Merge branch 'pr/workspace-resources-only'

Author: noeljackson

controllers/sandbox_controller.go

@@ -423,6 +423,9 @@ func (r *SandboxReconciler) reconcilePod(ctx context.Context, sandbox *sandboxv1
 		if pod.Labels == nil {
 			pod.Labels = make(map[string]string)
 		}
+		if pod.Annotations == nil {
+			pod.Annotations = make(map[string]string)
+		}
 		changed := false
 		if pod.Labels[sandboxLabel] != nameHash {
 			pod.Labels[sandboxLabel] = nameHash
@@ -435,6 +438,12 @@ func (r *SandboxReconciler) reconcilePod(ctx context.Context, sandbox *sandboxv1
 				changed = true
 			}
 		}
+		for k, v := range sandbox.Spec.PodTemplate.ObjectMeta.Annotations {
+			if pod.Annotations[k] != v {
+				pod.Annotations[k] = v
+				changed = true
+			}
+		}
 
 		// Set controller reference if the pod is not controlled by anything.
 		if controllerRef := metav1.GetControllerOf(pod); controllerRef == nil {

controllers/sandbox_controller_test.go

@@ -614,6 +614,9 @@ func TestReconcilePod(t *testing.T) {
 						"agents.x-k8s.io/sandbox-name-hash": nameHash,
 						"custom-label":                      "label-val",
 					},
+					Annotations: map[string]string{
+						"custom-annotation": "anno-val",
+					},
 					OwnerReferences: []metav1.OwnerReference{sandboxControllerRef(sandboxName)},
 				},
 				Spec: corev1.PodSpec{
@@ -686,7 +689,7 @@ func TestReconcilePod(t *testing.T) {
 			wantPod: nil,
 		},
 		{
-			name: "adopts existing pod via annotation - pod gets label and owner reference",
+			name: "adopts existing pod via annotation - pod gets metadata and owner reference",
 			initialObjs: []runtime.Object{
 				&corev1.Pod{
 					ObjectMeta: metav1.ObjectMeta{
@@ -718,6 +721,9 @@ func TestReconcilePod(t *testing.T) {
 							Labels: map[string]string{
 								extensionsv1alpha1.SandboxIDLabel: "claim-uid-1",
 							},
+							Annotations: map[string]string{
+								"test-annotation": "true",
+							},
 						},
 						Spec: corev1.PodSpec{
 							Containers: []corev1.Container{
@@ -738,6 +744,9 @@ func TestReconcilePod(t *testing.T) {
 						sandboxLabel:                     nameHash,
 						extensionsv1alpha1.SandboxIDLabel: "claim-uid-1",
 					},
+					Annotations: map[string]string{
+						"test-annotation": "true",
+					},
 					OwnerReferences: []metav1.OwnerReference{sandboxControllerRef(sandboxName)},
 				},
 				Spec: corev1.PodSpec{
@@ -790,6 +799,9 @@ func TestReconcilePod(t *testing.T) {
 						"agents.x-k8s.io/sandbox-name-hash": nameHash,
 						"custom-label":                      "label-val",
 					},
+					Annotations: map[string]string{
+						"custom-annotation": "anno-val",
+					},
 					// Should still have the original controller reference
 					OwnerReferences: []metav1.OwnerReference{
 						{

extensions/api/v1alpha1/sandboxclaim_types.go

@@ -66,6 +66,21 @@ type SandboxTemplateRef struct {
 	Name string `json:"name,omitempty" protobuf:"bytes,1,name=name"`
 }
 
+// WorkspaceResources defines per-claim resource overrides for the workspace container.
+type WorkspaceResources struct {
+	// CPUMillicores is the desired CPU request/limit for the workspace container.
+	// +optional
+	CPUMillicores int32 `json:"cpuMillicores,omitempty"`
+
+	// MemoryMB is the desired memory request/limit for the workspace container.
+	// +optional
+	MemoryMB int32 `json:"memoryMB,omitempty"`
+
+	// DiskGB is the desired ephemeral-storage request/limit for the workspace container.
+	// +optional
+	DiskGB int32 `json:"diskGB,omitempty"`
+}
+
 // SandboxClaimSpec defines the desired state of Sandbox
 type SandboxClaimSpec struct {
 	// sandboxTemplateRef defines the name of the SandboxTemplate to be used for creating a Sandbox.
@@ -75,6 +90,10 @@ type SandboxClaimSpec struct {
 	// lifecycle defines when and how the SandboxClaim should be shut down.
 	// +optional
 	Lifecycle *Lifecycle `json:"lifecycle,omitempty"`
+
+	// WorkspaceResources overrides resource requests/limits for the workspace container at claim time.
+	// +optional
+	WorkspaceResources *WorkspaceResources `json:"workspaceResources,omitempty"`
 }
 
 // SandboxClaimStatus defines the observed state of Sandbox.

extensions/api/v1alpha1/zz_generated.deepcopy.go

@@ -26,6 +26,7 @@ import (
 	"k8s.io/apimachinery/pkg/api/equality"
 	k8errors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/api/meta"
+	"k8s.io/apimachinery/pkg/api/resource"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/client-go/tools/record"
@@ -347,8 +348,71 @@ func ensureClaimIdentityLabels(labels map[string]string, claim *extensionsv1alph
 	return labels
 }
 
+func applyWorkspaceResourceOverrides(container *corev1.Container, overrides *extensionsv1alpha1.WorkspaceResources) {
+	if overrides == nil {
+		return
+	}
+	if container.Resources.Requests == nil {
+		container.Resources.Requests = corev1.ResourceList{}
+	}
+	if container.Resources.Limits == nil {
+		container.Resources.Limits = corev1.ResourceList{}
+	}
+	if overrides.CPUMillicores > 0 {
+		qty := *resource.NewMilliQuantity(int64(overrides.CPUMillicores), resource.DecimalSI)
+		container.Resources.Requests[corev1.ResourceCPU] = qty
+		container.Resources.Limits[corev1.ResourceCPU] = qty
+	}
+	if overrides.MemoryMB > 0 {
+		qty := *resource.NewQuantity(int64(overrides.MemoryMB)*1024*1024, resource.BinarySI)
+		container.Resources.Requests[corev1.ResourceMemory] = qty
+		container.Resources.Limits[corev1.ResourceMemory] = qty
+	}
+	if overrides.DiskGB > 0 {
+		qty := *resource.NewQuantity(int64(overrides.DiskGB)*1024*1024*1024, resource.BinarySI)
+		container.Resources.Requests[corev1.ResourceEphemeralStorage] = qty
+		container.Resources.Limits[corev1.ResourceEphemeralStorage] = qty
+	}
+}
+
+func applyClaimWorkspaceResourcesToPodSpec(spec *corev1.PodSpec, claim *extensionsv1alpha1.SandboxClaim) {
+	if claim.Spec.WorkspaceResources == nil {
+		return
+	}
+	for i := range spec.Containers {
+		container := &spec.Containers[i]
+		if container.Name != "workspace" {
+			continue
+		}
+		applyWorkspaceResourceOverrides(container, claim.Spec.WorkspaceResources)
+	}
+}
+
+func mergeTemplatePodMetadata(target *v1alpha1.PodMetadata, template v1alpha1.PodMetadata) {
+	if len(template.Labels) > 0 {
+		if target.Labels == nil {
+			target.Labels = make(map[string]string, len(template.Labels))
+		}
+		for k, v := range template.Labels {
+			if _, exists := target.Labels[k]; !exists {
+				target.Labels[k] = v
+			}
+		}
+	}
+	if len(template.Annotations) > 0 {
+		if target.Annotations == nil {
+			target.Annotations = make(map[string]string, len(template.Annotations))
+		}
+		for k, v := range template.Annotations {
+			if _, exists := target.Annotations[k]; !exists {
+				target.Annotations[k] = v
+			}
+		}
+	}
+}
+
 // adoptSandboxFromCandidates picks the best candidate and transfers ownership to the claim.
-func (r *SandboxClaimReconciler) adoptSandboxFromCandidates(ctx context.Context, claim *extensionsv1alpha1.SandboxClaim, candidates []*v1alpha1.Sandbox) (*v1alpha1.Sandbox, error) {
+func (r *SandboxClaimReconciler) adoptSandboxFromCandidates(ctx context.Context, claim *extensionsv1alpha1.SandboxClaim, template *extensionsv1alpha1.SandboxTemplate, candidates []*v1alpha1.Sandbox) (*v1alpha1.Sandbox, error) {
 	log := log.FromContext(ctx)
 
 	// Sort: ready sandboxes first, then by creation time (oldest first)
@@ -410,9 +474,14 @@ func (r *SandboxClaimReconciler) adoptSandboxFromCandidates(ctx context.Context,
 			adopted.Annotations[asmetrics.TraceContextAnnotation] = tc
 		}
 
+		if template != nil {
+			mergeTemplatePodMetadata(&adopted.Spec.PodTemplate.ObjectMeta, template.Spec.PodTemplate.ObjectMeta)
+		}
+
 		// Propagate claim identity labels for discovery and NetworkPolicy targeting
 		adopted.Labels = ensureClaimIdentityLabels(adopted.Labels, claim)
 		adopted.Spec.PodTemplate.ObjectMeta.Labels = ensureClaimIdentityLabels(adopted.Spec.PodTemplate.ObjectMeta.Labels, claim)
+		applyClaimWorkspaceResourcesToPodSpec(&adopted.Spec.PodTemplate.Spec, claim)
 
 		// Update uses optimistic concurrency (resourceVersion) so concurrent
 		// claims racing to adopt the same sandbox will conflict and retry.
@@ -487,6 +556,7 @@ func (r *SandboxClaimReconciler) createSandbox(ctx context.Context, claim *exten
 	sandbox.Annotations[v1alpha1.SandboxTemplateRefAnnotation] = template.Name
 
 	template.Spec.PodTemplate.DeepCopyInto(&sandbox.Spec.PodTemplate)
+	applyClaimWorkspaceResourcesToPodSpec(&sandbox.Spec.PodTemplate.Spec, claim)
 	// TODO: this is a workaround, remove replica assignment related issue #202
 	replicas := int32(1)
 	sandbox.Spec.Replicas = &replicas
@@ -634,7 +704,12 @@ func (r *SandboxClaimReconciler) getOrCreateSandbox(ctx context.Context, claim *
 
 	// Try to adopt from warm pool
 	if len(adoptionCandidates) > 0 {
-		adopted, err := r.adoptSandboxFromCandidates(ctx, claim, adoptionCandidates)
+		var template *extensionsv1alpha1.SandboxTemplate
+		template, err := r.getTemplate(ctx, claim)
+		if err != nil && !k8errors.IsNotFound(err) {
+			return nil, err
+		}
+		adopted, err := r.adoptSandboxFromCandidates(ctx, claim, template, adoptionCandidates)
 		if err != nil {
 			return nil, err
 		}