mirror of
https://github.com/kubernetes/kubernetes.git
synced 2026-06-17 13:31:19 -04:00
8e9dc98405
The NodeRestriction admission plugin forbids the kubelet from mutating pod.status.ResourceClaimStatuses and pod.status.ExtendedResourceClaimStatus but not the sibling pod.status.NodeAllocatableResourceClaimStatuses field added for DRANodeAllocatableResources. The kubelet status manager already treats the field as not-kubelet-owned and preserves it across status syncs (see "kubelet: do not destroy nodeAllocatableResourceClaimStatuses"). Mirror that boundary in admission so a kubelet cannot stomp on a value the scheduler is responsible for. Use apiequality.Semantic.DeepEqual inline rather than introducing a third hand-rolled helper next to resourceClaimStatusesEqual and extendedResourceClaimStatusEqual: NodeAllocatableResourceClaimStatus.Resources is a map[ResourceName]resource.Quantity, and Semantic.DeepEqual already canonicalises resource.Quantity comparisons. DRANodeAllocatableResources is alpha and default-off, so this is future-proofing rather than a fix for an observed bug. Signed-off-by: Fagani Hajizada <fhajizada@nvidia.com> |
||
|---|---|---|
| .. | ||
| pkg | ||
| OWNERS | ||