default: return false } From 0c529a28fb6b80f79ba059006ddb0888ac99ea0c Mon Sep 17 00:00:00 2001 From: 400Ping <43886578+400Ping@users.noreply.github.com> Date: Fri, 6 Dec 2024 21:21:12 +0800 Subject: [PATCH 9/9] Revert "Add prints to check namespace" This reverts commit 644e2bd9aaa91b77788dfcefdda31fa70b8317f7. --- pkg/cache/context.go | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/pkg/cache/context.go b/pkg/cache/context.go index bf209211a..28cac93f5 100644 --- a/pkg/cache/context.go +++ b/pkg/cache/context.go @@ -472,15 +472,9 @@ func (ctx *Context) deleteForeignPod(pod *v1.Pod) { func (ctx *Context) filterConfigMaps(obj interface{}) bool { switch obj := obj.(type) { case *v1.ConfigMap: - fmt.Printf("Received ConfigMap: Name=%s, Namespace=%s\n", obj.Name, obj.Namespace) - return (obj.Name == constants.DefaultConfigMapName || obj.Name == constants.ConfigMapName) && obj.Namespace == ctx.namespace case cache.DeletedFinalStateUnknown: - if cm, ok := obj.Obj.(*v1.ConfigMap); ok { - fmt.Printf("Deleted ConfigMap: Name=%s, Namespace=%s\n", cm.Name, cm.Namespace) - return ctx.filterConfigMaps(cm) - } - return false + return ctx.filterConfigMaps(obj.Obj) default: return false }