Bug 1367733 - Could not create other resources successfully when clusterquota was created with one resource exceeding the limit
Summary: Could not create other resources successfully when clusterquota was created w...
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Node
Version: 3.3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: ---
Assignee: Derek Carr
QA Contact: DeShuai Ma
Depends On:
TreeView+ depends on / blocked
Reported: 2016-08-17 10:40 UTC by Yanping Zhang
Modified: 2016-09-27 09:44 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2016-09-27 09:44:41 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2016:1933 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.3 Release Advisory 2016-09-27 13:24:36 UTC
Github kubernetes kubernetes pull 30796 None None None 2016-08-17 19:58:14 UTC
Origin (Github) 10493 None None None 2016-08-18 17:40:00 UTC

Description Yanping Zhang 2016-08-17 10:40:14 UTC
Description of problem:
When the project has some resources already, eg has 4 services, cluster-admin still can create clusterquota which the limit of this resource is less than consumed, eg, 3 services
In this situation, if user tried to create other resources which do not exceed the clusterquota, it always failed.

Version-Release number of selected component (if applicable):
openshift v3.3.0.21
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git

How reproducible:

Steps to Reproduce:
1.Create some resources in project, eg. 4 services.
2.Add label to this project.
# oc label namespace/prozyp test=zyp
namespace "prozyp" labeled

3.Create clusterquota to limit the project.
# oc create clusterresourcequota clusterquota --project-label-selector=test=zyp --hard=pods=10,memory=1Gi,cpu=800m,services=3
# oc describe clusterquota clusterquota

4.In the project create pod that doesn't exceed the clusterquota.
# oc run testpod2 --image=aosqe/hello-openshift --generator=run-pod/v1 --limits='cpu=100m,memory=200Mi'

Actual results:
3.CLusterquota is created successfully.
# oc create clusterresourcequota clusterquota --project-label-selector=test=zyp --hard=pods=10,memory=1Gi,cpu=800m,services=3
clusterresourcequota "clusterquota" created
# oc describe clusterquota clusterquota
Name:		clusterquota
Namespace:	<none>
Created:	4 minutes ago
Labels:		<none>
Annotations:	<none>
Label Selector: test=zyp
AnnotationSelector: map[]
Resource	Used	Hard
--------	----	----
cpu		400m	800m
memory		600Mi	1Gi
pods		3	10
services	4	3

4.Could not create pod successfully.
# oc run testpod2 --image=aosqe/hello-openshift --generator=run-pod/v1 --limits='cpu=100m,memory=200Mi'
Error from server: pods "testpod2" is forbidden: Exceeded quota: clusterquota, requested: , used: services=4, limited: services=3

Expected results:
4.If clusterquota can be created successfully in above situation, it should not forbid the creation of resources which don't exceed the quota, so the pod should be created successfully.

Additional info:

Comment 1 Derek Carr 2016-08-17 18:36:20 UTC
This impacts project and cluster-quota.

The check should be to verify that the LessThanOrEqual check is only performed on the masked delta usage not the summed new usage across all resources.

Comment 2 Derek Carr 2016-08-17 19:06:27 UTC
Upstream PR:

Comment 3 Derek Carr 2016-08-17 20:43:53 UTC
Origin PR:

Comment 4 Troy Dawson 2016-08-19 20:57:51 UTC
This has been merged into ose and is in OSE v3.3.0.23 or newer.

Comment 6 Yanping Zhang 2016-08-22 04:08:10 UTC
Checked on ocp v3.3.0.23.
oc v3.3.0.23-dirty
openshift v3.3.0.23-dirty
kubernetes v1.3.0+507d3a7
etcd 2.3.0+git

Now could create other resources in project when clusterquota was created with one resource exceeding the limits.

Comment 8 errata-xmlrpc 2016-09-27 09:44:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.