Skip to content

Commit

Permalink
Tighten validation on the qosClass field of pod status
Browse files Browse the repository at this point in the history
  • Loading branch information
@carlory
carlory committed Oct 30, 2024
1 parent 1af81c2 commit 348bb48
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkg/apis/core/validation/validation.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5373,6 +5373,11 @@ func ValidatePodStatusUpdate(newPod, oldPod *core.Pod, opts PodValidationOptions
}
}

// For backward compatibility, we allow the qosClass to be set to an empty string.
if newPod.Status.QOSClass != oldPod.Status.QOSClass && len(newPod.Status.QOSClass) > 0 {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("qosClass"), fmt.Sprintf("must be original value %q or empty string", oldPod.Status.QOSClass)))
}

// If pod should not restart, make sure the status update does not transition
// any terminated containers to a non-terminated state.
allErrs = append(allErrs, ValidateContainerStateTransition(newPod.Status.ContainerStatuses, oldPod.Status.ContainerStatuses, fldPath.Child("containerStatuses"), oldPod.Spec.RestartPolicy)...)
Expand Down
36 changes: 36 additions & 0 deletions pkg/apis/core/validation/validation_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14454,7 +14454,43 @@ func TestValidatePodStatusUpdate(t *testing.T) {
),
"",
"restartable init container can restart if RestartPolicyAlways",
}, {
*podtest.MakePod("foo",
podtest.SetStatus(core.PodStatus{
QOSClass: core.PodQOSBurstable,
}),
),
*podtest.MakePod("foo",
podtest.SetStatus(core.PodStatus{
QOSClass: core.PodQOSGuaranteed,
}),
),
"status.qosClass: Forbidden: must be original value \"Guaranteed\" or empty string",
"qosClass can not be changed",
}, {
*podtest.MakePod("foo"),
*podtest.MakePod("foo",
podtest.SetStatus(core.PodStatus{
QOSClass: core.PodQOSBurstable,
}),
),
"",
"qosClass can be dropped",
},
{
*podtest.MakePod("foo",
podtest.SetStatus(core.PodStatus{
QOSClass: core.PodQOSBurstable,
}),
),
*podtest.MakePod("foo",
podtest.SetStatus(core.PodStatus{
QOSClass: core.PodQOSBurstable,
}),
),
"",
"qosClass no change",
},
}

for _, test := range tests {
Expand Down

0 comments on commit 348bb48

Please sign in to comment.