Merge pull request #137343 from gnufied/prevent-podscheduling-optin

Add API changes to prevent pod scheduling via CSIDriver object

Kubernetes-commit: d47f3f253bcd462a5bfe40625de09fb3a4bc5f2b
This commit is contained in:
Kubernetes Publisher
2026-03-11 03:53:17 +05:30
5 changed files with 64 additions and 6 deletions

View File

@@ -14643,6 +14643,9 @@ var schemaYAML = typed.YAMLObject(`types:
- name: podInfoOnMount
type:
scalar: boolean
- name: preventPodSchedulingIfMissing
type:
scalar: boolean
- name: requiresRepublish
type:
scalar: boolean
@@ -15052,6 +15055,9 @@ var schemaYAML = typed.YAMLObject(`types:
- name: podInfoOnMount
type:
scalar: boolean
- name: preventPodSchedulingIfMissing
type:
scalar: boolean
- name: requiresRepublish
type:
scalar: boolean

View File

@@ -178,6 +178,24 @@ type CSIDriverSpecApplyConfiguration struct {
//
// Default behavior if unset is to pass tokens in the VolumeContext field.
ServiceAccountTokenInSecrets *bool `json:"serviceAccountTokenInSecrets,omitempty"`
// PreventPodSchedulingIfMissing indicates that the CSI driver wants to prevent pod
// scheduling if the CSI driver on the node is missing.
//
// Enabling this option will prevent the scheduler (or any other
// component which embeds default scheduler such as cluster-autoscaler) from
// scheduling pods to nodes where CSI driver is not installed.
//
// For components(such as cluster-autoscaler) that embed the scheduler and run
// pod placement simulations using scheduler plugins, they MUST be aware of
// CSI driver registration information via CSINode object. They must create simulated
// CSINode objects in addition to Node objects during scheduling simulation, otherwise
// if PreventPodSchedulingIfMissing is enabled globally for CSIDriver object, any
// newly created node may be rejected by the scheduler because of missing CSI driver
// information from the node.
//
// This is an alpha feature and requires the VolumeLimitScaling feature gate to be enabled.
// Default is "false".
PreventPodSchedulingIfMissing *bool `json:"preventPodSchedulingIfMissing,omitempty"`
}
// CSIDriverSpecApplyConfiguration constructs a declarative configuration of the CSIDriverSpec type for use with
@@ -272,3 +290,11 @@ func (b *CSIDriverSpecApplyConfiguration) WithServiceAccountTokenInSecrets(value
b.ServiceAccountTokenInSecrets = &value
return b
}
// WithPreventPodSchedulingIfMissing sets the PreventPodSchedulingIfMissing field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PreventPodSchedulingIfMissing field is set to the value of the last call.
func (b *CSIDriverSpecApplyConfiguration) WithPreventPodSchedulingIfMissing(value bool) *CSIDriverSpecApplyConfiguration {
b.PreventPodSchedulingIfMissing = &value
return b
}

View File

@@ -178,6 +178,24 @@ type CSIDriverSpecApplyConfiguration struct {
//
// Default behavior if unset is to pass tokens in the VolumeContext field.
ServiceAccountTokenInSecrets *bool `json:"serviceAccountTokenInSecrets,omitempty"`
// PreventPodSchedulingIfMissing indicates that the CSI driver wants to prevent pod
// scheduling if the CSI driver on the node is missing.
//
// Enabling this option will prevent the scheduler (or any other
// component which embeds default scheduler such as cluster-autoscaler) from
// scheduling pods to nodes where CSI driver is not installed.
//
// For components(such as cluster-autoscaler) that embed the scheduler and run
// pod placement simulations using scheduler plugins, they MUST be aware of
// CSI driver registration information via CSINode object. They must create simulated
// CSINode objects in addition to Node objects during scheduling simulation, otherwise
// if PreventPodSchedulingIfMissing is enabled globally for CSIDriver object, any
// newly created node may be rejected by the scheduler because of missing CSI driver
// information from the node.
//
// This is an alpha feature and requires the VolumeLimitScaling feature gate to be enabled.
// Default is "false".
PreventPodSchedulingIfMissing *bool `json:"preventPodSchedulingIfMissing,omitempty"`
}
// CSIDriverSpecApplyConfiguration constructs a declarative configuration of the CSIDriverSpec type for use with
@@ -272,3 +290,11 @@ func (b *CSIDriverSpecApplyConfiguration) WithServiceAccountTokenInSecrets(value
b.ServiceAccountTokenInSecrets = &value
return b
}
// WithPreventPodSchedulingIfMissing sets the PreventPodSchedulingIfMissing field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the PreventPodSchedulingIfMissing field is set to the value of the last call.
func (b *CSIDriverSpecApplyConfiguration) WithPreventPodSchedulingIfMissing(value bool) *CSIDriverSpecApplyConfiguration {
b.PreventPodSchedulingIfMissing = &value
return b
}

4
go.mod
View File

@@ -23,8 +23,8 @@ require (
golang.org/x/time v0.14.0
google.golang.org/protobuf v1.36.12-0.20260120151049-f2248ac996af
gopkg.in/evanphx/json-patch.v4 v4.13.0
k8s.io/api v0.0.0-20260310163416-845a10f7ee1f
k8s.io/apimachinery v0.0.0-20260310163039-3c9213c5d2c9
k8s.io/api v0.0.0-20260311003419-7e7aaba0f94c
k8s.io/apimachinery v0.0.0-20260310203029-151736c55e2f
k8s.io/klog/v2 v2.140.0
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf
k8s.io/utils v0.0.0-20260210185600-b8788abfbbc2

8
go.sum
View File

@@ -123,10 +123,10 @@ gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.0.0-20260310163416-845a10f7ee1f h1:6ZwXRhY+tvxXA0JHrcB6oOtKlibNHPx+vgbruzVsCHc=
k8s.io/api v0.0.0-20260310163416-845a10f7ee1f/go.mod h1:TfTHpjGF8flX/sUPvyJ7bgFJKUpILQzWO2X/DQdWxeI=
k8s.io/apimachinery v0.0.0-20260310163039-3c9213c5d2c9 h1:xUiBV1J+n1E7D7DbWt2cCp5Up1xwLcqrloCYCUWQ+8U=
k8s.io/apimachinery v0.0.0-20260310163039-3c9213c5d2c9/go.mod h1:QbRChfKnvmh4Le8pGvybBym+p2oKR8lr/oN0Qi++0yw=
k8s.io/api v0.0.0-20260311003419-7e7aaba0f94c h1:euhULgmR60TG44qDhivj57aZaSmDJAJCyHc5/nh7ckE=
k8s.io/api v0.0.0-20260311003419-7e7aaba0f94c/go.mod h1:grp1gVK2eyANK18QI1Enha5fzt3E9vMER95428k+wuw=
k8s.io/apimachinery v0.0.0-20260310203029-151736c55e2f h1:feLfHQ1bSF9PVSCwqAisoG1n1Bo/KZbygWTm7yNdnm4=
k8s.io/apimachinery v0.0.0-20260310203029-151736c55e2f/go.mod h1:QbRChfKnvmh4Le8pGvybBym+p2oKR8lr/oN0Qi++0yw=
k8s.io/klog/v2 v2.140.0 h1:Tf+J3AH7xnUzZyVVXhTgGhEKnFqye14aadWv7bzXdzc=
k8s.io/klog/v2 v2.140.0/go.mod h1:o+/RWfJ6PwpnFn7OyAG3QnO47BFsymfEfrz6XyYSSp0=
k8s.io/kube-openapi v0.0.0-20260304202019-5b3e3fdb0acf h1:btPscg4cMql0XdYK2jLsJcNEKmACJz8l+U7geC06FiM=