koord-manager: forbid use internal statements

Signed-off-by: acejilam <acejilam@gmail.com>
koordinator-sh · Feb 21, 2024 · f90d4a1 · f90d4a1
1 parent b634779
commit f90d4a1
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 0 deletions.
diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile.go b/pkg/webhook/pod/validating/cluster_colocation_profile.go
@@ -55,6 +55,7 @@ func (h *PodValidatingHandler) clusterColocationProfileValidatingPod(ctx context
 	}
 
 	allErrs = append(allErrs, validateRequiredQoSClass(newPod)...)
+	allErrs = append(allErrs, forbidReservationAnnotations(newPod)...)
 	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSBE, extension.PriorityNone, extension.PriorityProd)...)
 	allErrs = append(allErrs, forbidSpecialQoSClassAndPriorityClass(newPod, extension.QoSLSR, extension.PriorityNone, extension.PriorityMid, extension.PriorityBatch, extension.PriorityFree)...)
 	allErrs = append(allErrs, validateResources(newPod)...)
@@ -68,6 +69,16 @@ func (h *PodValidatingHandler) clusterColocationProfileValidatingPod(ctx context
 	return allowed, reason, nil
 }
 
+func forbidReservationAnnotations(pod *corev1.Pod) field.ErrorList {
+	if pod.Annotations == nil {
+		return nil
+	}
+	if _, ok := pod.Annotations[extension.AnnotationReservationAllocated]; ok {
+		return field.ErrorList{field.Required(field.NewPath("annotations", extension.AnnotationReservationAllocated), "cannot specify reservation allocated in annotations")}
+	}
+	return nil
+}
+
 func validateRequiredQoSClass(pod *corev1.Pod) field.ErrorList {
 	request := util.GetPodRequest(pod)
 	batchCPUQuantity := request[extension.BatchCPU]

diff --git a/pkg/webhook/pod/validating/cluster_colocation_profile_test.go b/pkg/webhook/pod/validating/cluster_colocation_profile_test.go
@@ -443,6 +443,19 @@ func TestClusterColocationProfileValidatingPod(t *testing.T) {
 			wantAllowed: false,
 			wantReason:  `pod.spec.containers[*].resources.requests: Invalid value: "100m": the requested CPUs of LSR Pod must be integer`,
 		},
+		{
+			name:      "forbidden resources annotations",
+			operation: admissionv1.Create,
+			newPod: &corev1.Pod{
+				ObjectMeta: metav1.ObjectMeta{
+					Annotations: map[string]string{
+						extension.AnnotationReservationAllocated: "",
+					},
+				},
+			},
+			wantAllowed: false,
+			wantReason:  `annotations.scheduling.koordinator.sh/reservation-allocated: Required value: cannot specify reservation allocated in annotations`,
+		},
 	}
 
 	for _, tt := range tests {