github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

API support for Windows host process containers

Browse Source 
Co-authored-by: James Sturtevant <jstur@microsoft.com>
This commit is contained in:
marosset
2021-02-26 12:26:01 -08:00
committed by James Sturtevant
parent ffed017b76
commit 93da0fd45d
76 changed files with 12828 additions and 12234 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pkg/api/pod/util.go
View File

@@ -401,6 +401,7 @@ func GetValidationOptionsFromPodSpecAndMeta(podSpec, oldPodSpec *api.PodSpec, po
AllowInvalidPodDeletionCost: !utilfeature.DefaultFeatureGate.Enabled(features.PodDeletionCost),
// Do not allow pod spec to use non-integer multiple of huge page unit size default
AllowIndivisibleHugePagesValues: false,
AllowWindowsHostProcessField: utilfeature.DefaultFeatureGate.Enabled(features.WindowsHostProcessContainers),
}
if oldPodSpec != nil {
@@ -415,6 +416,8 @@ func GetValidationOptionsFromPodSpecAndMeta(podSpec, oldPodSpec *api.PodSpec, po
return !opts.AllowDownwardAPIHugePages
})
}
// if old spec has Windows Host Process fields set, we must allow it
opts.AllowWindowsHostProcessField = opts.AllowWindowsHostProcessField || setsWindowsHostProcess(oldPodSpec)
// if old spec used non-integer multiple of huge page unit size, we must allow it
opts.AllowIndivisibleHugePagesValues = usesIndivisibleHugePagesValues(oldPodSpec)
@@ -944,3 +947,28 @@ func SeccompFieldForAnnotation(annotation string) *api.SeccompProfile {
// length or if the annotation has an unrecognized value
return nil
}
// setsWindowsHostProcess returns true if WindowsOptions.HostProcess is set (true or false)
// anywhere in the pod spec.
func setsWindowsHostProcess(podSpec *api.PodSpec) bool {
if podSpec == nil {
return false
}
// Check Pod's WindowsOptions.HostProcess
if podSpec.SecurityContext != nil && podSpec.SecurityContext.WindowsOptions != nil && podSpec.SecurityContext.WindowsOptions.HostProcess != nil {
return true
}
// Check WindowsOptions.HostProcess for each container
inUse := false
VisitContainers(podSpec, AllContainers, func(c *api.Container, containerType ContainerType) bool {
if c.SecurityContext != nil && c.SecurityContext.WindowsOptions != nil && c.SecurityContext.WindowsOptions.HostProcess != nil {
inUse = true
return false
}
return true
})
return inUse
}