Skip to content

feat(customquotas): add #1794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
CorentinPtrl wants to merge 11 commits into
base: main
Choose a base branch
from
Open

feat(customquotas): add #1794

CorentinPtrl wants to merge 11 commits into from

Conversation

@CorentinPtrl
Copy link
Contributor

@CorentinPtrl CorentinPtrl commented Dec 16, 2025
edited
Loading

This PR adds CustomQuota and ClusterCustomQuota from #1745 CRDs with their controllers to enforce quota limits based on values sourced from Kubernetes resources.
Quotas can be scoped using label selectors and dynamically resolved from objects like ConfigMap

Examples

apiVersion: capsule.clastix.io/v1beta2
kind: CustomQuota
metadata:
  name: custom-quota
  namespace: gas-build
spec:
  source:
    version: v1
    kind: ConfigMap
    path: .data.quantity
  scopeSelectors:
    - matchLabels:
        foo: bar
  limit: 1Gi
apiVersion: capsule.clastix.io/v1beta2
kind: ClusterCustomQuota
metadata:
  name: cluster-custom-quota
spec:
  source:
    version: v1
    kind: ConfigMap
    path: .data.quantity
  selectors:
    - matchLabels:
        capsule.clastix.io/tenant: gas
  scopeSelectors:
    - matchLabels:
        foo: bar
  limit: 1Gi

@CorentinPtrl
feat(customquotas): add
b828143 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl
fix(customquotas): lint
209af96 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl
feat(clustercustomquotas): add
9ebd73c 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl CorentinPtrl marked this pull request as ready for review December 19, 2025 23:41
Copilot AI review requested due to automatic review settings December 19, 2025 23:41
Copilot AI reviewed Dec 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR introduces custom quota enforcement capabilities by adding CustomQuota (namespaced) and ClusterCustomQuota (cluster-scoped) CRDs with their associated controllers and webhooks. These quotas dynamically source usage values from Kubernetes resources using JSONPath expressions and enforce limits based on label selectors.

Key Changes

  • Added new CRDs for CustomQuota and ClusterCustomQuota with status subresources to track usage, available, and claims
  • Implemented controllers to reconcile quota status based on matching resources in target namespaces
  • Implemented validating webhooks to enforce quota limits on resource create, update, and delete operations

Reviewed changes

Copilot reviewed 21 out of 21 changed files in this pull request and generated 20 comments.

Show a summary per file
File Description
api/v1beta2/customquota_types.go Defines the CustomQuota CRD structure with spec for limit, source, and scope selectors
api/v1beta2/customquota_status.go Defines status fields for tracking used, available quantities and claims list
api/v1beta2/clustercustomquota_types.go Extends CustomQuota spec with namespace selectors for cluster-scoped quotas
api/v1beta2/zz_generated.deepcopy.go Auto-generated deep copy methods for the new types
internal/controllers/customquotas/customquota_controller.go Controller that reconciles CustomQuota status by aggregating resource usage
internal/controllers/customquotas/clustercustomquota_controller.go Controller that reconciles ClusterCustomQuota status across multiple namespaces
internal/controllers/customquotas/utils.go Utility functions for extracting usage from resources and matching namespaces
internal/controllers/customquotas/manager.go Registers both quota controllers with the manager
internal/webhook/customquota/validation/customquota.go Validating webhook handlers that enforce quota limits on resource operations
internal/webhook/customquota/validation/utils.go Helper function to determine quota type from namespace presence
internal/webhook/route/customquotas.go Webhook route registration for custom quotas
cmd/main.go Integrates custom quota controllers and webhooks into the main application
charts/capsule/values.yaml Adds Helm values for configuring the custom quotas webhook
charts/capsule/values.schema.json JSON schema validation for the new webhook configuration
charts/capsule/templates/validatingwebhookconfiguration.yaml Webhook configuration for quota enforcement on all namespaced resources
charts/capsule/templates/crd-lifecycle/rbac.yaml Adds RBAC permissions for custom quota CRDs
charts/capsule/crds/capsule.clastix.io_customquotas.yaml CRD manifest for namespaced CustomQuota
charts/capsule/crds/capsule.clastix.io_clustercustomquotas.yaml CRD manifest for cluster-scoped ClusterCustomQuota
charts/capsule/README.md Documents the new webhook configuration options
e2e/customresource_quota_exceeded_test.go E2E tests verifying CustomQuota enforcement and resize scenarios
e2e/clustercustomresource_quota_exceeded_test.go E2E tests verifying ClusterCustomQuota enforcement across namespaces

@CorentinPtrl
fix(lint): gen manifests
9b748a4 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl
fix(customquotas): correct spelling and update copyright year
ce44141 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
Copilot AI review requested due to automatic review settings December 20, 2025 00:15
@CorentinPtrl
fix(lint): customquota validation
abfd383 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
Copilot AI reviewed Dec 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 21 out of 21 changed files in this pull request and generated 13 comments.

@CorentinPtrl
fix(customquotas): refactor claim handling
aa6babf 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl
fix(lint): crd customquotas kubebuilder
a94b698 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
Copilot AI review requested due to automatic review settings December 20, 2025 11:02
Copilot AI reviewed Dec 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 21 out of 21 changed files in this pull request and generated 24 comments.

@CorentinPtrl
fix(customquotas): improve usage handling, parsing
6ac4827 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl
fix(customquotas): simplify error logging
f936445 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
Copilot AI review requested due to automatic review settings December 20, 2025 12:45
Copilot AI reviewed Dec 20, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 21 out of 21 changed files in this pull request and generated 12 comments.

@CorentinPtrl
feat(customquotas): support non-default groups
2878647 
Signed-off-by: CorentinPtrl <pitrel.corentin@gmail.com>
@CorentinPtrl CorentinPtrl mentioned this pull request Dec 22, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CorentinPtrl