From 2cceb8d95b2d99a757d77fc765c96c12da851fc6 Mon Sep 17 00:00:00 2001 From: huangyanfeng Date: Thu, 18 Jul 2024 10:16:13 +0800 Subject: [PATCH] Skip cluster removal if already scheduled and API enablements are incomplete to prevent accidental removal. Signed-off-by: huangyanfeng --- .../plugins/apienablement/api_enablement.go | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/pkg/scheduler/framework/plugins/apienablement/api_enablement.go b/pkg/scheduler/framework/plugins/apienablement/api_enablement.go index 15d32ab35951..791180f639e4 100644 --- a/pkg/scheduler/framework/plugins/apienablement/api_enablement.go +++ b/pkg/scheduler/framework/plugins/apienablement/api_enablement.go @@ -19,6 +19,7 @@ package apienablement import ( "context" + "k8s.io/apimachinery/pkg/api/meta" "k8s.io/klog/v2" clusterv1alpha1 "github.com/karmada-io/karmada/pkg/apis/cluster/v1alpha1" @@ -54,10 +55,19 @@ func (p *APIEnablement) Filter( _ *workv1alpha2.ResourceBindingStatus, cluster *clusterv1alpha1.Cluster, ) *framework.Result { - if !helper.IsAPIEnabled(cluster.Status.APIEnablements, bindingSpec.Resource.APIVersion, bindingSpec.Resource.Kind) { - klog.V(2).Infof("Cluster(%s) not fit as missing API(%s, kind=%s)", cluster.Name, bindingSpec.Resource.APIVersion, bindingSpec.Resource.Kind) - return framework.NewResult(framework.Unschedulable, "cluster(s) did not have the API resource") + if helper.IsAPIEnabled(cluster.Status.APIEnablements, bindingSpec.Resource.APIVersion, bindingSpec.Resource.Kind) { + return framework.NewResult(framework.Success) } - return framework.NewResult(framework.Success) + // Let the cluster pass if it is already on the list of schedule result and the cluster's + // API enablements is incomplete, to avoid the issue that cluster be accidentally removed + // due to untrusted API enablements. + if bindingSpec.TargetContains(cluster.Name) && + !meta.IsStatusConditionTrue(cluster.Status.Conditions, clusterv1alpha1.ClusterConditionCompleteAPIEnablements) { + return framework.NewResult(framework.Success) + } + + klog.V(2).Infof("Cluster(%s) not fit as missing API(%s, kind=%s)", cluster.Name, bindingSpec.Resource.APIVersion, bindingSpec.Resource.Kind) + + return framework.NewResult(framework.Unschedulable, "cluster(s) did not have the API resource") }