feat(webhook): add pod resource request auto-adjustment webhook for optimizing cluster utilization #6039
Conversation
Whoa! Easy there, Partner!This PR is too big. Please break it up into smaller PRs. |
zijiren233
force-pushed
the
pod-mutator
branch
from
147fde4 to
3151d42
Compare
| Complete() | ||
| } | ||
|
|
||
| //+kubebuilder:webhook:path=/mutate--v1-pod,mutating=true,failurePolicy=fail,sideEffects=None,groups=core,resources=pods,verbs=create;update,versions=v1,name=mpod.sealos.io,admissionReviewVersions=v1 |
There was a problem hiding this comment.
mutate--v1-pod The name is too simple. If there are more webhooks in the future, it may not be clear what it is.
use mutate-qota-v1-pod is better?
|
|
||
| const ( | ||
| // Labels to identify KubeBlocks database pods | ||
| KubeBlocksManagedByLabel = "app.kubernetes.io/managed-by" |
There was a problem hiding this comment.
It's better not to use this label. It's more common. I'm not sure whether to use helm to install this value is kubeblocks or helm.
There was a problem hiding this comment.
When using helm, this will be Helm, and the purpose of this label is to obtain ratios; for example, the ratio for ordinary Pods is 1:10, while for kubeblock it is 1:5.
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new admission webhook for Pod resources that implements intelligent resource request auto-adjustment to optimize cluster resource utilization while also validating resource configurations to prevent invalid settings.
Key changes:
- Automatic resource request optimization based on configurable ratios (1:10 for regular pods, 1:5 for database pods by default)
- Resource validation preventing zero CPU/memory limits
- Differentiated handling for database pods (KubeBlocks managed) vs regular pods
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| webhooks/admission/deploy/manifests/deploy.yaml.tmpl | Adds webhook configuration for pod mutating and validating webhooks with new command-line arguments |
| webhooks/admission/deploy/Kubefile | Sets default environment variables for pod webhook configuration |
| webhooks/admission/config/webhook/manifests.yaml | Defines webhook registration for development/testing environments |
| webhooks/admission/config/manager/kustomization.yaml | Updates container image name reference |
| webhooks/admission/config/default/manager_auth_proxy_patch.yaml | Adds new command-line arguments for pod webhook configuration |
| webhooks/admission/cmd/main.go | Integrates pod webhook setup with command-line flag parsing and manager registration |
| webhooks/admission/api/v1/pod_webhook_test.go | Comprehensive test coverage for pod mutation logic including edge cases |
| webhooks/admission/api/v1/pod_webhook.go | Core implementation of pod mutating and validating webhook logic |
| webhooks/admission/api/v1/pod_validator_test.go | Test coverage for pod validation logic including database pod special handling |
| // Only apply oversell to namespaces starting with "ns-" | ||
| if !isUserNamespace(pod.Namespace) { |
There was a problem hiding this comment.
The function isUserNamespace is referenced but not defined in this file. This will cause a compilation error.
| "os" | ||
| "strings" | ||
|
|
||
| v1 "github.com/labring/sealos/webhook/admission/api/v1" |
There was a problem hiding this comment.
The import path contains 'webhook' but the actual directory structure shows 'webhooks' (plural). This import path may be incorrect and could cause build issues.
| v1 "github.com/labring/sealos/webhook/admission/api/v1" | |
| v1 "github.com/labring/sealos/webhooks/admission/api/v1" |
cuisongliu
force-pushed
the
pod-mutator
branch
from
4c54375 to
74cdb4d
Compare
zijiren233
force-pushed
the
pod-mutator
branch
from
ea8962a to
74cdb4d
Compare
zijiren233
force-pushed
the
pod-mutator
branch
from
74cdb4d to
e007b32
Compare
- Refactor PodMutator to use configurable oversell ratios with constructor functions - Replace generic database pod detection with specific KubeBlocks label checking - Optimize database pod mutation to only process first container (main workload) - Improve resource adjustment logic to only modify requests that exceed oversell limits - Add comprehensive test coverage for new functionality including edge cases - Handle zero resource limits gracefully without unnecessary mutations
zijiren233
force-pushed
the
pod-mutator
branch
from
e007b32 to
823403f
Compare
2 participants
Description
This PR introduces a new admission webhook for Pod resources that implements intelligent resource request auto-adjustment to optimize cluster resource utilization. The webhook automatically adjusts pod resource requests based on configurable ratios while preventing invalid resource configurations.
Key Features
🚀 Resource Request Auto-Adjustment
🛡️ Resource Validation
🎯 Targeted Application