type Evaluator … type quotaEvaluator … type admissionWaiter … type defaultDeny … func (defaultDeny) Error() string { … } // IsDefaultDeny returns true if the error is defaultDeny func IsDefaultDeny(err error) bool { … } func newAdmissionWaiter(a admission.Attributes) *admissionWaiter { … } // NewQuotaEvaluator configures an admission controller that can enforce quota constraints // using the provided registry. The registry must have the capability to handle group/kinds that // are persisted by the server this admission controller is intercepting func NewQuotaEvaluator(quotaAccessor QuotaAccessor, ignoredResources map[schema.GroupResource]struct{ … } // start begins watching and syncing. func (e *quotaEvaluator) start() { … } func (e *quotaEvaluator) shutdownOnStop() { … } func (e *quotaEvaluator) doWork() { … } // checkAttributes iterates evaluates all the waiting admissionAttributes. It will always notify all waiters // before returning. The default is to deny. func (e *quotaEvaluator) checkAttributes(ns string, admissionAttributes []*admissionWaiter) { … } // checkQuotas checks the admission attributes against the passed quotas. If a quota applies, it will attempt to update it // AFTER it has checked all the admissionAttributes. The method breaks down into phase like this: // 0. make a copy of the quotas to act as a "running" quota so we know what we need to update and can still compare against the // originals // 1. check each admission attribute to see if it fits within *all* the quotas. If it didn't fit, mark the waiter as failed // and the running quota doesn't change. If it did fit, check to see if any quota was changed. If there was no quota change // mark the waiter as succeeded. If some quota did change, update the running quotas // 2. If no running quota was changed, return now since no updates are needed. // 3. for each quota that has changed, attempt an update. If all updates succeeded, update all unset waiters to success status and return. If the some // updates failed on conflict errors and we have retries left, re-get the failed quota from our cache for the latest version // and recurse into this method with the subset. It's safe for us to evaluate ONLY the subset, because the other quota // documents for these waiters have already been evaluated. Step 1, will mark all the ones that should already have succeeded. func (e *quotaEvaluator) checkQuotas(quotas []corev1.ResourceQuota, admissionAttributes []*admissionWaiter, remainingRetries int) { … } func copyQuotas(in []corev1.ResourceQuota) ([]corev1.ResourceQuota, error) { … } // filterLimitedResourcesByGroupResource filters the input that match the specified groupResource func filterLimitedResourcesByGroupResource(input []resourcequotaapi.LimitedResource, groupResource schema.GroupResource) []resourcequotaapi.LimitedResource { … } // limitedByDefault determines from the specified usage and limitedResources the set of resources names // that must be present in a covering quota. It returns empty set if it was unable to determine if // a resource was not limited by default. func limitedByDefault(usage corev1.ResourceList, limitedResources []resourcequotaapi.LimitedResource) []corev1.ResourceName { … } func getMatchedLimitedScopes(evaluator quota.Evaluator, inputObject runtime.Object, limitedResources []resourcequotaapi.LimitedResource) ([]corev1.ScopedResourceSelectorRequirement, error) { … } // checkRequest verifies that the request does not exceed any quota constraint. it returns a copy of quotas not yet persisted // that capture what the usage would be if the request succeeded. It return an error if there is insufficient quota to satisfy the request func (e *quotaEvaluator) checkRequest(quotas []corev1.ResourceQuota, a admission.Attributes) ([]corev1.ResourceQuota, error) { … } // CheckRequest is a static version of quotaEvaluator.checkRequest, possible to be called from outside. func CheckRequest(quotas []corev1.ResourceQuota, a admission.Attributes, evaluator quota.Evaluator, limited []resourcequotaapi.LimitedResource) ([]corev1.ResourceQuota, error) { … } func getScopeSelectorsFromQuota(quota corev1.ResourceQuota) []corev1.ScopedResourceSelectorRequirement { … } func (e *quotaEvaluator) Evaluate(a admission.Attributes) error { … } func (e *quotaEvaluator) addWork(a *admissionWaiter) { … } func (e *quotaEvaluator) completeWork(ns string) { … } // getWork returns a namespace, a list of work items in that // namespace, and a shutdown boolean. If not shutdown then the return // must eventually be followed by a call on completeWork for the // returned namespace (regardless of whether the work item list is // empty). func (e *quotaEvaluator) getWork() (string, []*admissionWaiter, bool) { … } // prettyPrint formats a resource list for usage in errors // it outputs resources sorted in increasing order func prettyPrint(item corev1.ResourceList) string { … } func prettyPrintResourceNames(a []corev1.ResourceName) string { … } // hasUsageStats returns true if for each hard constraint in interestingResources there is a value for its current usage func hasUsageStats(resourceQuota *corev1.ResourceQuota, interestingResources []corev1.ResourceName) bool { … }
Codebase Browser
kubernetes