Last active
September 19, 2018 21:10
-
-
Save dsludwig/c845dff55227336aaaef0fc4241864bf to your computer and use it in GitHub Desktop.
Create resource quota and priority class
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
customPodHook: | | |
import sys | |
from kubernetes import client | |
from kubernetes.client.rest import ApiException | |
from kubespawner.clients import shared_client | |
from tornado import gen | |
@gen.coroutine | |
def modify_pod_hook(spawner, pod): | |
# Try and create the pc. If it succeeds we are good. If | |
# returns a 409 indicating it already exists we are good. If | |
# it returns a 403, indicating potential quota issue we need | |
# to see if pvc already exists before we decide to raise the | |
# error for quota being exceeded. This is because quota is | |
# checked before determining if the PVC needed to be | |
# created. | |
labels = spawner._build_common_labels({}) | |
labels.update({ | |
'component': 'singleuser-quota' | |
}) | |
annotations = spawner._build_common_annotations({}) | |
api = shared_client('SchedulingV1beta1Api') | |
# Everyone has the same integer priority (for now) | |
pc = client.V1beta1PriorityClass(value=0) | |
pc.metadata = client.V1ObjectMeta() | |
pc_name = spawner._expand_user_properties('priority-{username}{servername}') | |
pc.metadata.name = pc_name | |
pc.metadata.annotations = annotations | |
pc.metadata.labels = labels | |
pc.global_default = False | |
try: | |
yield spawner.asynchronize( | |
api.create_priority_class, | |
body=pc | |
) | |
except ApiException as e: | |
if e.status == 409: | |
spawner.log.info("PC " + spawner.pvc_name + " already exists, so did not create new pc.") | |
elif e.status == 403: | |
t, v, tb = sys.exc_info() | |
try: | |
yield spawner.asynchronize( | |
api.read_priority_class, | |
name=pc_name, | |
) | |
except ApiException as e: | |
raise v.with_traceback(tb) | |
spawner.log.info("PC " + pc_name + " already exists, possibly have reached quota though.") | |
else: | |
raise | |
resource_quota = client.V1ResourceQuota() | |
resource_quota.metadata = client.V1ObjectMeta() | |
rc_name = spawner._expand_user_properties('quota-{username}{servername}') | |
resource_quota.metadata.name = rc_name | |
resource_quota.metadata.annotations = annotations | |
resource_quota.metadata.labels = labels | |
resource_quota.spec = client.V1ResourceQuotaSpec() | |
resource_quota.spec.hard = { | |
"cpu": "20", | |
"memory": "100G", | |
} | |
resource_quota.spec.scope_selector = client.V1ScopeSelector() | |
resource_quota.spec.scope_selector.match_expressions = [ | |
client.V1ScopedResourceSelectorRequirement( | |
scope_name='PriorityClass', | |
operator='In', | |
values=[ | |
pc_name, | |
] | |
) | |
] | |
try: | |
yield spawner.asynchronize( | |
spawner.api.create_namespaced_resource_quota, | |
namespace=spawner.namespace, | |
body=resource_quota | |
) | |
except ApiException as e: | |
if e.status == 409: | |
spawner.log.info("Resource quota " + rc_name + " already exists, so did not create new resource quota.") | |
elif e.status == 403: | |
t, v, tb = sys.exc_info() | |
try: | |
yield spawner.asynchronize( | |
spawner.api.read_namespaced_resource_quota, | |
name=rc_name, | |
namespace=spawner.namespace, | |
) | |
except ApiException as e: | |
raise v.with_traceback(tb) | |
spawner.log.info("Resource quota " + rc_name + " already exists, possibly have reached quota though.") | |
else: | |
raise | |
pod.spec.priority_class_name = pc_name | |
return pod | |
c.KubeSpawner.modify_pod_hook = modify_pod_hook | |
c.KubeSpawner.image_spec = 'jupyterhub/k8s-singleuser-sample:0.7.0' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRole | |
metadata: | |
name: hub-priorityclass | |
rules: | |
- apiGroups: | |
- "scheduling.k8s.io" | |
resources: | |
- priorityclasses | |
verbs: | |
- get | |
- watch | |
- list | |
- create | |
- delete | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: Role | |
metadata: | |
name: hub-resourcequota | |
namespace: jhub | |
rules: | |
- apiGroups: | |
- "" | |
resources: | |
- resourcequotas | |
verbs: | |
- get | |
- watch | |
- list | |
- create | |
- delete | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: hub-resourcequota | |
namespace: jhub | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: Role | |
name: hub-resourcequota | |
subjects: | |
- kind: ServiceAccount | |
name: hub | |
namespace: jhub | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: ClusterRoleBinding | |
metadata: | |
name: hub-priorityclass | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: hub-priorityclass | |
subjects: | |
- kind: ServiceAccount | |
name: hub | |
namespace: jhub |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment