Merge pull request #42642 from fraenkel/envfrom

Automatic merge from submit-queue

Invalid environment var names are reported and pod starts

When processing EnvFrom items, all invalid keys are collected and
reported as a single event.

The Pod is allowed to start.

fixes #42583
This commit is contained in:
Kubernetes Submit Queue
2017-03-10 17:37:31 -08:00
committed by GitHub
21 changed files with 73 additions and 35 deletions

View File

@@ -37832,7 +37832,7 @@
} }
}, },
"envFrom": { "envFrom": {
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "#/definitions/io.k8s.kubernetes.pkg.api.v1.EnvFromSource" "$ref": "#/definitions/io.k8s.kubernetes.pkg.api.v1.EnvFromSource"

View File

@@ -3602,7 +3602,7 @@
"items": { "items": {
"$ref": "v1.EnvFromSource" "$ref": "v1.EnvFromSource"
}, },
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."
}, },
"env": { "env": {
"type": "array", "type": "array",

View File

@@ -2385,7 +2385,7 @@
"items": { "items": {
"$ref": "v1.EnvFromSource" "$ref": "v1.EnvFromSource"
}, },
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."
}, },
"env": { "env": {
"type": "array", "type": "array",

View File

@@ -7849,7 +7849,7 @@
"items": { "items": {
"$ref": "v1.EnvFromSource" "$ref": "v1.EnvFromSource"
}, },
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."
}, },
"env": { "env": {
"type": "array", "type": "array",

View File

@@ -19214,7 +19214,7 @@
"items": { "items": {
"$ref": "v1.EnvFromSource" "$ref": "v1.EnvFromSource"
}, },
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated." "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated."
}, },
"env": { "env": {
"type": "array", "type": "array",

View File

@@ -5073,7 +5073,7 @@ Examples:<br>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
@@ -6256,7 +6256,7 @@ Examples:<br>
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2017-03-03 18:17:45 UTC Last updated 2017-03-09 15:30:09 UTC
</div> </div>
</div> </div>
</body> </body>

View File

@@ -1947,7 +1947,7 @@ span.icon > [class^="icon-"], span.icon > [class*=" icon-"] { cursor: default; }
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
@@ -5498,7 +5498,7 @@ Examples:<br>
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2017-03-03 18:18:12 UTC Last updated 2017-03-09 15:30:45 UTC
</div> </div>
</div> </div>
</body> </body>

View File

@@ -6083,7 +6083,7 @@ Both these may change in the future. Incoming requests are matched against the h
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
@@ -7903,7 +7903,7 @@ Both these may change in the future. Incoming requests are matched against the h
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2017-03-03 18:18:23 UTC Last updated 2017-03-09 15:31:01 UTC
</div> </div>
</div> </div>
</body> </body>

View File

@@ -6873,7 +6873,7 @@ Examples:<br>
</tr> </tr>
<tr> <tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">envFrom</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock">false</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td> <td class="tableblock halign-left valign-top"><p class="tableblock"><a href="#_v1_envfromsource">v1.EnvFromSource</a> array</p></td>
<td class="tableblock halign-left valign-top"></td> <td class="tableblock halign-left valign-top"></td>
@@ -9843,7 +9843,7 @@ Examples:<br>
</div> </div>
<div id="footer"> <div id="footer">
<div id="footer-text"> <div id="footer-text">
Last updated 2017-03-03 18:17:39 UTC Last updated 2017-03-09 15:30:02 UTC
</div> </div>
</div> </div>
</body> </body>

View File

@@ -9630,7 +9630,7 @@
} }
}, },
"envFrom": { "envFrom": {
"description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "description": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.",
"type": "array", "type": "array",
"items": { "items": {
"$ref": "#/definitions/io.k8s.kubernetes.pkg.api.v1.EnvFromSource" "$ref": "#/definitions/io.k8s.kubernetes.pkg.api.v1.EnvFromSource"

View File

@@ -1503,8 +1503,8 @@ type Container struct {
// +optional // +optional
Ports []ContainerPort Ports []ContainerPort
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -418,8 +418,8 @@ message Container {
repeated ContainerPort ports = 6; repeated ContainerPort ports = 6;
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -1636,8 +1636,8 @@ type Container struct {
// +optional // +optional
Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"` Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -238,7 +238,7 @@ var map_Container = map[string]string{
"args": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/containers#containers-and-commands", "args": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/containers#containers-and-commands",
"workingDir": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "workingDir": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.",
"ports": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", "ports": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.",
"envFrom": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "envFrom": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.",
"env": "List of environment variables to set in the container. Cannot be updated.", "env": "List of environment variables to set in the container. Cannot be updated.",
"resources": "Compute Resources required by this container. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/persistent-volumes#resources", "resources": "Compute Resources required by this container. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/persistent-volumes#resources",
"volumeMounts": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "volumeMounts": "Pod volumes to mount into the container's filesystem. Cannot be updated.",

View File

@@ -2551,7 +2551,7 @@ func GetOpenAPIDefinitions(ref openapi.ReferenceCallback) map[string]openapi.Ope
}, },
"envFrom": { "envFrom": {
SchemaProps: spec.SchemaProps{ SchemaProps: spec.SchemaProps{
Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", Description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.",
Type: []string{"array"}, Type: []string{"array"},
Items: &spec.SchemaOrArray{ Items: &spec.SchemaOrArray{
Schema: &spec.Schema{ Schema: &spec.Schema{

View File

@@ -432,15 +432,21 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
configMaps[name] = configMap configMaps[name] = configMap
} }
invalidKeys := []string{}
for k, v := range configMap.Data { for k, v := range configMap.Data {
if len(envFrom.Prefix) > 0 { if len(envFrom.Prefix) > 0 {
k = envFrom.Prefix + k k = envFrom.Prefix + k
} }
if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 { if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
return result, fmt.Errorf("Invalid environment variable name, %v, from configmap %v/%v: %s", k, pod.Namespace, name, errMsgs[0]) invalidKeys = append(invalidKeys, k)
continue
} }
tmpEnv[k] = v tmpEnv[k] = v
} }
if len(invalidKeys) > 0 {
sort.Strings(invalidKeys)
kl.recorder.Eventf(pod, v1.EventTypeWarning, "InvalidEnvironmentVariableNames", "Keys [%s] from the EnvFrom configMap %s/%s were skipped since they are considered invalid environment variable names.", strings.Join(invalidKeys, ", "), pod.Namespace, name)
}
case envFrom.SecretRef != nil: case envFrom.SecretRef != nil:
s := envFrom.SecretRef s := envFrom.SecretRef
name := s.Name name := s.Name
@@ -461,15 +467,21 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
secrets[name] = secret secrets[name] = secret
} }
invalidKeys := []string{}
for k, v := range secret.Data { for k, v := range secret.Data {
if len(envFrom.Prefix) > 0 { if len(envFrom.Prefix) > 0 {
k = envFrom.Prefix + k k = envFrom.Prefix + k
} }
if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 { if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
return result, fmt.Errorf("Invalid environment variable name, %v, from secret %v/%v: %s", k, pod.Namespace, name, errMsgs[0]) invalidKeys = append(invalidKeys, k)
continue
} }
tmpEnv[k] = string(v) tmpEnv[k] = string(v)
} }
if len(invalidKeys) > 0 {
sort.Strings(invalidKeys)
kl.recorder.Eventf(pod, v1.EventTypeWarning, "InvalidEnvironmentVariableNames", "Keys [%s] from the EnvFrom secret %s/%s were skipped since they are considered invalid environment variable names.", strings.Join(invalidKeys, ", "), pod.Namespace, name)
}
} }
} }

View File

@@ -32,6 +32,7 @@ import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
core "k8s.io/client-go/testing" core "k8s.io/client-go/testing"
"k8s.io/client-go/tools/record"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/api/v1"
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
@@ -307,6 +308,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
secret *v1.Secret // an optional Secret to pull from secret *v1.Secret // an optional Secret to pull from
expectedEnvs []kubecontainer.EnvVar // a set of expected environment vars expectedEnvs []kubecontainer.EnvVar // a set of expected environment vars
expectedError bool // does the test fail expectedError bool // does the test fail
expectedEvent string // does the test emit an event
}{ }{
{ {
name: "api server = Y, kubelet = Y", name: "api server = Y, kubelet = Y",
@@ -864,7 +866,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
{ {
name: "configmap_invalid_keys", name: "configmap_invalid_keys",
ns: "test1", ns: "test",
container: &v1.Container{ container: &v1.Container{
EnvFrom: []v1.EnvFromSource{ EnvFrom: []v1.EnvFromSource{
{ConfigMapRef: &v1.ConfigMapEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"}}}, {ConfigMapRef: &v1.ConfigMapEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"}}},
@@ -878,9 +880,17 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
Data: map[string]string{ Data: map[string]string{
"1234": "abc", "1234": "abc",
"1z": "abc",
"key": "value",
}, },
}, },
expectedError: true, expectedEnvs: []kubecontainer.EnvVar{
{
Name: "key",
Value: "value",
},
},
expectedEvent: "Warning InvalidEnvironmentVariableNames Keys [1234, 1z] from the EnvFrom configMap test/test-config-map were skipped since they are considered invalid environment variable names.",
}, },
{ {
name: "configmap_invalid_keys_valid", name: "configmap_invalid_keys_valid",
@@ -1031,7 +1041,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
{ {
name: "secret_invalid_keys", name: "secret_invalid_keys",
ns: "test1", ns: "test",
container: &v1.Container{ container: &v1.Container{
EnvFrom: []v1.EnvFromSource{ EnvFrom: []v1.EnvFromSource{
{SecretRef: &v1.SecretEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-secret"}}}, {SecretRef: &v1.SecretEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-secret"}}},
@@ -1045,9 +1055,17 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
Data: map[string][]byte{ Data: map[string][]byte{
"1234": []byte("abc"), "1234": []byte("abc"),
"1z": []byte("abc"),
"key": []byte("value"),
}, },
}, },
expectedError: true, expectedEnvs: []kubecontainer.EnvVar{
{
Name: "key",
Value: "value",
},
},
expectedEvent: "Warning InvalidEnvironmentVariableNames Keys [1234, 1z] from the EnvFrom secret test/test-secret were skipped since they are considered invalid environment variable names.",
}, },
{ {
name: "secret_invalid_keys_valid", name: "secret_invalid_keys_valid",
@@ -1080,7 +1098,9 @@ func TestMakeEnvironmentVariables(t *testing.T) {
} }
for _, tc := range testCases { for _, tc := range testCases {
fakeRecorder := record.NewFakeRecorder(1)
testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */)
testKubelet.kubelet.recorder = fakeRecorder
defer testKubelet.Cleanup() defer testKubelet.Cleanup()
kl := testKubelet.kubelet kl := testKubelet.kubelet
kl.masterServiceNamespace = tc.masterServiceNs kl.masterServiceNamespace = tc.masterServiceNs
@@ -1126,6 +1146,12 @@ func TestMakeEnvironmentVariables(t *testing.T) {
podIP := "1.2.3.4" podIP := "1.2.3.4"
result, err := kl.makeEnvironmentVariables(testPod, tc.container, podIP) result, err := kl.makeEnvironmentVariables(testPod, tc.container, podIP)
select {
case e := <-fakeRecorder.Events:
assert.Equal(t, tc.expectedEvent, e)
default:
assert.Equal(t, "", tc.expectedEvent)
}
if tc.expectedError { if tc.expectedError {
assert.Error(t, err, tc.name) assert.Error(t, err, tc.name)
} else { } else {

View File

@@ -1503,8 +1503,8 @@ type Container struct {
// +optional // +optional
Ports []ContainerPort Ports []ContainerPort
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -418,8 +418,8 @@ message Container {
repeated ContainerPort ports = 6; repeated ContainerPort ports = 6;
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -1636,8 +1636,8 @@ type Container struct {
// +optional // +optional
Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"` Ports []ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
// List of sources to populate environment variables in the container. // List of sources to populate environment variables in the container.
// The keys defined within a source must be a C_IDENTIFIER. An invalid key // The keys defined within a source must be a C_IDENTIFIER. All invalid keys
// will prevent the container from starting. When a key exists in multiple // will be reported as an event when the container is starting. When a key exists in multiple
// sources, the value associated with the last source will take precedence. // sources, the value associated with the last source will take precedence.
// Values defined by an Env with a duplicate key will take precedence. // Values defined by an Env with a duplicate key will take precedence.
// Cannot be updated. // Cannot be updated.

View File

@@ -238,7 +238,7 @@ var map_Container = map[string]string{
"args": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/containers#containers-and-commands", "args": "Arguments to the entrypoint. The docker image's CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container's environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/containers#containers-and-commands",
"workingDir": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.", "workingDir": "Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated.",
"ports": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.", "ports": "List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default \"0.0.0.0\" address inside a container will be accessible from the network. Cannot be updated.",
"envFrom": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. An invalid key will prevent the container from starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.", "envFrom": "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated.",
"env": "List of environment variables to set in the container. Cannot be updated.", "env": "List of environment variables to set in the container. Cannot be updated.",
"resources": "Compute Resources required by this container. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/persistent-volumes#resources", "resources": "Compute Resources required by this container. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/persistent-volumes#resources",
"volumeMounts": "Pod volumes to mount into the container's filesystem. Cannot be updated.", "volumeMounts": "Pod volumes to mount into the container's filesystem. Cannot be updated.",