scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 11:18:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add logic to check for new ephemeral containers on pod update and update secret cache if they exist.

Browse Source
This commit is contained in:
Cordelia Link
2025-01-17 02:49:36 +00:00
parent a38edf3a47
commit fca697aca0
2 changed files with 145 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/auth/authorizer/node/graph_populator.go
View File

@@ -94,7 +94,10 @@ func (g *graphPopulator) updatePod(oldObj, obj interface{}) {
return
}
if oldPod, ok := oldObj.(*corev1.Pod); ok && oldPod != nil {
// Ephemeral containers can add new secret or config map references to the pod.
hasNewEphemeralContainers := len(pod.Spec.EphemeralContainers) > len(oldPod.Spec.EphemeralContainers)
if (pod.Spec.NodeName == oldPod.Spec.NodeName) && (pod.UID == oldPod.UID) &&
!hasNewEphemeralContainers &&
resourceclaim.PodStatusEqual(oldPod.Status.ResourceClaimStatuses, pod.Status.ResourceClaimStatuses) {
// Node and uid are unchanged, all object references in the pod spec are immutable respectively unmodified (claim statuses).
klog.V(5).Infof("updatePod %s/%s, node unchanged", pod.Namespace, pod.Name)