From 3991d39812271ec59dc994eee261aba4f2a30579 Mon Sep 17 00:00:00 2001 From: Daniel Helfand Date: Tue, 4 Feb 2020 20:22:42 -0500 Subject: [PATCH] add LimitRangeName to taskrun and pipelinerun specs --- docs/pipelineruns.md | 37 ++++++++++++++- docs/taskruns.md | 38 ++++++++++++++++ docs/tekton-limitrange-config.md | 45 ------------------- .../pipeline/v1alpha1/pipelinerun_types.go | 6 +++ pkg/apis/pipeline/v1alpha1/taskrun_types.go | 7 ++- pkg/apis/pipeline/v1alpha2/taskrun_types.go | 7 ++- pkg/pod/pod.go | 16 ++----- pkg/reconciler/pipelinerun/pipelinerun.go | 1 + 8 files changed, 95 insertions(+), 62 deletions(-) delete mode 100644 docs/tekton-limitrange-config.md diff --git a/docs/pipelineruns.md b/docs/pipelineruns.md index 08adaf2d915..461bb24504d 100644 --- a/docs/pipelineruns.md +++ b/docs/pipelineruns.md @@ -20,6 +20,7 @@ Creation of a `PipelineRun` will trigger the creation of - [Cancelling a PipelineRun](#cancelling-a-pipelinerun) - [Examples](https://github.com/tektoncd/pipeline/tree/master/examples/pipelineruns) - [Logs](logs.md) +- [LimitRange Name](#limitrange-name) ## Syntax @@ -36,7 +37,6 @@ following fields: your `PipelineRun` resource object. - [`pipelineRef` or `pipelineSpec`](#specifiying-a-pipeline) - Specifies the [`Pipeline`](pipelines.md) you want to run. - Optional: - - [`resources`](#resources) - Specifies which [`PipelineResources`](resources.md) to use for this `PipelineRun`. - [`serviceAccountName`](#service-account) - Specifies a `ServiceAccount` resource @@ -51,6 +51,10 @@ following fields: follow the instruction [here](taskruns.md#Configuring-default-timeout) to configure the default timeout, the same way as `TaskRun`. - [`podTemplate`](#pod-template) - Specifies a [pod template](./podtemplates.md) that will be used as the basis for the `Task` pod. + - [`limitRangeName`](#limitrange-name) - Specifies the name of a LimitRange that exists in the namespace of the `PipelineRun`. This LimitRange's minimum + for container resource requests will be used as part of requesting the appropriate amount of CPU, memory, and ephemeral storage for containers that are + part of the `TaskRuns` of a `PipelineRun`. This proerty only needs to be specified if the `PipelineRun` is happening in a namespace with a LimitRange + minimum specified for container resource requests. [kubernetes-overview]: https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields @@ -373,6 +377,37 @@ spec: status: "PipelineRunCancelled" ``` +## LimitRange Name + +In order to request the minimum amount of resources needed to support the containers +for `steps` that are part of a `TaskRun`, Tekton only requests the maximum values for CPU, +memory, and ephemeral storage from the `steps` that are part of a TaskRun. Only the max +resource request values are needed since `steps` only execute one at a time in `TaskRun` pod. +All requests that are not the max values are set to zero as a result. + +When a [LimitRange](https://kubernetes.io/docs/concepts/policy/limit-range/) is present in a namespace +with a minimum set for container resource requests (i.e. CPU, memory, and ephemeral storage) where `PipelineRuns` +are attempting to run, the `limitRangeName` property must be specified to appropriately apply the LimitRange's +minimum values to containers that are part of a `TaskRun` associated with a `PipelineRun`. This property helps +prevent failures of `TaskRuns` not meeting the minimum requirements specified by a LimitRange for containers. + +In the example below, the LimitRange `limit-mem-cpu-per-container` will be applied to all `TaskRuns` associated +with the `PipelineRun`: + +```yaml +apiVersion: tekton.dev/v1alpha1 +kind: PipelineRun +metadata: + creationTimestamp: null + generateName: deploy-pipeline-run- + namespace: default +spec: + pipelineRef: + name: deploy-pipeline-hello + limitRangeName: "limit-mem-cpu-per-container" +status: {} +``` + --- Except as otherwise noted, the content of this page is licensed under the diff --git a/docs/taskruns.md b/docs/taskruns.md index 4c3159c0819..05d9eb2b8ff 100644 --- a/docs/taskruns.md +++ b/docs/taskruns.md @@ -26,6 +26,7 @@ A `TaskRun` runs until all `steps` have completed or until a failure occurs. - [Examples](#examples) - [Sidecars](#sidecars) - [Logs](logs.md) +- [LimitRange Name](#limitrange-name) --- @@ -60,6 +61,9 @@ following fields: - [`podTemplate`](#pod-template) - Specifies a [pod template](./podtemplates.md) that will be used as the basis for the `Task` pod. - [`workspaces`](#workspaces) - Specify the actual volumes to use for the [workspaces](tasks.md#workspaces) declared by a `Task` + - [`limitRangeName`](#limitrange-name) - Specifies the name of a LimitRange that exists in the namespace of the `TaskRun`. This LimitRange's minimum + for container resource requests will be used as part of requesting the appropriate amount of CPU, memory, and ephemeral storage for containers that are + part of a `TaskRun`. This property only needs to be specified if the `TaskRun` is happening in a namespace with a LimitRange minimum specified for container resource requests. [kubernetes-overview]: https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/#required-fields @@ -700,6 +704,40 @@ with the `get pods` command. The Pod description will instead show a Status of Failed and the individual container statuses will correctly reflect how and why they exited. +## LimitRange Name + +In order to request the minimum amount of resources needed to support the containers +for `steps` that are part of a `TaskRun`, Tekton only requests the maximum values for CPU, +memory, and ephemeral storage from the `steps` that are part of a TaskRun. Only the max +resource request values are needed since `steps` only execute one at a time in `TaskRun` pod. +All requests that are not the max values are set to zero as a result. + +When a [LimitRange](https://kubernetes.io/docs/concepts/policy/limit-range/) is present in a namespace +with a minimum set for container resource requests (i.e. CPU, memory, and ephemeral storage) where `TaskRuns` +are attempting to run, the `limitRangeName` property must be specified to appropriately apply the LimitRange's +minimum values to `steps` that are part of a `TaskRun`. This property helps prevent failures of `TaskRuns` not +meeting the minimum requirements specified by a LimitRange for containers. + +In the example below, the LimitRange `limit-mem-cpu-per-container` will be applied to all `steps` associated with +a `TaskRun` in namespace `default`: + +```yaml +apiVersion: tekton.dev/v1alpha1 +kind: TaskRun +metadata: + creationTimestamp: null + generateName: echo-hello-world-run- + namespace: default +spec: + inputs: {} + outputs: {} + serviceAccountName: "" + taskRef: + name: echo-hello-world + timeout: 1h0m0s + limitRangeName: "limit-mem-cpu-per-container" +``` + --- Except as otherwise noted, the content of this page is licensed under the diff --git a/docs/tekton-limitrange-config.md b/docs/tekton-limitrange-config.md deleted file mode 100644 index 1a0300805ea..00000000000 --- a/docs/tekton-limitrange-config.md +++ /dev/null @@ -1,45 +0,0 @@ -# Tekton LimitRange Config - -This documentation holds information on how to create a `tekton-limitrange-config` in -the event you would like to apply a LimitRange minimum for container requests instead -of Tekton's default behavior. - -## How Tekton Handles Container Requests for a TaskRun - -In order to request the minimum amount of resources needed to support the containers -for Steps that are part of a TaskRun, Tekton only requests the maximum values for CPU, -memory, and ephemeral storage from the Steps that are part of a TaskRun. Only the max -resource request values are needed since Steps only execute one at a time in TaskRun pod. -All requests that are not the max values are set to zero as a result. - -## tekton-limitrange-config Example - -The [behavior above](#How-Tekton-Handles-Container-Requests) is how Tekton carries out -TaskRuns by default, but, in the event you are working in a namespace that has a LimitRange -minimum defined for container requests, a ConfigMap named `tekton-limitrange-config` can be -created that holds the name of the LimitRange in the namespace where your TaskRuns are to be ran. - -An example `tekton-limitrange-config` is shown below: - -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: tekton-limitrange-config -data: - default-limitrange-name: "limit-mem-cpu-per-container" -``` - -In the example above, the `tekton-limitrange-config` would apply the container request minimum from -a LimitRange named `limit-mem-cpu-per-container`. Instead of requesting a zero quantity for all non -maximum container request values for a TaskRun, the container request minimum from `limit-mem-cpu-per-container` -would be used instead. - -## Creating the tekton-limitrange-config - -To use the `tekton-limitrange-config`, a ConfigMap must be created that is named `tekton-limitrange-config` and -has a key named `default-limitrange-name` with a value that corresponds to the LimitRange name. The ConfigMap -must be created in the namespace where your TaskRuns will be ran. - -After defining the ConfigMap for the `tekton-limitrange-config` in a file, use `kubectl apply -f` to make the -LimitRange name available to Tekton. \ No newline at end of file diff --git a/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go b/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go index 787ba3cfdd1..bc1823921bb 100644 --- a/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go +++ b/pkg/apis/pipeline/v1alpha1/pipelinerun_types.go @@ -66,6 +66,12 @@ type PipelineRunSpec struct { // with those declared in the pipeline. // +optional Workspaces []WorkspaceBinding `json:"workspaces,omitempty"` + // Used to specify name of LimitRange that exists in namespace + // where PipelineRun will run so that the LimitRange's minimum for + // container requests can be used by containers of TaskRuns associated + // with PipelineRun + // +optional + LimitRangeName string `json:"limitRangeName"` } // PipelineRunSpecStatus defines the pipelinerun spec status the user can provide diff --git a/pkg/apis/pipeline/v1alpha1/taskrun_types.go b/pkg/apis/pipeline/v1alpha1/taskrun_types.go index c8601e0d849..cd4677a8b85 100644 --- a/pkg/apis/pipeline/v1alpha1/taskrun_types.go +++ b/pkg/apis/pipeline/v1alpha1/taskrun_types.go @@ -49,14 +49,17 @@ type TaskRunSpec struct { // Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` - // PodTemplate holds pod specific configuration // +optional PodTemplate *PodTemplate `json:"podTemplate,omitempty"` - // Workspaces is a list of WorkspaceBindings from volumes to workspaces. // +optional Workspaces []WorkspaceBinding `json:"workspaces,omitempty"` + // Used to specify name of LimitRange that exists in namespace + // where TaskRun will run so that the LimitRange's minimum for + // container requests can be used by containers of TaskRun + // +optional + LimitRangeName string `json:"limitRangeName"` } // TaskRunSpecStatus defines the taskrun spec status the user can provide diff --git a/pkg/apis/pipeline/v1alpha2/taskrun_types.go b/pkg/apis/pipeline/v1alpha2/taskrun_types.go index 817906d9427..cc6166ac6f7 100644 --- a/pkg/apis/pipeline/v1alpha2/taskrun_types.go +++ b/pkg/apis/pipeline/v1alpha2/taskrun_types.go @@ -48,13 +48,16 @@ type TaskRunSpec struct { // Refer Go's ParseDuration documentation for expected format: https://golang.org/pkg/time/#ParseDuration // +optional Timeout *metav1.Duration `json:"timeout,omitempty"` - // PodTemplate holds pod specific configuration PodTemplate PodTemplate `json:"podTemplate,omitempty"` - // Workspaces is a list of WorkspaceBindings from volumes to workspaces. // +optional Workspaces []WorkspaceBinding `json:"workspaces,omitempty"` + // Used to specify name of LimitRange that exists in namespace + // where TaskRun will run so that the LimitRange's minimum for + // container requests can be used by containers of TaskRun + // +optional + LimitRangeName string `json:"limitRangeName"` } // TaskRunSpecStatus defines the taskrun spec status the user can provide diff --git a/pkg/pod/pod.go b/pkg/pod/pod.go index 56d9f8c2508..aee0fb9521f 100644 --- a/pkg/pod/pod.go +++ b/pkg/pod/pod.go @@ -119,19 +119,11 @@ func MakePod(images pipeline.Images, taskRun *v1alpha1.TaskRun, taskSpec v1alpha initContainers = append(initContainers, entrypointInit) volumes = append(volumes, toolsVolume, downwardVolume) - // Get LimitRange by name if present in ConfigMap tekton-limitrange-config. - // Otherwise, pass empty request to resolveResourceRequests. - limitRangeName := "" - limitRangeConfig, err := kubeclient.CoreV1().ConfigMaps(taskRun.Namespace).Get("tekton-limitrange-config", metav1.GetOptions{}) - if err == nil { - limitRangeName = limitRangeConfig.Data["default-limitrange-name"] - if limitRangeName == "" { - return nil, fmt.Errorf("tekton-limitrange-config is present but default-limitrange-name key is missing") - } - } + // If present on TaskRunSpec, use LimitRangeName to get LimitRange + // so it can be used in resolveResourceRequests var limitRange *corev1.LimitRange - if limitRangeName != "" { - limitRange, err = kubeclient.CoreV1().LimitRanges(taskRun.Namespace).Get(limitRangeName, metav1.GetOptions{}) + if taskRun.Spec.LimitRangeName != "" { + limitRange, err = kubeclient.CoreV1().LimitRanges(taskRun.Namespace).Get(taskRun.Spec.LimitRangeName, metav1.GetOptions{}) if err != nil { return nil, err } diff --git a/pkg/reconciler/pipelinerun/pipelinerun.go b/pkg/reconciler/pipelinerun/pipelinerun.go index 75da4ef0875..f7da196712e 100644 --- a/pkg/reconciler/pipelinerun/pipelinerun.go +++ b/pkg/reconciler/pipelinerun/pipelinerun.go @@ -562,6 +562,7 @@ func (c *Reconciler) createTaskRun(rprt *resources.ResolvedPipelineRunTask, pr * ServiceAccountName: pr.GetServiceAccountName(rprt.PipelineTask.Name), Timeout: getTaskRunTimeout(pr), PodTemplate: pr.Spec.PodTemplate, + LimitRangeName: pr.Spec.LimitRangeName, }} if rprt.ResolvedTaskResources.TaskName != "" {