github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #56971 from derekwaynecarr/limit-range-ignore-terminating-pods 

Automatic merge from submit-queue (batch tested with PRs 56971, 57570, 57830, 57742). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

LimitRange ignores objects previously marked for deletion

**What this PR does / why we need it**:
A `LimitRange` added to a namespace after it has pods can prevent terminating pods from being deleted if they do not conform to the min/max criteria.

xref https://bugzilla.redhat.com/show_bug.cgi?id=1509309

Fixes https://github.com/kubernetes/kubernetes/issues/57201

```release-note
NONE
```
pull/6/head
Kubernetes Submit Queue 2018-01-04 08:59:37 -08:00 committed by GitHub
parent d8680a3c43 1748b42b21
commit cb6b88ffc6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
plugin/pkg/admission/limitranger/admission.go
View File

@ -113,6 +113,18 @@ func (l *LimitRanger) runLimitFunc(a admission.Attributes, limitFn func(limitRan
}
}
// ignore all objects marked for deletion
oldObj := a.GetOldObject()
if oldObj != nil {
oldAccessor, err := meta.Accessor(oldObj)
if err != nil {
return admission.NewForbidden(a, err)
}
if oldAccessor.GetDeletionTimestamp() != nil {
return nil
}
}
items, err := l.GetLimitRanges(a)
if err != nil {
return err

9
plugin/pkg/admission/limitranger/admission_test.go
View File

@ -733,6 +733,15 @@ func TestLimitRangerAdmitPod(t *testing.T) {
if err != nil {
t.Errorf("Should have ignored calls to any subresource of pod %v", err)
}
// a pod that is undergoing termination should never be blocked
terminatingPod := validPod("terminatingPod", 1, api.ResourceRequirements{})
now := metav1.Now()
terminatingPod.DeletionTimestamp = &now
err = handler.Validate(admission.NewAttributesRecord(&terminatingPod, &terminatingPod, api.Kind("Pod").WithVersion("version"), limitRange.Namespace, "terminatingPod", api.Resource("pods").WithVersion("version"), "", admission.Update, nil))
if err != nil {
t.Errorf("LimitRange should ignore a pod marked for termination")
}
}
// newMockClientForTest creates a mock client that returns a client configured for the specified list of limit ranges