pause localqueues with namespace annotations#11325
pause localqueues with namespace annotations#11325filariow wants to merge 2 commits intoredhat-appstudio:mainfrom
Conversation
Review Summary by QodoAdd namespace annotation support for LocalQueue pause control
WalkthroughsDescription• Add namespace annotation support to control LocalQueue pause state - New kueue.konflux-ci.dev/stop-policy annotation drives stopPolicy field - Annotation value hold sets stopPolicy: Hold, other values set stopPolicy: None • Expand test coverage with four new test scenarios - Tests for paused, unpaused, and dynamic state transitions - Tests for annotation addition and removal workflows • Update expected LocalQueue fixtures to include stopPolicy field Diagramflowchart LR
NS["Namespace with<br/>stop-policy annotation"]
POLICY["Kyverno ClusterPolicy<br/>with JMESPath context"]
LQ["Generated LocalQueue<br/>with stopPolicy field"]
NS -- "annotation value<br/>extracted" --> POLICY
POLICY -- "evaluates annotation<br/>to Hold or None" --> LQ
File Changes1. components/policies/development/kueue/queue-config/cluster-policy.yaml
|
Code Review by Qodo
|
Kustomize Render DiffComparing
Total: 3 components, +18 -3 lines 📋 Full diff available in the workflow summary and as a downloadable artifact. |
|
/hold The release of this change needs to go through the 3-phases rollout strategy described at https://github.com/redhat-appstudio/infra-deployments/tree/main/components/policies#deletion-of-generated-resources-not-acceptable. |
filariow
force-pushed
the
queue-config-exclusion-label
branch
from
0cce31c to
209cdf0
Compare
this change proposes to add support for a Namespace annotation to use to drive the value of the LocalQueue's `spec.stopPolicy` field. With this we can allow/disallow admission of Workloads at tenant namespace level. The release of this change needs to go through the 3-phases rollout strategy described at https://github.com/redhat-appstudio/infra-deployments/tree/main/components/policies\#deletion-of-generated-resources-not-acceptable Signed-off-by: Francesco Ilario <[email protected]> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
filariow
force-pushed
the
queue-config-exclusion-label
branch
from
209cdf0 to
6baa288
Compare
![qodo-code-review[bot]](https://avatars.githubusercontent.com/in/484649?s=60&v=4){kind=small}
| concurrent: false | ||
| namespace: kueue-queue-new | ||
| bindings: | ||
| - name: suffix | ||
| value: labeled | ||
| steps: |
There was a problem hiding this comment.
1. Flaky shared test namespace 🐞 Bug ☼ Reliability
Multiple Chainsaw Test documents reuse the same (spec.namespace, suffix) values, so they all create/update the same tenant Namespace and generated LocalQueue names. This makes the suite order-dependent and can lead to flaky CI (or false passes) if resources persist between tests or tests run in parallel at suite level.
Agent Prompt
### Issue description
Multiple `Test` documents in the same Chainsaw suite reuse the same `spec.namespace` and `bindings.suffix` values, causing them to act on the same generated Namespace/LocalQueue names. This can make the suite order-dependent and flaky.
### Issue Context
The namespace fixtures derive the created Namespace name from `(join('-', [$namespace, $suffix]))`. With the same `$namespace` (`kueue-queue-new`) and `$suffix` (`labeled`) across several tests, they collide.
### Fix Focus Areas
- components/policies/development/kueue/queue-config/.chainsaw-test/chainsaw-test.yaml[11-120]
- components/policies/development/kueue/queue-config/.chainsaw-test/chainsaw-test.yaml[115-251]
### Suggested fix
Assign a unique `suffix` value per `Test` document (e.g., `labeled-no-annotation`, `labeled-unpaused`, `labeled-paused-resumed`, `labeled-update-paused`, `labeled-paused`) so each test targets a distinct Namespace/LocalQueue. Keep the suffix consistent within a single test where you intentionally update the same Namespace across steps.
ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #11325 +/- ##
=======================================
Coverage 51.62% 51.62%
=======================================
Files 18 18
Lines 1263 1263
=======================================
Hits 652 652
Misses 539 539
Partials 72 72
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
worth mentioning this feature in the Kueue SOP as well. |
apply uses SSA, so it's not removing the annotation Signed-off-by: Francesco Ilario <[email protected]> rh-pre-commit.version: 2.3.2 rh-pre-commit.check-secrets: ENABLED
filariow
force-pushed
the
queue-config-exclusion-label
branch
from
a653269 to
73d7a8f
Compare
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: filariow, gbenhaim, sadlerap The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
3 participants
This PR proposes to add support for a Namespace annotation to use to drive the value of the LocalQueue's
spec.stopPolicyfield.With this we can allow/disallow admission of Workloads at tenant namespace level.
The release of this change needs to go through the 3-phases rollout strategy described at https://github.com/redhat-appstudio/infra-deployments/tree/main/components/policies\#deletion-of-generated-resources-not-acceptable
Signed-off-by: Francesco Ilario [email protected]