scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 19:28:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix prep and validation for pod subresource updates

Browse Source
This commit is contained in:
Natasha Sarkar
2025-02-19 17:54:53 +00:00
parent ef1c659569
commit f91105a77e
5 changed files with 244 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
pkg/apis/core/validation/validation.go
View File

@@ -5616,6 +5616,14 @@ func ValidatePodResize(newPod, oldPod *core.Pod, opts PodValidationOptions) fiel
allErrs = append(allErrs, field.Forbidden(specPath, "Pod running on node without support for resize"))
}
// The rest of the validation assumes that the containers are in the same order,
// so we proceed only if that assumption is true.
containerOrderErrs := validatePodResizeContainerOrdering(newPod, oldPod, specPath)
allErrs = append(allErrs, containerOrderErrs...)
if containerOrderErrs != nil {
return allErrs
}
// Do not allow removing resource requests/limits on resize.
if utilfeature.DefaultFeatureGate.Enabled(features.SidecarContainers) {
for ix, ctr := range oldPod.Spec.InitContainers {
@@ -5685,6 +5693,31 @@ func ValidatePodResize(newPod, oldPod *core.Pod, opts PodValidationOptions) fiel
return allErrs
}
// validatePodResizeContainerOrdering validates container ordering for a resize request.
// We do not allow adding, removing, re-ordering, or renaming containers on resize.
func validatePodResizeContainerOrdering(newPod, oldPod *core.Pod, specPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
if len(newPod.Spec.Containers) != len(oldPod.Spec.Containers) {
allErrs = append(allErrs, field.Forbidden(specPath.Child("containers"), "containers may not be added or removed on resize"))
} else {
for i, oldCtr := range oldPod.Spec.Containers {
if newPod.Spec.Containers[i].Name != oldCtr.Name {
allErrs = append(allErrs, field.Forbidden(specPath.Child("containers").Index(i).Child("name"), "containers may not be renamed or reordered on resize"))
}
}
}
if len(newPod.Spec.InitContainers) != len(oldPod.Spec.InitContainers) {
allErrs = append(allErrs, field.Forbidden(specPath.Child("initContainers"), "initContainers may not be added or removed on resize"))
} else {
for i, oldCtr := range oldPod.Spec.InitContainers {
if newPod.Spec.InitContainers[i].Name != oldCtr.Name {
allErrs = append(allErrs, field.Forbidden(specPath.Child("initContainers").Index(i).Child("name"), "initContainers may not be renamed or reordered on resize"))
}
}
}
return allErrs
}
// dropCPUMemoryResourcesFromContainer deletes the cpu and memory resources from the container, and copies them from the old pod container resources if present.
func dropCPUMemoryResourcesFromContainer(container *core.Container, oldPodSpecContainer *core.Container) {
dropCPUMemoryUpdates := func(resourceList, oldResourceList core.ResourceList) core.ResourceList {