Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1450366 - The limited default resource is still created even if there is no corresponding quota cover it
The limited default resource is still created even if there is no correspondi...
Status: CLOSED ERRATA
Product: OpenShift Container Platform
Classification: Red Hat
Component: Pod (Show other bugs)
3.6.0
Unspecified Unspecified
unspecified Severity medium
: ---
: ---
Assigned To: Derek Carr
Qixuan Wang
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-05-12 06:34 EDT by Qixuan Wang
Modified: 2017-08-16 15 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-10 01:24:06 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2017:1716 normal SHIPPED_LIVE Red Hat OpenShift Container Platform 3.6 RPM Release Advisory 2017-08-10 05:02:50 EDT

  None (edit)
Description Qixuan Wang 2017-05-12 06:34:39 EDT 
Description of problem:
Configure limited resources on master-config file, if there isn't a corresponding quota that covers resources usage, the resource is still created. I attempted many configuration ways and still not sure the admission plug-in was inserted correctly while master service didn't throw errors.


Version-Release number of selected component (if applicable):
openshift v3.6.71
kubernetes v1.6.1+5115d708d7
etcd 3.1.0


How reproducible:
Always

Steps to Reproduce:
1. Insert into master-config.yaml and restart master service.
# cat master-config.yaml
admissionConfig:
  pluginConfig:
    ResourceQuota:
      configuration:
        apiVersion: resourcequota.admission.k8s.io/v1alpha1
        kind: Configuration
        limitedResources:
        - resource: pods
          matchContains:
          - pods
          - requests.cpu
        - resource: persistentvolumeclaims
          matchContains:
        - .storageclass.storage.k8s.io/requests.storage
<------------------------------------------------------->

# service atomic-openshift-master restart
# service atomic-openshift-master status

2. Make sure there is no quota in the namespace or default limited resources (requests.cpu, requests.storage)are not specified in the quota in this namespace.

3. Create a dynamic PVC which has requests.storage in its spec
# cat pvc-storage-class.json
{
  "kind": "PersistentVolumeClaim",
  "apiVersion": "v1",
  "metadata": {
    "name": "pvc-storage-class",
    "labels": {
         "name": "pvc-storage-class"
     },
    "annotations": {
        "volume.beta.kubernetes.io/storage-class": "gold"
    }
  },
  "spec": {
    "accessModes": [
      "ReadWriteOnce"
    ],
    "resources": {
      "requests": {
        "storage": "2Gi"
      }
    }
  }
}

# oc create -f pvc-storage-class.json

4. Change annotations as "volume.beta.kubernetes.io/storage-class": "bronze" and create the pvc


Actual results:
3. The default limited resource is created. 
# oc create -f  pvc-storage-class.json -n qwang1
persistentvolumeclaim "pvc-storage-class" created

4. # oc create -f pvc-storage-class-bronze.json -n qwang1
persistentvolumeclaim "pvc-storage-class-bronze" created

Expected results:
3. The pvc creation request should be rejected as follows.  
# /data/src/kubernetes/_output/local/bin/linux/amd64/kubectl create -f pvc-storage-class.json -n default
Error from server: error when creating "pvc-storage-class.json": insufficient quota to consume: gold.storageclass.storage.k8s.io/requests.storage

4. # /data/src/kubernetes/_output/local/bin/linux/amd64/kubectl create -f pvc-storage-class-bronze.json -n default
Error from server: error when creating "1.json": insufficient quota to consume: bronze.storageclass.storage.k8s.io/requests.storage



Additional info:
Comment 3 Derek Carr 2017-05-22 15:30:46 EDT 
Origin PR:
https://github.com/openshift/origin/pull/14234
Comment 5 Qixuan Wang 2017-06-07 06:43:11 EDT 
Tested on OCP3.6(openshift v3.6.96, kubernetes v1.6.1+5115d708d7, etcd 3.1.0). 

The plug-in doesn't take effect. By comparison, changes in the k8s/xxx/BUILD files don't in ose.
Comment 6 Derek Carr 2017-06-07 10:04:22 EDT 
Tested, git commit: 6473593c449ab84cfdf57361e41eae5b78e766ee

edited master-config.yaml

admissionConfig:
  pluginConfig:
    ResourceQuota:
      configuration:
        apiVersion: resourcequota.admission.k8s.io/v1alpha1
        kind: Configuration
        limitedResources:
        - resource: persistentvolumeclaims
          matchContains:
          - .storageclass.storage.k8s.io/requests.storage
    openshift.io/ImagePolicy:


$ oc create -f ~/scripts/samples/kube/quota-by-storage-class/pvc/pvc-bronze.yaml 
Error from server: error when creating "/home/decarr/scripts/samples/kube/quota-by-storage-class/pvc/pvc-bronze.yaml": insufficient quota to consume: bronze.storageclass.storage.k8s.io/requests.storage
Comment 7 Qixuan Wang 2017-06-14 03:23:19 EDT 
Tested on OCP3.6(openshift v3.6.106, kubernetes v1.6.1+5115d708d7, etcd 3.2.0), The plug-in takes effect now. Could you please move it to ON_QA so I can verify it. Thanks.
Comment 9 errata-xmlrpc 2017-08-10 01:24:06 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2017:1716
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.