fix: allow restricted labels in pod affinity/nodeSelector

[jwcesign]

Fixes #1596

Description

In general, we should not filter out the pending pods that could trigger the node scaling out by label key. If the pods can't be scheduled, it will be ignored in the scheduling simulation process:

karpenter/pkg/controllers/provisioning/scheduling/scheduler.go

Line 197 in 75fcd2a

func (s *Scheduler) Solve(ctx context.Context, pods []*corev1.Pod) Results {

So, let's remove the limitations of the restricted label. Also, I checked the git blame, the related PR is: aws/karpenter-provider-aws#2051

This PR, only tries to solve: Implemented support for GT and LT requirement operators in pods
It doesn't want to limit label key kubernetes.io/hostname, so let's cancel the limitations.

How was this change tested?

make e2etests

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jwcesign
Once this PR has been reviewed and has the lgtm label, please assign ellistarn for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @jwcesign. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[coveralls]

Pull Request Test Coverage Report for Build 10615581376

Details

• 16 of 16 (100.0%) changed or added relevant lines in 4 files are covered.
• No unchanged relevant lines lost coverage.
• Overall coverage increased (+0.1%) to 80.716%

---

Totals
Change from base Build 10606693127:	0.1%
Covered Lines:	8346
Relevant Lines:	10340

---

💛 - Coveralls

[jwcesign]

Please take a look:
cc @ellistarn @jonathan-innis @tzneal @bwagner5 @njtran

[sftim]

In the PR description, consider explaining why these changes are the right way to fix it.

[jwcesign]

In the PR description, consider explaining why these changes are the right way to fix it.

Thanks, I added

[njtran]

I'm not sure I understand this change. We're specifically allowing these sub-domains as an exception, understanding that some users use these labels. Are you saying all kops labels shouldn't be used?

[jwcesign]

For nodepool's requirements, I didn't see any reason to configure something like this.

[jwcesign]

It could be used as nodepool's labels, not requirements.

[jwcesign]

I check the logic, this function is used to check the nodepool's requirements.

[jwcesign]

cc @njtran