upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-05-28 04:04:39 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not log untolerated taint in pod status updates.

Browse source 
The taint toleration plugin records taint keys and values
from non-matching nodes. Taint keys and values may be
sensitive information in some environments.

Use a generic message, and show the info in logs instead.
This commit is contained in:
Abhijit Hoskeri 2025-10-20 17:49:29 -07:00
parent ffdfc17ebc
commit 08b1b1d5a4
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkg/scheduler/framework/plugins/tainttoleration/taint_toleration.go
View file

@ -115,8 +115,8 @@ func (pl *TaintToleration) Filter(ctx context.Context, state fwk.CycleState, pod
return nil
}
errReason := fmt.Sprintf("node(s) had untolerated taint {%s: %s}", taint.Key, taint.Value)
return fwk.NewStatus(fwk.UnschedulableAndUnresolvable, errReason)
klog.FromContext(ctx).V(4).Info("node had untolerated taints", "node", klog.KObj(node), "pod", klog.KObj(pod), "untoleratedTaint", taint)
return fwk.NewStatus(fwk.UnschedulableAndUnresolvable, "node(s) had untolerated taint(s)")
}
// preScoreState computed at PreScore and used at Score.

6
pkg/scheduler/framework/plugins/tainttoleration/taint_toleration_test.go
View file

@ -283,7 +283,7 @@ func TestTaintTolerationFilter(t *testing.T) {
pod: podWithTolerations("pod1", []v1.Toleration{}),
node: nodeWithTaints("nodeA", []v1.Taint{{Key: "dedicated", Value: "user1", Effect: "NoSchedule"}}),
wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable,
"node(s) had untolerated taint {dedicated: user1}"),
"node(s) had untolerated taint(s)"),
},
{
name: "A pod which can be scheduled on a dedicated node assigned to user1 with effect NoSchedule",
@ -295,7 +295,7 @@ func TestTaintTolerationFilter(t *testing.T) {
pod: podWithTolerations("pod1", []v1.Toleration{{Key: "dedicated", Operator: "Equal", Value: "user2", Effect: "NoSchedule"}}),
node: nodeWithTaints("nodeA", []v1.Taint{{Key: "dedicated", Value: "user1", Effect: "NoSchedule"}}),
wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable,
"node(s) had untolerated taint {dedicated: user1}"),
"node(s) had untolerated taint(s)"),
},
{
name: "A pod can be scheduled onto the node, with a toleration uses operator Exists that tolerates the taints on the node",
@ -319,7 +319,7 @@ func TestTaintTolerationFilter(t *testing.T) {
pod: podWithTolerations("pod1", []v1.Toleration{{Key: "foo", Operator: "Equal", Value: "bar", Effect: "PreferNoSchedule"}}),
node: nodeWithTaints("nodeA", []v1.Taint{{Key: "foo", Value: "bar", Effect: "NoSchedule"}}),
wantStatus: fwk.NewStatus(fwk.UnschedulableAndUnresolvable,
"node(s) had untolerated taint {foo: bar}"),
"node(s) had untolerated taint(s)"),
},
{
name: "The pod has a toleration that keys and values match the taint on the node, the effect of toleration is empty, " +