github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

storage validation: accept generic ephemeral volumes as volume device

Browse Source 
Raw block devices are possible with generic ephemeral volumes, so rejecting a
pod with that combination is wrong.
This commit is contained in:
Patrick Ohly
2021-10-14 18:01:09 +02:00
parent dea052ceba
commit a40d2eb18c
2 changed files with 34 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/apis/core/validation/validation.go
View File

@@ -416,9 +416,12 @@ func IsMatchedVolume(name string, volumes map[string]core.VolumeSource) bool {
return false
}
func isMatchedDevice(name string, volumes map[string]core.VolumeSource) (bool, bool) {
// isMatched checks whether the volume with the given name is used by a
// container and if so, if it involves a PVC.
func isMatchedDevice(name string, volumes map[string]core.VolumeSource) (isMatched bool, isPVC bool) {
if source, ok := volumes[name]; ok {
if source.PersistentVolumeClaim != nil {
if source.PersistentVolumeClaim != nil ||
source.Ephemeral != nil {
return true, true
}
return true, false
@@ -2609,9 +2612,9 @@ func ValidateVolumeDevices(devices []core.VolumeDevice, volmounts map[string]str
if devicename.Has(devName) {
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "must be unique"))
}
// Must be PersistentVolumeClaim volume source
// Must be based on PersistentVolumeClaim (PVC reference or generic ephemeral inline volume)
if didMatch && !isPVC {
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "can only use volume source type of PersistentVolumeClaim for block mode"))
allErrs = append(allErrs, field.Invalid(idxPath.Child("name"), devName, "can only use volume source type of PersistentVolumeClaim or Ephemeral for block mode"))
}
if !didMatch {
allErrs = append(allErrs, field.NotFound(idxPath.Child("name"), devName))