github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Plumb old pod spec into DropDisabledFields methods

pull/564/head
Jordan Liggitt 2018-12-17 12:49:29 -05:00
parent 49028df5f9
commit e486d486b1
11 changed files with 88 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
pkg/api/pod/util.go
View File

@ -234,10 +234,14 @@ func UpdatePodCondition(status *api.PodStatus, condition *api.PodCondition) bool
// DropDisabledFields removes disabled fields from the pod spec. // DropDisabledFields removes disabled fields from the pod spec.
// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod spec. // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod spec.
func DropDisabledFields(podSpec *api.PodSpec) { func DropDisabledFields(podSpec, oldPodSpec *api.PodSpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) { if !utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) {
podSpec.Priority = nil podSpec.Priority = nil
podSpec.PriorityClassName = "" podSpec.PriorityClassName = ""
if oldPodSpec != nil {
oldPodSpec.Priority = nil
oldPodSpec.PriorityClassName = ""
}
} }
if !utilfeature.DefaultFeatureGate.Enabled(features.LocalStorageCapacityIsolation) { if !utilfeature.DefaultFeatureGate.Enabled(features.LocalStorageCapacityIsolation) {
@ -246,22 +250,32 @@ func DropDisabledFields(podSpec *api.PodSpec) {
podSpec.Volumes[i].EmptyDir.SizeLimit = nil podSpec.Volumes[i].EmptyDir.SizeLimit = nil
} }
} }
if oldPodSpec != nil {
for i := range oldPodSpec.Volumes {
if oldPodSpec.Volumes[i].EmptyDir != nil {
oldPodSpec.Volumes[i].EmptyDir.SizeLimit = nil
}
}
}
} }
DropDisabledVolumeDevicesAlphaFields(podSpec) dropDisabledVolumeDevicesAlphaFields(podSpec, oldPodSpec)
DropDisabledRunAsGroupField(podSpec) dropDisabledRunAsGroupField(podSpec, oldPodSpec)
if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) && podSpec.RuntimeClassName != nil { if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) {
podSpec.RuntimeClassName = nil podSpec.RuntimeClassName = nil
if oldPodSpec != nil {
oldPodSpec.RuntimeClassName = nil
}
} }
DropDisabledProcMountField(podSpec) dropDisabledProcMountField(podSpec, oldPodSpec)
} }
// DropDisabledRunAsGroupField removes disabled fields from PodSpec related // dropDisabledRunAsGroupField removes disabled fields from PodSpec related
// to RunAsGroup // to RunAsGroup
func DropDisabledRunAsGroupField(podSpec *api.PodSpec) { func dropDisabledRunAsGroupField(podSpec, oldPodSpec *api.PodSpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) { if !utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
if podSpec.SecurityContext != nil { if podSpec.SecurityContext != nil {
podSpec.SecurityContext.RunAsGroup = nil podSpec.SecurityContext.RunAsGroup = nil
@ -276,12 +290,28 @@ func DropDisabledRunAsGroupField(podSpec *api.PodSpec) {
podSpec.InitContainers[i].SecurityContext.RunAsGroup = nil podSpec.InitContainers[i].SecurityContext.RunAsGroup = nil
} }
} }
if oldPodSpec != nil {
if oldPodSpec.SecurityContext != nil {
oldPodSpec.SecurityContext.RunAsGroup = nil
}
for i := range oldPodSpec.Containers {
if oldPodSpec.Containers[i].SecurityContext != nil {
oldPodSpec.Containers[i].SecurityContext.RunAsGroup = nil
}
}
for i := range oldPodSpec.InitContainers {
if oldPodSpec.InitContainers[i].SecurityContext != nil {
oldPodSpec.InitContainers[i].SecurityContext.RunAsGroup = nil
}
}
}
} }
} }
// DropDisabledProcMountField removes disabled fields from PodSpec related // dropDisabledProcMountField removes disabled fields from PodSpec related
// to ProcMount // to ProcMount
func DropDisabledProcMountField(podSpec *api.PodSpec) { func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) { if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) {
defProcMount := api.DefaultProcMount defProcMount := api.DefaultProcMount
for i := range podSpec.Containers { for i := range podSpec.Containers {
@ -294,12 +324,25 @@ func DropDisabledProcMountField(podSpec *api.PodSpec) {
podSpec.InitContainers[i].SecurityContext.ProcMount = &defProcMount podSpec.InitContainers[i].SecurityContext.ProcMount = &defProcMount
} }
} }
if oldPodSpec != nil {
for i := range oldPodSpec.Containers {
if oldPodSpec.Containers[i].SecurityContext != nil {
oldPodSpec.Containers[i].SecurityContext.ProcMount = &defProcMount
}
}
for i := range oldPodSpec.InitContainers {
if oldPodSpec.InitContainers[i].SecurityContext != nil {
oldPodSpec.InitContainers[i].SecurityContext.ProcMount = &defProcMount
}
}
}
} }
} }
// DropDisabledVolumeDevicesAlphaFields removes disabled fields from []VolumeDevice. // dropDisabledVolumeDevicesAlphaFields removes disabled fields from []VolumeDevice.
// This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a VolumeDevice // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a VolumeDevice
func DropDisabledVolumeDevicesAlphaFields(podSpec *api.PodSpec) { func dropDisabledVolumeDevicesAlphaFields(podSpec, oldPodSpec *api.PodSpec) {
if !utilfeature.DefaultFeatureGate.Enabled(features.BlockVolume) { if !utilfeature.DefaultFeatureGate.Enabled(features.BlockVolume) {
for i := range podSpec.Containers { for i := range podSpec.Containers {
podSpec.Containers[i].VolumeDevices = nil podSpec.Containers[i].VolumeDevices = nil
@ -307,5 +350,14 @@ func DropDisabledVolumeDevicesAlphaFields(podSpec *api.PodSpec) {
for i := range podSpec.InitContainers { for i := range podSpec.InitContainers {
podSpec.InitContainers[i].VolumeDevices = nil podSpec.InitContainers[i].VolumeDevices = nil
} }
if oldPodSpec != nil {
for i := range oldPodSpec.Containers {
oldPodSpec.Containers[i].VolumeDevices = nil
}
for i := range oldPodSpec.InitContainers {
oldPodSpec.InitContainers[i].VolumeDevices = nil
}
}
} }
} }

4
pkg/api/pod/util_test.go
View File

@ -307,7 +307,7 @@ func TestDropAlphaVolumeDevices(t *testing.T) {
defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, true)() defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, true)()
// now test dropping the fields - should not be dropped // now test dropping the fields - should not be dropped
DropDisabledFields(&testPod.Spec) DropDisabledFields(&testPod.Spec, nil)
// check to make sure VolumeDevices is still present // check to make sure VolumeDevices is still present
// if featureset is set to true // if featureset is set to true
@ -322,7 +322,7 @@ func TestDropAlphaVolumeDevices(t *testing.T) {
defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, false)() defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, false)()
// now test dropping the fields // now test dropping the fields
DropDisabledFields(&testPod.Spec) DropDisabledFields(&testPod.Spec, nil)
// check to make sure VolumeDevices is nil // check to make sure VolumeDevices is nil
// if featureset is set to false // if featureset is set to false

5
pkg/registry/apps/daemonset/strategy.go
View File

@ -75,7 +75,7 @@ func (daemonSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Objec
daemonSet.Spec.TemplateGeneration = 1 daemonSet.Spec.TemplateGeneration = 1
} }
pod.DropDisabledFields(&daemonSet.Spec.Template.Spec) pod.DropDisabledFields(&daemonSet.Spec.Template.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -83,8 +83,7 @@ func (daemonSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.
newDaemonSet := obj.(*apps.DaemonSet) newDaemonSet := obj.(*apps.DaemonSet)
oldDaemonSet := old.(*apps.DaemonSet) oldDaemonSet := old.(*apps.DaemonSet)
pod.DropDisabledFields(&newDaemonSet.Spec.Template.Spec) pod.DropDisabledFields(&newDaemonSet.Spec.Template.Spec, &oldDaemonSet.Spec.Template.Spec)
pod.DropDisabledFields(&oldDaemonSet.Spec.Template.Spec)
// update is not allowed to set status // update is not allowed to set status
newDaemonSet.Status = oldDaemonSet.Status newDaemonSet.Status = oldDaemonSet.Status

5
pkg/registry/apps/deployment/strategy.go
View File

@ -73,7 +73,7 @@ func (deploymentStrategy) PrepareForCreate(ctx context.Context, obj runtime.Obje
deployment.Status = apps.DeploymentStatus{} deployment.Status = apps.DeploymentStatus{}
deployment.Generation = 1 deployment.Generation = 1
pod.DropDisabledFields(&deployment.Spec.Template.Spec) pod.DropDisabledFields(&deployment.Spec.Template.Spec, nil)
} }
// Validate validates a new deployment. // Validate validates a new deployment.
@ -97,8 +97,7 @@ func (deploymentStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime
oldDeployment := old.(*apps.Deployment) oldDeployment := old.(*apps.Deployment)
newDeployment.Status = oldDeployment.Status newDeployment.Status = oldDeployment.Status
pod.DropDisabledFields(&newDeployment.Spec.Template.Spec) pod.DropDisabledFields(&newDeployment.Spec.Template.Spec, &oldDeployment.Spec.Template.Spec)
pod.DropDisabledFields(&oldDeployment.Spec.Template.Spec)
// Spec updates bump the generation so that we can distinguish between // Spec updates bump the generation so that we can distinguish between
// scaling events and template changes, annotation updates bump the generation // scaling events and template changes, annotation updates bump the generation

5
pkg/registry/apps/replicaset/strategy.go
View File

@ -80,7 +80,7 @@ func (rsStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
rs.Generation = 1 rs.Generation = 1
pod.DropDisabledFields(&rs.Spec.Template.Spec) pod.DropDisabledFields(&rs.Spec.Template.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -90,8 +90,7 @@ func (rsStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object)
// update is not allowed to set status // update is not allowed to set status
newRS.Status = oldRS.Status newRS.Status = oldRS.Status
pod.DropDisabledFields(&newRS.Spec.Template.Spec) pod.DropDisabledFields(&newRS.Spec.Template.Spec, &oldRS.Spec.Template.Spec)
pod.DropDisabledFields(&oldRS.Spec.Template.Spec)
// Any changes to the spec increment the generation number, any changes to the // Any changes to the spec increment the generation number, any changes to the
// status should reflect the generation number of the corresponding object. We push // status should reflect the generation number of the corresponding object. We push

5
pkg/registry/apps/statefulset/strategy.go
View File

@ -72,7 +72,7 @@ func (statefulSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Obj
statefulSet.Generation = 1 statefulSet.Generation = 1
pod.DropDisabledFields(&statefulSet.Spec.Template.Spec) pod.DropDisabledFields(&statefulSet.Spec.Template.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -82,8 +82,7 @@ func (statefulSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtim
// Update is not allowed to set status // Update is not allowed to set status
newStatefulSet.Status = oldStatefulSet.Status newStatefulSet.Status = oldStatefulSet.Status
pod.DropDisabledFields(&newStatefulSet.Spec.Template.Spec) pod.DropDisabledFields(&newStatefulSet.Spec.Template.Spec, &oldStatefulSet.Spec.Template.Spec)
pod.DropDisabledFields(&oldStatefulSet.Spec.Template.Spec)
// Any changes to the spec increment the generation number, any changes to the // Any changes to the spec increment the generation number, any changes to the
// status should reflect the generation number of the corresponding object. // status should reflect the generation number of the corresponding object.

5
pkg/registry/batch/cronjob/strategy.go
View File

@ -68,7 +68,7 @@ func (cronJobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object)
cronJob := obj.(*batch.CronJob) cronJob := obj.(*batch.CronJob)
cronJob.Status = batch.CronJobStatus{} cronJob.Status = batch.CronJobStatus{}
pod.DropDisabledFields(&cronJob.Spec.JobTemplate.Spec.Template.Spec) pod.DropDisabledFields(&cronJob.Spec.JobTemplate.Spec.Template.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -77,8 +77,7 @@ func (cronJobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Ob
oldCronJob := old.(*batch.CronJob) oldCronJob := old.(*batch.CronJob)
newCronJob.Status = oldCronJob.Status newCronJob.Status = oldCronJob.Status
pod.DropDisabledFields(&newCronJob.Spec.JobTemplate.Spec.Template.Spec) pod.DropDisabledFields(&newCronJob.Spec.JobTemplate.Spec.Template.Spec, &oldCronJob.Spec.JobTemplate.Spec.Template.Spec)
pod.DropDisabledFields(&oldCronJob.Spec.JobTemplate.Spec.Template.Spec)
} }
// Validate validates a new scheduled job. // Validate validates a new scheduled job.

5
pkg/registry/batch/job/strategy.go
View File

@ -80,7 +80,7 @@ func (jobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
job.Spec.TTLSecondsAfterFinished = nil job.Spec.TTLSecondsAfterFinished = nil
} }
pod.DropDisabledFields(&job.Spec.Template.Spec) pod.DropDisabledFields(&job.Spec.Template.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -94,8 +94,7 @@ func (jobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object
oldJob.Spec.TTLSecondsAfterFinished = nil oldJob.Spec.TTLSecondsAfterFinished = nil
} }
pod.DropDisabledFields(&newJob.Spec.Template.Spec) pod.DropDisabledFields(&newJob.Spec.Template.Spec, &oldJob.Spec.Template.Spec)
pod.DropDisabledFields(&oldJob.Spec.Template.Spec)
} }
// Validate validates a new job. // Validate validates a new job.

5
pkg/registry/core/pod/strategy.go
View File

@ -73,7 +73,7 @@ func (podStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
QOSClass: qos.GetPodQOS(pod), QOSClass: qos.GetPodQOS(pod),
} }
podutil.DropDisabledFields(&pod.Spec) podutil.DropDisabledFields(&pod.Spec, nil)
} }
// PrepareForUpdate clears fields that are not allowed to be set by end users on update. // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -82,8 +82,7 @@ func (podStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object
oldPod := old.(*api.Pod) oldPod := old.(*api.Pod)
newPod.Status = oldPod.Status newPod.Status = oldPod.Status
podutil.DropDisabledFields(&newPod.Spec) podutil.DropDisabledFields(&newPod.Spec, &oldPod.Spec)
podutil.DropDisabledFields(&oldPod.Spec)
} }
// Validate validates a new pod. // Validate validates a new pod.

5
pkg/registry/core/podtemplate/strategy.go
View File

@ -47,7 +47,7 @@ func (podTemplateStrategy) NamespaceScoped() bool {
func (podTemplateStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) { func (podTemplateStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
template := obj.(*api.PodTemplate) template := obj.(*api.PodTemplate)
pod.DropDisabledFields(&template.Template.Spec) pod.DropDisabledFields(&template.Template.Spec, nil)
} }
// Validate validates a new pod template. // Validate validates a new pod template.
@ -70,8 +70,7 @@ func (podTemplateStrategy) PrepareForUpdate(ctx context.Context, obj, old runtim
newTemplate := obj.(*api.PodTemplate) newTemplate := obj.(*api.PodTemplate)
oldTemplate := old.(*api.PodTemplate) oldTemplate := old.(*api.PodTemplate)
pod.DropDisabledFields(&newTemplate.Template.Spec) pod.DropDisabledFields(&newTemplate.Template.Spec, &oldTemplate.Template.Spec)
pod.DropDisabledFields(&oldTemplate.Template.Spec)
} }
// ValidateUpdate is the default update validation for an end user. // ValidateUpdate is the default update validation for an end user.

10
pkg/registry/core/replicationcontroller/strategy.go
View File

@ -81,7 +81,7 @@ func (rcStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
controller.Generation = 1 controller.Generation = 1
if controller.Spec.Template != nil { if controller.Spec.Template != nil {
pod.DropDisabledFields(&controller.Spec.Template.Spec) pod.DropDisabledFields(&controller.Spec.Template.Spec, nil)
} }
} }
@ -92,12 +92,16 @@ func (rcStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object)
// update is not allowed to set status // update is not allowed to set status
newController.Status = oldController.Status newController.Status = oldController.Status
var newSpec, oldSpec *api.PodSpec
if oldController.Spec.Template != nil { if oldController.Spec.Template != nil {
pod.DropDisabledFields(&oldController.Spec.Template.Spec) oldSpec = &oldController.Spec.Template.Spec
} }
if newController.Spec.Template != nil { if newController.Spec.Template != nil {
pod.DropDisabledFields(&newController.Spec.Template.Spec) newSpec = &newController.Spec.Template.Spec
} else {
newSpec = &api.PodSpec{}
} }
pod.DropDisabledFields(newSpec, oldSpec)
// Any changes to the spec increment the generation number, any changes to the // Any changes to the spec increment the generation number, any changes to the
// status should reflect the generation number of the corresponding object. We push // status should reflect the generation number of the corresponding object. We push