Description of problem: Configure limited resources on master-config file, if there isn't a corresponding quota that covers resources usage, the resource is still created. I attempted many configuration ways and still not sure the admission plug-in was inserted correctly while master service didn't throw errors. Version-Release number of selected component (if applicable): openshift v3.6.71 kubernetes v1.6.1+5115d708d7 etcd 3.1.0 How reproducible: Always Steps to Reproduce: 1. Insert into master-config.yaml and restart master service. # cat master-config.yaml admissionConfig: pluginConfig: ResourceQuota: configuration: apiVersion: resourcequota.admission.k8s.io/v1alpha1 kind: Configuration limitedResources: - resource: pods matchContains: - pods - requests.cpu - resource: persistentvolumeclaims matchContains: - .storageclass.storage.k8s.io/requests.storage <-------------------------------------------------------> # service atomic-openshift-master restart # service atomic-openshift-master status 2. Make sure there is no quota in the namespace or default limited resources (requests.cpu, requests.storage)are not specified in the quota in this namespace. 3. Create a dynamic PVC which has requests.storage in its spec # cat pvc-storage-class.json { "kind": "PersistentVolumeClaim", "apiVersion": "v1", "metadata": { "name": "pvc-storage-class", "labels": { "name": "pvc-storage-class" }, "annotations": { "volume.beta.kubernetes.io/storage-class": "gold" } }, "spec": { "accessModes": [ "ReadWriteOnce" ], "resources": { "requests": { "storage": "2Gi" } } } } # oc create -f pvc-storage-class.json 4. Change annotations as "volume.beta.kubernetes.io/storage-class": "bronze" and create the pvc Actual results: 3. The default limited resource is created. # oc create -f pvc-storage-class.json -n qwang1 persistentvolumeclaim "pvc-storage-class" created 4. # oc create -f pvc-storage-class-bronze.json -n qwang1 persistentvolumeclaim "pvc-storage-class-bronze" created Expected results: 3. The pvc creation request should be rejected as follows. # /data/src/kubernetes/_output/local/bin/linux/amd64/kubectl create -f pvc-storage-class.json -n default Error from server: error when creating "pvc-storage-class.json": insufficient quota to consume: gold.storageclass.storage.k8s.io/requests.storage 4. # /data/src/kubernetes/_output/local/bin/linux/amd64/kubectl create -f pvc-storage-class-bronze.json -n default Error from server: error when creating "1.json": insufficient quota to consume: bronze.storageclass.storage.k8s.io/requests.storage Additional info:
Origin PR: https://github.com/openshift/origin/pull/14234
Tested on OCP3.6(openshift v3.6.96, kubernetes v1.6.1+5115d708d7, etcd 3.1.0). The plug-in doesn't take effect. By comparison, changes in the k8s/xxx/BUILD files don't in ose.
Tested, git commit: 6473593c449ab84cfdf57361e41eae5b78e766ee edited master-config.yaml admissionConfig: pluginConfig: ResourceQuota: configuration: apiVersion: resourcequota.admission.k8s.io/v1alpha1 kind: Configuration limitedResources: - resource: persistentvolumeclaims matchContains: - .storageclass.storage.k8s.io/requests.storage openshift.io/ImagePolicy: $ oc create -f ~/scripts/samples/kube/quota-by-storage-class/pvc/pvc-bronze.yaml Error from server: error when creating "/home/decarr/scripts/samples/kube/quota-by-storage-class/pvc/pvc-bronze.yaml": insufficient quota to consume: bronze.storageclass.storage.k8s.io/requests.storage
Tested on OCP3.6(openshift v3.6.106, kubernetes v1.6.1+5115d708d7, etcd 3.2.0), The plug-in takes effect now. Could you please move it to ON_QA so I can verify it. Thanks.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:1716