Merge pull request #45958 from k82cn/k8s_45925
Automatic merge from submit-queue (batch tested with PRs 45346, 45903, 45958, 46042, 45975) Ignored mirror pods in PodPreset admission plugin **What this PR does / why we need it**: Ignored mirror pods in PodPreset admission plugin. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #45925 **Release note**: ```release-note Ignored mirror pods in PodPreset admission plugin. ```
This commit is contained in:
Kubernetes Submit Queue
@@ -102,6 +102,11 @@ func (c *podPresetPlugin) Admit(a admission.Attributes) error {
|
||||
if !ok {
|
||||
return errors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted")
|
||||
}
|
||||
|
||||
if _, isMirrorPod := pod.Annotations[api.MirrorPodAnnotationKey]; isMirrorPod {
|
||||
return nil
|
||||
}
|
||||
|
||||
list, err := c.lister.PodPresets(pod.GetNamespace()).List(labels.Everything())
|
||||
if err != nil {
|
||||
return fmt.Errorf("listing pod presets failed: %v", err)
|
||||
|
||||
@@ -556,6 +556,73 @@ func TestAdmit(t *testing.T) {
|
||||
}
|
||||
}
|
||||
|
||||
func TestAdmitMirrorPod(t *testing.T) {
|
||||
containerName := "container"
|
||||
|
||||
mirrorPod := &api.Pod{
|
||||
ObjectMeta: metav1.ObjectMeta{
|
||||
Name: "mypod",
|
||||
Namespace: "namespace",
|
||||
Labels: map[string]string{
|
||||
"security": "S2",
|
||||
},
|
||||
Annotations: map[string]string{api.MirrorPodAnnotationKey: "mirror"},
|
||||
},
|
||||
Spec: api.PodSpec{
|
||||
Containers: []api.Container{
|
||||
{
|
||||
Name: containerName,
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
pip := &settings.PodPreset{
|
||||
ObjectMeta: v1.ObjectMeta{
|
||||
Name: "hello",
|
||||
Namespace: "namespace",
|
||||
},
|
||||
Spec: settings.PodPresetSpec{
|
||||
Selector: v1.LabelSelector{
|
||||
MatchExpressions: []v1.LabelSelectorRequirement{
|
||||
{
|
||||
Key: "security",
|
||||
Operator: v1.LabelSelectorOpIn,
|
||||
Values: []string{"S2"},
|
||||
},
|
||||
},
|
||||
},
|
||||
Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}},
|
||||
Env: []api.EnvVar{{Name: "abcd", Value: "value"}, {Name: "ABC", Value: "value"}},
|
||||
EnvFrom: []api.EnvFromSource{
|
||||
{
|
||||
ConfigMapRef: &api.ConfigMapEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
{
|
||||
Prefix: "pre_",
|
||||
ConfigMapRef: &api.ConfigMapEnvSource{
|
||||
LocalObjectReference: api.LocalObjectReference{Name: "abc"},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
if err := admitPod(mirrorPod, pip); err != nil {
|
||||
t.Fatal(err)
|
||||
}
|
||||
|
||||
container := mirrorPod.Spec.Containers[0]
|
||||
if len(mirrorPod.Spec.Volumes) != 0 ||
|
||||
len(container.VolumeMounts) != 0 ||
|
||||
len(container.Env) != 0 ||
|
||||
len(container.EnvFrom) != 0 {
|
||||
t.Fatalf("mirror pod is updated by PodPreset admission:\n\tVolumes got %d, expected 0\n\tVolumeMounts go %d, expected 0\n\tEnv got, %d expected 0\n\tEnvFrom got %d, expected 0", len(mirrorPod.Spec.Volumes), len(container.VolumeMounts), len(container.Env), len(container.EnvFrom))
|
||||
}
|
||||
}
|
||||
|
||||
func admitPod(pod *api.Pod, pip *settings.PodPreset) error {
|
||||
informerFactory := informers.NewSharedInformerFactory(nil, controller.NoResyncPeriodFunc())
|
||||
store := informerFactory.Settings().InternalVersion().PodPresets().Informer().GetStore()
|
||||
|
||||
Reference in New Issue
Block a user