upstream/kubernetes
1
0
Fork 0
mirror of https://github.com/kubernetes/kubernetes.git synced 2026-06-11 01:41:54 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix pod resize validation when adding non-resizable resources

Browse source
This commit is contained in:
Tim Allclair 2025-11-03 15:52:02 -08:00
parent 3ec72e2e97
commit 9b95eaf593
3 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
pkg/apis/core/validation/validation.go
View file

@ -6222,11 +6222,11 @@ func validatePodResizeContainerOrdering(newPod, oldPod *core.Pod, specPath *fiel
// dropCPUMemoryResourcesFromContainer deletes the cpu and memory resources from the container, and copies them from the old pod container resources if present.
func dropCPUMemoryResourcesFromContainer(container *core.Container, oldPodSpecContainer *core.Container) {
dropCPUMemoryUpdates := func(resourceList, oldResourceList core.ResourceList) core.ResourceList {
if oldResourceList == nil {
return nil
}
var mungedResourceList core.ResourceList
if resourceList == nil {
if oldResourceList == nil {
return nil
}
mungedResourceList = make(core.ResourceList)
} else {
mungedResourceList = resourceList.DeepCopy()

15
pkg/apis/core/validation/validation_test.go
View file

@ -28309,6 +28309,21 @@ func TestValidatePodResize(t *testing.T) {
old: mkPodWithInitContainers(getResources("100m", "0", "1Gi", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways, resizePolicy(core.ResourceMemory, core.RestartContainer)),
new: mkPodWithInitContainers(getResources("100m", "0", "2Gi", ""), core.ResourceList{}, core.ContainerRestartPolicyAlways, resizePolicy(core.ResourceMemory, core.NotRequired)),
err: "spec: Forbidden: only cpu and memory resources are mutable",
}, {
test: "invalid: adding non-resizable resources to a container without resources",
old: podtest.MakePod("pod", podtest.SetContainers(
podtest.MakeContainer("c1"),
)),
new: podtest.MakePod("pod", podtest.SetContainers(
podtest.MakeContainer("c1",
podtest.SetContainerResources(core.ResourceRequirements{
Requests: core.ResourceList{
core.ResourceEphemeralStorage: resource.MustParse("10Gi"),
},
}),
),
)),
err: "spec: Forbidden: only cpu and memory resources are mutable",
},
}

7
test/integration/pods/pods_test.go
View file

@ -869,6 +869,11 @@ func TestPodResizeRBAC(t *testing.T) {
{
Name: "fake-name",
Image: "fakeimage",
Resources: v1.ResourceRequirements{
Requests: v1.ResourceList{
v1.ResourceCPU: resource.MustParse("100m"),
},
},
},
},
},
@ -929,7 +934,7 @@ func TestPodResizeRBAC(t *testing.T) {
}
resp.Spec.Containers[0].Resources = v1.ResourceRequirements{
Requests: v1.ResourceList{
v1.ResourceEphemeralStorage: resource.MustParse("2Gi"),
v1.ResourceCPU: resource.MustParse("200m"),
},
}
_, err = saClient.CoreV1().Pods(ns.Name).UpdateResize(context.TODO(), resp.Name, resp, metav1.UpdateOptions{})