Bug 1367733

Summary: Could not create other resources successfully when clusterquota was created with one resource exceeding the limit
Product: OpenShift Container Platform Reporter: Yanping Zhang <yanpzhan>
Component: NodeAssignee: Derek Carr <decarr>
Status: CLOSED ERRATA QA Contact: DeShuai Ma <dma>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.3.0CC: agoldste, aos-bugs, eparis, jokerman, mmccomas, tdawson
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-09-27 09:44:41 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Yanping Zhang 2016-08-17 10:40:14 UTC 
Description of problem:
When the project has some resources already, eg has 4 services, cluster-admin still can create clusterquota which the limit of this resource is less than consumed, eg, 3 services
In this situation, if user tried to create other resources which do not exceed the clusterquota, it always failed.


Version-Release number of selected component (if applicable):
openshift v3.3.0.21
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git


How reproducible:
Always

Steps to Reproduce:
1.Create some resources in project, eg. 4 services.
2.Add label to this project.
# oc label namespace/prozyp test=zyp
namespace "prozyp" labeled

3.Create clusterquota to limit the project.
# oc create clusterresourcequota clusterquota --project-label-selector=test=zyp --hard=pods=10,memory=1Gi,cpu=800m,services=3
# oc describe clusterquota clusterquota

4.In the project create pod that doesn't exceed the clusterquota.
# oc run testpod2 --image=aosqe/hello-openshift --generator=run-pod/v1 --limits='cpu=100m,memory=200Mi'

Actual results:
3.CLusterquota is created successfully.
# oc create clusterresourcequota clusterquota --project-label-selector=test=zyp --hard=pods=10,memory=1Gi,cpu=800m,services=3
clusterresourcequota "clusterquota" created
# oc describe clusterquota clusterquota
Name:		clusterquota
Namespace:	<none>
Created:	4 minutes ago
Labels:		<none>
Annotations:	<none>
Label Selector: test=zyp
AnnotationSelector: map[]
Resource	Used	Hard
--------	----	----
cpu		400m	800m
memory		600Mi	1Gi
pods		3	10
services	4	3

4.Could not create pod successfully.
# oc run testpod2 --image=aosqe/hello-openshift --generator=run-pod/v1 --limits='cpu=100m,memory=200Mi'
Error from server: pods "testpod2" is forbidden: Exceeded quota: clusterquota, requested: , used: services=4, limited: services=3


Expected results:
4.If clusterquota can be created successfully in above situation, it should not forbid the creation of resources which don't exceed the quota, so the pod should be created successfully.

Additional info:
Comment 1 Derek Carr 2016-08-17 18:36:20 UTC 
This impacts project and cluster-quota.

The check should be to verify that the LessThanOrEqual check is only performed on the masked delta usage not the summed new usage across all resources.
Comment 2 Derek Carr 2016-08-17 19:06:27 UTC 
Upstream PR:
https://github.com/kubernetes/kubernetes/pull/30796
Comment 3 Derek Carr 2016-08-17 20:43:53 UTC 
Origin PR:
https://github.com/openshift/origin/pull/10493
Comment 4 Troy Dawson 2016-08-19 20:57:51 UTC 
This has been merged into ose and is in OSE v3.3.0.23 or newer.
Comment 6 Yanping Zhang 2016-08-22 04:08:10 UTC 
Checked on ocp v3.3.0.23.
oc v3.3.0.23-dirty
openshift v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git

Now could create other resources in project when clusterquota was created with one resource exceeding the limits.
Comment 8 errata-xmlrpc 2016-09-27 09:44:41 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:1933