-
Notifications
You must be signed in to change notification settings - Fork 216
/
Copy pathpdbhpavalidator.go
150 lines (130 loc) · 4.88 KB
/
pdbhpavalidator.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
package validator
import (
"fmt"
"strconv"
"strings"
"github.com/fairwindsops/polaris/pkg/kube"
"github.com/qri-io/jsonschema"
"github.com/sirupsen/logrus"
appsv1 "k8s.io/api/apps/v1"
autoscalingv1 "k8s.io/api/autoscaling/v1"
policyv1 "k8s.io/api/policy/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/intstr"
)
func init() {
registerCustomChecks("pdbMinAvailableGreaterThanHPAMaxReplicas", pdbMinAvailableGreaterThanHPAMaxReplicas)
}
func pdbMinAvailableGreaterThanHPAMaxReplicas(test schemaTestCase) (bool, []jsonschema.ValError, error) {
if test.ResourceProvider == nil {
logrus.Debug("ResourceProvider is nil")
return true, nil, nil
}
deployment := &appsv1.Deployment{}
err := runtime.DefaultUnstructuredConverter.FromUnstructured(test.Resource.Resource.Object, deployment)
if err != nil {
logrus.Warnf("error converting unstructured to Deployment: %v", err)
return true, nil, nil
}
attachedPDB, err := hasPDBAttached(*deployment, test.ResourceProvider.Resources["policy/PodDisruptionBudget"])
if err != nil {
logrus.Warnf("error getting PodDisruptionBudget: %v", err)
return true, nil, nil
}
attachedHPA, err := hasHPAAttached(*deployment, test.ResourceProvider.Resources["autoscaling/HorizontalPodAutoscaler"])
if err != nil {
logrus.Warnf("error getting HorizontalPodAutoscaler: %v", err)
return true, nil, nil
}
if attachedPDB != nil && attachedHPA != nil {
logrus.Debugf("both PDB and HPA are attached to deployment %s", deployment.Name)
pdbMinAvailable, isPercent, err := getIntOrPercentValueSafely(attachedPDB.Spec.MinAvailable)
if err != nil {
logrus.Warnf("error getting getIntOrPercentValueSafely: %v", err)
return true, nil, nil
}
if isPercent {
// if the value is a percentage, we need to calculate the actual value
if deployment.Spec.Replicas == nil {
logrus.Debug("deployment.Spec.Replicas is nil")
return true, nil, nil
}
pdbMinAvailable, err = intstr.GetScaledValueFromIntOrPercent(attachedPDB.Spec.MinAvailable, int(*deployment.Spec.Replicas), true)
if err != nil {
logrus.Warnf("error getting minAvailable value from PodDisruptionBudget: %v", err)
return true, nil, nil
}
}
if pdbMinAvailable > int(attachedHPA.Spec.MaxReplicas) {
return false, []jsonschema.ValError{
{
PropertyPath: "spec.minAvailable",
InvalidValue: pdbMinAvailable,
Message: fmt.Sprintf("The minAvailable value in the PodDisruptionBudget(%s) is %d, which is less than the maxReplicas value in the HorizontalPodAutoscaler(%s) (%d)", attachedPDB.Name, pdbMinAvailable, attachedHPA.Name, attachedHPA.Spec.MaxReplicas),
},
}, nil
}
}
return true, nil, nil
}
func hasPDBAttached(deployment appsv1.Deployment, pdbs []kube.GenericResource) (*policyv1.PodDisruptionBudget, error) {
for _, generic := range pdbs {
pdb := &policyv1.PodDisruptionBudget{}
err := runtime.DefaultUnstructuredConverter.FromUnstructured(generic.Resource.Object, pdb)
if err != nil {
return nil, fmt.Errorf("error converting unstructured to PodDisruptionBudget: %v", err)
}
if pdb.Spec.Selector == nil {
logrus.Debug("pdb.Spec.Selector is nil")
continue
}
if matchesPDBForDeployment(deployment.Spec.Template.Labels, pdb.Spec.Selector.MatchLabels) {
return pdb, nil
}
}
return nil, nil
}
// matchesPDBForDeployment checks if the labels of the deployment match the labels of the PDB
func matchesPDBForDeployment(deploymentLabels, pdbLabels map[string]string) bool {
for key, value := range pdbLabels {
if deploymentLabels[key] == value {
return true
}
}
return false
}
func hasHPAAttached(deployment appsv1.Deployment, hpas []kube.GenericResource) (*autoscalingv1.HorizontalPodAutoscaler, error) {
for _, generic := range hpas {
hpa := &autoscalingv1.HorizontalPodAutoscaler{}
err := runtime.DefaultUnstructuredConverter.FromUnstructured(generic.Resource.Object, hpa)
if err != nil {
return nil, fmt.Errorf("error converting unstructured to HorizontalPodAutoscaler: %v", err)
}
if hpa.Spec.ScaleTargetRef.Kind == "Deployment" && hpa.Spec.ScaleTargetRef.Name == deployment.Name {
return hpa, nil
}
}
return nil, nil
}
// getIntOrPercentValueSafely is a safer version of getIntOrPercentValue based on private function intstr.getIntOrPercentValueSafely
func getIntOrPercentValueSafely(intOrStr *intstr.IntOrString) (int, bool, error) {
switch intOrStr.Type {
case intstr.Int:
return intOrStr.IntValue(), false, nil
case intstr.String:
isPercent := false
s := intOrStr.StrVal
if strings.HasSuffix(s, "%") {
isPercent = true
s = strings.TrimSuffix(intOrStr.StrVal, "%")
} else {
return 0, false, fmt.Errorf("invalid type: string is not a percentage")
}
v, err := strconv.Atoi(s)
if err != nil {
return 0, false, fmt.Errorf("invalid value %q: %v", intOrStr.StrVal, err)
}
return int(v), isPercent, nil
}
return 0, false, fmt.Errorf("invalid type: neither int nor percentage")
}