Plumb old pod spec into DropDisabledFields methods

2018-12-17 12:49:29 -05:00 · 2018-12-17 12:49:29 -05:00 · e486d486b1
parent 49028df5f9
commit e486d486b1
11 changed files with 88 additions and 40 deletions
--- a/pkg/api/pod/util.go
+++ b/pkg/api/pod/util.go
@ -234,10 +234,14 @@ func UpdatePodCondition(status *api.PodStatus, condition *api.PodCondition) bool

 // DropDisabledFields removes disabled fields from the pod spec.
 // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a pod spec.
-func DropDisabledFields(podSpec *api.PodSpec) {
+func DropDisabledFields(podSpec, oldPodSpec *api.PodSpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.PodPriority) {
 		podSpec.Priority = nil
 		podSpec.PriorityClassName = ""
+		if oldPodSpec != nil {
+			oldPodSpec.Priority = nil
+			oldPodSpec.PriorityClassName = ""
+		}
 	}

 	if !utilfeature.DefaultFeatureGate.Enabled(features.LocalStorageCapacityIsolation) {
@ -246,22 +250,32 @@ func DropDisabledFields(podSpec *api.PodSpec) {
 				podSpec.Volumes[i].EmptyDir.SizeLimit = nil
 			}
 		}
+		if oldPodSpec != nil {
+			for i := range oldPodSpec.Volumes {
+				if oldPodSpec.Volumes[i].EmptyDir != nil {
+					oldPodSpec.Volumes[i].EmptyDir.SizeLimit = nil
+				}
+			}
+		}
 	}

-	DropDisabledVolumeDevicesAlphaFields(podSpec)
+	dropDisabledVolumeDevicesAlphaFields(podSpec, oldPodSpec)

-	DropDisabledRunAsGroupField(podSpec)
+	dropDisabledRunAsGroupField(podSpec, oldPodSpec)

-	if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) && podSpec.RuntimeClassName != nil {
+	if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) {
 		podSpec.RuntimeClassName = nil
+		if oldPodSpec != nil {
+			oldPodSpec.RuntimeClassName = nil
+		}
 	}

-	DropDisabledProcMountField(podSpec)
+	dropDisabledProcMountField(podSpec, oldPodSpec)
 }

-// DropDisabledRunAsGroupField removes disabled fields from PodSpec related
+// dropDisabledRunAsGroupField removes disabled fields from PodSpec related
 // to RunAsGroup
-func DropDisabledRunAsGroupField(podSpec *api.PodSpec) {
+func dropDisabledRunAsGroupField(podSpec, oldPodSpec *api.PodSpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) {
 		if podSpec.SecurityContext != nil {
 			podSpec.SecurityContext.RunAsGroup = nil
@ -276,12 +290,28 @@ func DropDisabledRunAsGroupField(podSpec *api.PodSpec) {
 				podSpec.InitContainers[i].SecurityContext.RunAsGroup = nil
 			}
 		}
+
+		if oldPodSpec != nil {
+			if oldPodSpec.SecurityContext != nil {
+				oldPodSpec.SecurityContext.RunAsGroup = nil
+			}
+			for i := range oldPodSpec.Containers {
+				if oldPodSpec.Containers[i].SecurityContext != nil {
+					oldPodSpec.Containers[i].SecurityContext.RunAsGroup = nil
+				}
+			}
+			for i := range oldPodSpec.InitContainers {
+				if oldPodSpec.InitContainers[i].SecurityContext != nil {
+					oldPodSpec.InitContainers[i].SecurityContext.RunAsGroup = nil
+				}
+			}
+		}
 	}
 }

-// DropDisabledProcMountField removes disabled fields from PodSpec related
+// dropDisabledProcMountField removes disabled fields from PodSpec related
 // to ProcMount
-func DropDisabledProcMountField(podSpec *api.PodSpec) {
+func dropDisabledProcMountField(podSpec, oldPodSpec *api.PodSpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.ProcMountType) {
 		defProcMount := api.DefaultProcMount
 		for i := range podSpec.Containers {
@ -294,12 +324,25 @@ func DropDisabledProcMountField(podSpec *api.PodSpec) {
 				podSpec.InitContainers[i].SecurityContext.ProcMount = &defProcMount
 			}
 		}
+
+		if oldPodSpec != nil {
+			for i := range oldPodSpec.Containers {
+				if oldPodSpec.Containers[i].SecurityContext != nil {
+					oldPodSpec.Containers[i].SecurityContext.ProcMount = &defProcMount
+				}
+			}
+			for i := range oldPodSpec.InitContainers {
+				if oldPodSpec.InitContainers[i].SecurityContext != nil {
+					oldPodSpec.InitContainers[i].SecurityContext.ProcMount = &defProcMount
+				}
+			}
+		}
 	}
 }

-// DropDisabledVolumeDevicesAlphaFields removes disabled fields from []VolumeDevice.
+// dropDisabledVolumeDevicesAlphaFields removes disabled fields from []VolumeDevice.
 // This should be called from PrepareForCreate/PrepareForUpdate for all resources containing a VolumeDevice
-func DropDisabledVolumeDevicesAlphaFields(podSpec *api.PodSpec) {
+func dropDisabledVolumeDevicesAlphaFields(podSpec, oldPodSpec *api.PodSpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.BlockVolume) {
 		for i := range podSpec.Containers {
 			podSpec.Containers[i].VolumeDevices = nil
@ -307,5 +350,14 @@ func DropDisabledVolumeDevicesAlphaFields(podSpec *api.PodSpec) {
 		for i := range podSpec.InitContainers {
 			podSpec.InitContainers[i].VolumeDevices = nil
 		}
+
+		if oldPodSpec != nil {
+			for i := range oldPodSpec.Containers {
+				oldPodSpec.Containers[i].VolumeDevices = nil
+			}
+			for i := range oldPodSpec.InitContainers {
+				oldPodSpec.InitContainers[i].VolumeDevices = nil
+			}
+		}
 	}
 }
--- a/pkg/api/pod/util_test.go
+++ b/pkg/api/pod/util_test.go
@ -307,7 +307,7 @@ func TestDropAlphaVolumeDevices(t *testing.T) {
 	defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, true)()

 	// now test dropping the fields - should not be dropped
-	DropDisabledFields(&testPod.Spec)
+	DropDisabledFields(&testPod.Spec, nil)

 	// check to make sure VolumeDevices is still present
 	// if featureset is set to true
@ -322,7 +322,7 @@ func TestDropAlphaVolumeDevices(t *testing.T) {
 	defer utilfeaturetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.BlockVolume, false)()

 	// now test dropping the fields
-	DropDisabledFields(&testPod.Spec)
+	DropDisabledFields(&testPod.Spec, nil)

 	// check to make sure VolumeDevices is nil
 	// if featureset is set to false
--- a/pkg/registry/apps/daemonset/strategy.go
+++ b/pkg/registry/apps/daemonset/strategy.go
@ -75,7 +75,7 @@ func (daemonSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Objec
 		daemonSet.Spec.TemplateGeneration = 1
 	}

-	pod.DropDisabledFields(&daemonSet.Spec.Template.Spec)
+	pod.DropDisabledFields(&daemonSet.Spec.Template.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -83,8 +83,7 @@ func (daemonSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.
 	newDaemonSet := obj.(*apps.DaemonSet)
 	oldDaemonSet := old.(*apps.DaemonSet)

-	pod.DropDisabledFields(&newDaemonSet.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldDaemonSet.Spec.Template.Spec)
+	pod.DropDisabledFields(&newDaemonSet.Spec.Template.Spec, &oldDaemonSet.Spec.Template.Spec)

 	// update is not allowed to set status
 	newDaemonSet.Status = oldDaemonSet.Status
--- a/pkg/registry/apps/deployment/strategy.go
+++ b/pkg/registry/apps/deployment/strategy.go
@ -73,7 +73,7 @@ func (deploymentStrategy) PrepareForCreate(ctx context.Context, obj runtime.Obje
 	deployment.Status = apps.DeploymentStatus{}
 	deployment.Generation = 1

-	pod.DropDisabledFields(&deployment.Spec.Template.Spec)
+	pod.DropDisabledFields(&deployment.Spec.Template.Spec, nil)
 }

 // Validate validates a new deployment.
@ -97,8 +97,7 @@ func (deploymentStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime
 	oldDeployment := old.(*apps.Deployment)
 	newDeployment.Status = oldDeployment.Status

-	pod.DropDisabledFields(&newDeployment.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldDeployment.Spec.Template.Spec)
+	pod.DropDisabledFields(&newDeployment.Spec.Template.Spec, &oldDeployment.Spec.Template.Spec)

 	// Spec updates bump the generation so that we can distinguish between
 	// scaling events and template changes, annotation updates bump the generation
--- a/pkg/registry/apps/replicaset/strategy.go
+++ b/pkg/registry/apps/replicaset/strategy.go
@ -80,7 +80,7 @@ func (rsStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {

 	rs.Generation = 1

-	pod.DropDisabledFields(&rs.Spec.Template.Spec)
+	pod.DropDisabledFields(&rs.Spec.Template.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -90,8 +90,7 @@ func (rsStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object)
 	// update is not allowed to set status
 	newRS.Status = oldRS.Status

-	pod.DropDisabledFields(&newRS.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldRS.Spec.Template.Spec)
+	pod.DropDisabledFields(&newRS.Spec.Template.Spec, &oldRS.Spec.Template.Spec)

 	// Any changes to the spec increment the generation number, any changes to the
 	// status should reflect the generation number of the corresponding object. We push
--- a/pkg/registry/apps/statefulset/strategy.go
+++ b/pkg/registry/apps/statefulset/strategy.go
@ -72,7 +72,7 @@ func (statefulSetStrategy) PrepareForCreate(ctx context.Context, obj runtime.Obj

 	statefulSet.Generation = 1

-	pod.DropDisabledFields(&statefulSet.Spec.Template.Spec)
+	pod.DropDisabledFields(&statefulSet.Spec.Template.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -82,8 +82,7 @@ func (statefulSetStrategy) PrepareForUpdate(ctx context.Context, obj, old runtim
 	// Update is not allowed to set status
 	newStatefulSet.Status = oldStatefulSet.Status

-	pod.DropDisabledFields(&newStatefulSet.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldStatefulSet.Spec.Template.Spec)
+	pod.DropDisabledFields(&newStatefulSet.Spec.Template.Spec, &oldStatefulSet.Spec.Template.Spec)

 	// Any changes to the spec increment the generation number, any changes to the
 	// status should reflect the generation number of the corresponding object.
--- a/pkg/registry/batch/cronjob/strategy.go
+++ b/pkg/registry/batch/cronjob/strategy.go
@ -68,7 +68,7 @@ func (cronJobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object)
 	cronJob := obj.(*batch.CronJob)
 	cronJob.Status = batch.CronJobStatus{}

-	pod.DropDisabledFields(&cronJob.Spec.JobTemplate.Spec.Template.Spec)
+	pod.DropDisabledFields(&cronJob.Spec.JobTemplate.Spec.Template.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -77,8 +77,7 @@ func (cronJobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Ob
 	oldCronJob := old.(*batch.CronJob)
 	newCronJob.Status = oldCronJob.Status

-	pod.DropDisabledFields(&newCronJob.Spec.JobTemplate.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldCronJob.Spec.JobTemplate.Spec.Template.Spec)
+	pod.DropDisabledFields(&newCronJob.Spec.JobTemplate.Spec.Template.Spec, &oldCronJob.Spec.JobTemplate.Spec.Template.Spec)
 }

 // Validate validates a new scheduled job.
--- a/pkg/registry/batch/job/strategy.go
+++ b/pkg/registry/batch/job/strategy.go
@ -80,7 +80,7 @@ func (jobStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 		job.Spec.TTLSecondsAfterFinished = nil
 	}

-	pod.DropDisabledFields(&job.Spec.Template.Spec)
+	pod.DropDisabledFields(&job.Spec.Template.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -94,8 +94,7 @@ func (jobStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object
 		oldJob.Spec.TTLSecondsAfterFinished = nil
 	}

-	pod.DropDisabledFields(&newJob.Spec.Template.Spec)
-	pod.DropDisabledFields(&oldJob.Spec.Template.Spec)
+	pod.DropDisabledFields(&newJob.Spec.Template.Spec, &oldJob.Spec.Template.Spec)
 }

 // Validate validates a new job.
--- a/pkg/registry/core/pod/strategy.go
+++ b/pkg/registry/core/pod/strategy.go
@ -73,7 +73,7 @@ func (podStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 		QOSClass: qos.GetPodQOS(pod),
 	}

-	podutil.DropDisabledFields(&pod.Spec)
+	podutil.DropDisabledFields(&pod.Spec, nil)
 }

 // PrepareForUpdate clears fields that are not allowed to be set by end users on update.
@ -82,8 +82,7 @@ func (podStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object
 	oldPod := old.(*api.Pod)
 	newPod.Status = oldPod.Status

-	podutil.DropDisabledFields(&newPod.Spec)
-	podutil.DropDisabledFields(&oldPod.Spec)
+	podutil.DropDisabledFields(&newPod.Spec, &oldPod.Spec)
 }

 // Validate validates a new pod.
--- a/pkg/registry/core/podtemplate/strategy.go
+++ b/pkg/registry/core/podtemplate/strategy.go
@ -47,7 +47,7 @@ func (podTemplateStrategy) NamespaceScoped() bool {
 func (podTemplateStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 	template := obj.(*api.PodTemplate)

-	pod.DropDisabledFields(&template.Template.Spec)
+	pod.DropDisabledFields(&template.Template.Spec, nil)
 }

 // Validate validates a new pod template.
@ -70,8 +70,7 @@ func (podTemplateStrategy) PrepareForUpdate(ctx context.Context, obj, old runtim
 	newTemplate := obj.(*api.PodTemplate)
 	oldTemplate := old.(*api.PodTemplate)

-	pod.DropDisabledFields(&newTemplate.Template.Spec)
-	pod.DropDisabledFields(&oldTemplate.Template.Spec)
+	pod.DropDisabledFields(&newTemplate.Template.Spec, &oldTemplate.Template.Spec)
 }

 // ValidateUpdate is the default update validation for an end user.
--- a/pkg/registry/core/replicationcontroller/strategy.go
+++ b/pkg/registry/core/replicationcontroller/strategy.go
@ -81,7 +81,7 @@ func (rcStrategy) PrepareForCreate(ctx context.Context, obj runtime.Object) {
 	controller.Generation = 1

 	if controller.Spec.Template != nil {
-		pod.DropDisabledFields(&controller.Spec.Template.Spec)
+		pod.DropDisabledFields(&controller.Spec.Template.Spec, nil)
 	}
 }

@ -92,12 +92,16 @@ func (rcStrategy) PrepareForUpdate(ctx context.Context, obj, old runtime.Object)
 	// update is not allowed to set status
 	newController.Status = oldController.Status

+	var newSpec, oldSpec *api.PodSpec
 	if oldController.Spec.Template != nil {
-		pod.DropDisabledFields(&oldController.Spec.Template.Spec)
+		oldSpec = &oldController.Spec.Template.Spec
 	}
 	if newController.Spec.Template != nil {
-		pod.DropDisabledFields(&newController.Spec.Template.Spec)
+		newSpec = &newController.Spec.Template.Spec
+	} else {
+		newSpec = &api.PodSpec{}
 	}
+	pod.DropDisabledFields(newSpec, oldSpec)

 	// Any changes to the spec increment the generation number, any changes to the
 	// status should reflect the generation number of the corresponding object. We push