diff --git a/pkg/kubelet/userns/userns_manager.go b/pkg/kubelet/userns/userns_manager.go index 56a9a8e8ade..2024c071715 100644 --- a/pkg/kubelet/userns/userns_manager.go +++ b/pkg/kubelet/userns/userns_manager.go @@ -55,10 +55,9 @@ type userNsPodsManager interface { } type UsernsManager struct { - used *allocator.AllocationBitmap - usedBy map[types.UID]uint32 // Map pod.UID to range used - removed int - numAllocated int + used *allocator.AllocationBitmap + usedBy map[types.UID]uint32 // Map pod.UID to range used + removed int off int len int @@ -216,16 +215,6 @@ func (m *UsernsManager) isSet(v uint32) bool { // The first return value is the first ID in the user namespace, the second returns // the length for the user namespace range. func (m *UsernsManager) allocateOne(pod types.UID) (firstID uint32, length uint32, err error) { - if m.numAllocated >= maxPods { - return 0, 0, fmt.Errorf("limit on count of pods with user namespaces exceeded (limit is %v, current pods with userns: %v)", maxPods, m.numAllocated) - } - m.numAllocated++ - defer func() { - if err != nil { - m.numAllocated-- - } - }() - firstZero, found, err := m.used.AllocateNext() if err != nil { return 0, 0, err @@ -265,15 +254,6 @@ func (m *UsernsManager) record(pod types.UID, from, length uint32) (err error) { if found && prevFrom == from { return nil } - if m.numAllocated >= maxPods { - return fmt.Errorf("limit on count of pods with user namespaces exceeded (limit is %v, current pods with userns: %v)", maxPods, m.numAllocated) - } - m.numAllocated++ - defer func() { - if err != nil { - m.numAllocated-- - } - }() klog.V(5).InfoS("new pod user namespace allocation", "podUID", pod) @@ -318,7 +298,6 @@ func (m *UsernsManager) releaseWithLock(pod types.UID) { delete(m.usedBy, pod) klog.V(5).InfoS("releasing pod user namespace allocation", "podUID", pod) - m.numAllocated-- m.removed++ _ = os.Remove(filepath.Join(m.kl.GetPodDir(pod), mappingsFile)) diff --git a/pkg/kubelet/userns/userns_manager_test.go b/pkg/kubelet/userns/userns_manager_test.go index 56cb17bda60..db325a2c1e5 100644 --- a/pkg/kubelet/userns/userns_manager_test.go +++ b/pkg/kubelet/userns/userns_manager_test.go @@ -378,42 +378,6 @@ func TestCleanupOrphanedPodUsernsAllocations(t *testing.T) { } } -func TestAllocateMaxPods(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)() - - testUserNsPodsManager := &testUserNsPodsManager{} - m, err := MakeUserNsManager(testUserNsPodsManager) - require.NoError(t, err) - - // The first maxPods allocations should succeed. - for i := 0; i < maxPods; i++ { - _, _, err = m.allocateOne(types.UID(fmt.Sprintf("%d", i))) - require.NoError(t, err) - } - - // The next allocation should fail, hitting maxPods. - _, _, err = m.allocateOne(types.UID(fmt.Sprintf("%d", maxPods+1))) - assert.Error(t, err) -} - -func TestRecordMaxPods(t *testing.T) { - defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)() - - testUserNsPodsManager := &testUserNsPodsManager{} - m, err := MakeUserNsManager(testUserNsPodsManager) - require.NoError(t, err) - - // The first maxPods allocations should succeed. - for i := 0; i < maxPods; i++ { - err = m.record(types.UID(fmt.Sprintf("%d", i)), uint32((i+1)*65536), 65536) - require.NoError(t, err) - } - - // The next allocation should fail, hitting maxPods. - err = m.record(types.UID(fmt.Sprintf("%d", maxPods+1)), uint32((maxPods+1)*65536), 65536) - assert.Error(t, err) -} - type failingUserNsPodsManager struct { testUserNsPodsManager }