From 9b95eaf593732dee4678667cc9eeeaa08f68c9b0 Mon Sep 17 00:00:00 2001 From: Tim Allclair Date: Mon, 3 Nov 2025 15:52:02 -0800 Subject: [PATCH] Fix pod resize validation when adding non-resizable resources --- pkg/apis/core/validation/validation.go | 6 +++--- pkg/apis/core/validation/validation_test.go | 15 +++++++++++++++ test/integration/pods/pods_test.go | 7 ++++++- 3 files changed, 24 insertions(+), 4 deletions(-) diff --git a/pkg/apis/core/validation/validation.go b/pkg/apis/core/validation/validation.go index e22f4f69999..a1e214e9da8 100644 --- a/pkg/apis/core/validation/validation.go +++ b/pkg/apis/core/validation/validation.go @@ -6222,11 +6222,11 @@ func validatePodResizeContainerOrdering(newPod, oldPod *core.Pod, specPath *fiel // dropCPUMemoryResourcesFromContainer deletes the cpu and memory resources from the container, and copies them from the old pod container resources if present. func dropCPUMemoryResourcesFromContainer(container *core.Container, oldPodSpecContainer *core.Container) { dropCPUMemoryUpdates := func(resourceList, oldResourceList core.ResourceList) core.ResourceList { - if oldResourceList == nil { - return nil - } var mungedResourceList core.ResourceList if resourceList == nil { + if oldResourceList == nil { + return nil + } mungedResourceList = make(core.ResourceList) } else { mungedResourceList = resourceList.DeepCopy() diff --git a/pkg/apis/core/validation/validation_test.go b/pkg/apis/core/validation/validation_test.go index 8558fe656e8..95996bc0916 100644 --- a/pkg/apis/core/validation/validation_test.go +++ b/pkg/apis/core/validation/validation_test.go @@ -28309,6 +28309,21 @@ func TestValidatePodResize(t *testing.T) { old: mkPodWithInitContainers(getResources("100m", "0", "1Gi", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways, resizePolicy(core.ResourceMemory, core.RestartContainer)), new: mkPodWithInitContainers(getResources("100m", "0", "2Gi", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways, resizePolicy(core.ResourceMemory, core.NotRequired)), err: "spec: Forbidden: only cpu and memory resources are mutable", + }, { + test: "invalid: adding non-resizable resources to a container without resources", + old: podtest.MakePod("pod", podtest.SetContainers( + podtest.MakeContainer("c1"), + )), + new: podtest.MakePod("pod", podtest.SetContainers( + podtest.MakeContainer("c1", + podtest.SetContainerResources(core.ResourceRequirements{ + Requests: core.ResourceList{ + core.ResourceEphemeralStorage: resource.MustParse("10Gi"), + }, + }), + ), + )), + err: "spec: Forbidden: only cpu and memory resources are mutable", }, } diff --git a/test/integration/pods/pods_test.go b/test/integration/pods/pods_test.go index 250d0320f0f..48456211d34 100644 --- a/test/integration/pods/pods_test.go +++ b/test/integration/pods/pods_test.go @@ -869,6 +869,11 @@ func TestPodResizeRBAC(t *testing.T) { { Name: "fake-name", Image: "fakeimage", + Resources: v1.ResourceRequirements{ + Requests: v1.ResourceList{ + v1.ResourceCPU: resource.MustParse("100m"), + }, + }, }, }, }, @@ -929,7 +934,7 @@ func TestPodResizeRBAC(t *testing.T) { } resp.Spec.Containers[0].Resources = v1.ResourceRequirements{ Requests: v1.ResourceList{ - v1.ResourceEphemeralStorage: resource.MustParse("2Gi"), + v1.ResourceCPU: resource.MustParse("200m"), }, } _, err = saClient.CoreV1().Pods(ns.Name).UpdateResize(context.TODO(), resp.Name, resp, metav1.UpdateOptions{})