github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Ignore changes to managed field in noderestriction 

The validation is failing because the managedfields are changed when the
object is updated. We don't have a good way to verify that the changes
are only the ones that are supposed to happen, so we'll just ignore them
for now.
pull/564/head
Antoine Pelisse 2019-03-06 13:48:38 -08:00
parent 47063891dd
commit 55f9eeed6c
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
plugin/pkg/admission/noderestriction/admission.go
View File

@ -309,6 +309,12 @@ func (c *nodePlugin) admitPVCStatus(nodeName string, a admission.Attributes) err
oldPVC.Status.Conditions = nil
newPVC.Status.Conditions = nil
// TODO(apelisse): We don't have a good mechanism to
// verify that only the things that should have changed
// have changed. Ignore it for now.
oldPVC.ObjectMeta.ManagedFields = nil
newPVC.ObjectMeta.ManagedFields = nil
// ensure no metadata changed. nodes should not be able to relabel, add finalizers/owners, etc
if !apiequality.Semantic.DeepEqual(oldPVC, newPVC) {
return admission.NewForbidden(a, fmt.Errorf("node %q is not allowed to update fields other than status.capacity and status.conditions: %v", nodeName, diff.ObjectReflectDiff(oldPVC, newPVC)))