/* Copyright 2021 The KubeSphere Authors. Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ package quota import ( "context" "time" "k8s.io/apimachinery/pkg/types" "k8s.io/klog" "sigs.k8s.io/controller-runtime/pkg/client" quotav1alpha2 "kubesphere.io/api/quota/v1alpha2" lru "github.com/hashicorp/golang-lru" corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" utilwait "k8s.io/apimachinery/pkg/util/wait" etcd "k8s.io/apiserver/pkg/storage/etcd3" utilquota "kubesphere.io/kubesphere/kube/pkg/quota/v1" ) // Following code copied from github.com/openshift/apiserver-library-go/pkg/admission/quota/clusterresourcequota type accessor struct { client client.Client // updatedResourceQuotas holds a cache of quotas that we've updated. This is used to pull the "really latest" during back to // back quota evaluations that touch the same quota doc. This only works because we can compare etcd resourceVersions // for the same resource as integers. Before this change: 22 updates with 12 conflicts. after this change: 15 updates with 0 conflicts updatedResourceQuotas *lru.Cache } // newQuotaAccessor creates an object that conforms to the QuotaAccessor interface to be used to retrieve quota objects. func newQuotaAccessor(client client.Client) *accessor { updatedCache, err := lru.New(100) if err != nil { // this should never happen panic(err) } return &accessor{ client: client, updatedResourceQuotas: updatedCache, } } // UpdateQuotaStatus the newQuota coming in will be incremented from the original. The difference between the original // and the new is the amount to add to the namespace total, but the total status is the used value itself func (a *accessor) UpdateQuotaStatus(newQuota *corev1.ResourceQuota) error { // skipping namespaced resource quota if newQuota.APIVersion != quotav1alpha2.SchemeGroupVersion.String() { klog.V(6).Infof("skipping namespaced resource quota %v %v", newQuota.Namespace, newQuota.Name) return nil } ctx := context.TODO() resourceQuota := "av1alpha2.ResourceQuota{} err := a.client.Get(ctx, types.NamespacedName{Name: newQuota.Name}, resourceQuota) if err != nil { klog.Errorf("failed to fetch resource quota: %s, %v", newQuota.Name, err) return err } resourceQuota = a.checkCache(resourceQuota) // re-assign objectmeta // make a copy updatedQuota := resourceQuota.DeepCopy() updatedQuota.ObjectMeta = newQuota.ObjectMeta updatedQuota.Namespace = "" // determine change in usage usageDiff := utilquota.Subtract(newQuota.Status.Used, updatedQuota.Status.Total.Used) // update aggregate usage updatedQuota.Status.Total.Used = newQuota.Status.Used // update per namespace totals oldNamespaceTotals, _ := getResourceQuotasStatusByNamespace(updatedQuota.Status.Namespaces, newQuota.Namespace) namespaceTotalCopy := oldNamespaceTotals.DeepCopy() newNamespaceTotals := *namespaceTotalCopy newNamespaceTotals.Used = utilquota.Add(oldNamespaceTotals.Used, usageDiff) insertResourceQuotasStatus(&updatedQuota.Status.Namespaces, quotav1alpha2.ResourceQuotaStatusByNamespace{ Namespace: newQuota.Namespace, ResourceQuotaStatus: newNamespaceTotals, }) klog.V(6).Infof("update resource quota: %+v", updatedQuota) err = a.client.Status().Update(ctx, updatedQuota, &client.UpdateOptions{}) if err != nil { klog.Errorf("failed to update resource quota: %v", err) return err } a.updatedResourceQuotas.Add(resourceQuota.Name, updatedQuota) return nil } var etcdVersioner = etcd.APIObjectVersioner{} // checkCache compares the passed quota against the value in the look-aside cache and returns the newer // if the cache is out of date, it deletes the stale entry. This only works because of etcd resourceVersions // being monotonically increasing integers func (a *accessor) checkCache(resourceQuota *quotav1alpha2.ResourceQuota) *quotav1alpha2.ResourceQuota { uncastCachedQuota, ok := a.updatedResourceQuotas.Get(resourceQuota.Name) if !ok { return resourceQuota } cachedQuota := uncastCachedQuota.(*quotav1alpha2.ResourceQuota) if etcdVersioner.CompareResourceVersion(resourceQuota, cachedQuota) >= 0 { a.updatedResourceQuotas.Remove(resourceQuota.Name) return resourceQuota } return cachedQuota } func (a *accessor) GetQuotas(namespaceName string) ([]corev1.ResourceQuota, error) { resourceQuotaNames, err := a.waitForReadyResourceQuotaNames(namespaceName) if err != nil { klog.Errorf("failed to fetch resource quota names: %v, %v", namespaceName, err) return nil, err } var result []corev1.ResourceQuota for _, resourceQuotaName := range resourceQuotaNames { resourceQuota := "av1alpha2.ResourceQuota{} err = a.client.Get(context.TODO(), types.NamespacedName{Name: resourceQuotaName}, resourceQuota) if err != nil { klog.Errorf("failed to fetch resource quota %s: %v", resourceQuotaName, err) return result, err } resourceQuota = a.checkCache(resourceQuota) // now convert to a ResourceQuota convertedQuota := corev1.ResourceQuota{} convertedQuota.APIVersion = quotav1alpha2.SchemeGroupVersion.String() convertedQuota.ObjectMeta = resourceQuota.ObjectMeta convertedQuota.Namespace = namespaceName convertedQuota.Spec = resourceQuota.Spec.Quota convertedQuota.Status = resourceQuota.Status.Total result = append(result, convertedQuota) } // avoid conflicts with namespaced resource quota namespacedResourceQuotas, err := a.waitForReadyNamespacedResourceQuotas(namespaceName) if err != nil { klog.Errorf("failed to fetch namespaced resource quotas: %v, %v", namespaceName, err) return nil, err } for _, resourceQuota := range namespacedResourceQuotas { resourceQuota.APIVersion = corev1.SchemeGroupVersion.String() result = append(result, resourceQuota) } return result, nil } func (a *accessor) waitForReadyResourceQuotaNames(namespaceName string) ([]string, error) { ctx := context.TODO() var resourceQuotaNames []string var err error // wait for a valid mapping cache. The overall response can be delayed for up to 10 seconds. err = utilwait.PollImmediate(100*time.Millisecond, 8*time.Second, func() (done bool, err error) { resourceQuotaNames, err = resourceQuotaNamesFor(ctx, a.client, namespaceName) // if we can't find the namespace yet, just wait for the cache to update. Requests to non-existent namespaces // may hang, but those people are doing something wrong and namespace lifecycle should reject them. if apierrors.IsNotFound(err) { return false, nil } if err != nil { return false, err } return true, nil }) return resourceQuotaNames, err } func (a *accessor) waitForReadyNamespacedResourceQuotas(namespaceName string) ([]corev1.ResourceQuota, error) { ctx := context.TODO() var resourceQuotas []corev1.ResourceQuota var err error // wait for a valid mapping cache. The overall response can be delayed for up to 10 seconds. err = utilwait.PollImmediate(100*time.Millisecond, 8*time.Second, func() (done bool, err error) { resourceQuotaList := &corev1.ResourceQuotaList{} err = a.client.List(ctx, resourceQuotaList, &client.ListOptions{Namespace: namespaceName}) if err != nil { return false, err } resourceQuotas = resourceQuotaList.Items return true, nil }) return resourceQuotas, err }