mirror of https://github.com/k3s-io/k3s
7cd32aba17
Automatic merge from submit-queue (batch tested with PRs 44337, 45775, 45832, 45574, 45758) Tighten validation of mirror pod annotations Tightens validation for pods with a mirror pod annotation: 1. spec.nodeName must be set 2. makes the mirror pod annotation immutable 3. starts validating pod-specific annotations during pod status update None of these changes affect usage of the mirror pod annotation by kubelets, which only set it on pod creation (verified this is true back to 1.5.x) the second commit updates the pod validation tests to look for specific error messages (best reviewed ignoring whitespace changes) This is the validation portion of https://github.com/kubernetes/community/blob/master/contributors/design-proposals/kubelet-authorizer.md and https://github.com/kubernetes/features/issues/279 ```release-note Mirror pods must now indicate the nodeName they are bound to on creation. The mirror pod annotation is now treated as immutable and cannot be added to an existing pod, removed from a pod, or modified. ``` |
||
|---|---|---|
| .. | ||
| admission | ||
| auth | ||
| scheduler | ||