Merge pull request #95718 from SergeyKanzhelev/runtimeClass2

RuntimeClass GA
2025-09-27 21:26:03 +00:00 · 2020-11-12 00:44:51 -08:00
parent 9223413a77 06da0e5e74
commit 12d9183da0
88 changed files with 4377 additions and 305 deletions
--- a/pkg/api/pod/util.go
+++ b/pkg/api/pod/util.go
@@ -488,11 +488,6 @@ func dropDisabledFields(

 	dropDisabledFSGroupFields(podSpec, oldPodSpec)

-	if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) && !runtimeClassInUse(oldPodSpec) {
-		// Set RuntimeClassName to nil only if feature is disabled and it is not used
-		podSpec.RuntimeClassName = nil
-	}
-
 	if !utilfeature.DefaultFeatureGate.Enabled(features.PodOverhead) && !overheadInUse(oldPodSpec) {
 		// Set Overhead to nil only if the feature is disabled and it is not used
 		podSpec.Overhead = nil
@@ -618,17 +613,6 @@ func subpathInUse(podSpec *api.PodSpec) bool {
 	return inUse
 }

-// runtimeClassInUse returns true if the pod spec is non-nil and has a RuntimeClassName set
-func runtimeClassInUse(podSpec *api.PodSpec) bool {
-	if podSpec == nil {
-		return false
-	}
-	if podSpec.RuntimeClassName != nil {
-		return true
-	}
-	return false
-}
-
 // overheadInUse returns true if the pod spec is non-nil and has Overhead set
 func overheadInUse(podSpec *api.PodSpec) bool {
 	if podSpec == nil {
--- a/pkg/api/pod/util_test.go
+++ b/pkg/api/pod/util_test.go
@@ -717,95 +717,6 @@ func TestDropSubPath(t *testing.T) {
 	}
 }

-func TestDropRuntimeClass(t *testing.T) {
-	runtimeClassName := "some_container_engine"
-	podWithoutRuntimeClass := func() *api.Pod {
-		return &api.Pod{
-			Spec: api.PodSpec{
-				RuntimeClassName: nil,
-			},
-		}
-	}
-	podWithRuntimeClass := func() *api.Pod {
-		return &api.Pod{
-			Spec: api.PodSpec{
-				RuntimeClassName: &runtimeClassName,
-			},
-		}
-	}
-
-	podInfo := []struct {
-		description            string
-		hasPodRuntimeClassName bool
-		pod                    func() *api.Pod
-	}{
-		{
-			description:            "pod Without RuntimeClassName",
-			hasPodRuntimeClassName: false,
-			pod:                    podWithoutRuntimeClass,
-		},
-		{
-			description:            "pod With RuntimeClassName",
-			hasPodRuntimeClassName: true,
-			pod:                    podWithRuntimeClass,
-		},
-		{
-			description:            "is nil",
-			hasPodRuntimeClassName: false,
-			pod:                    func() *api.Pod { return nil },
-		},
-	}
-
-	for _, enabled := range []bool{true, false} {
-		for _, oldPodInfo := range podInfo {
-			for _, newPodInfo := range podInfo {
-				oldPodHasRuntimeClassName, oldPod := oldPodInfo.hasPodRuntimeClassName, oldPodInfo.pod()
-				newPodHasRuntimeClassName, newPod := newPodInfo.hasPodRuntimeClassName, newPodInfo.pod()
-				if newPod == nil {
-					continue
-				}
-
-				t.Run(fmt.Sprintf("feature enabled=%v, old pod %v, new pod %v", enabled, oldPodInfo.description, newPodInfo.description), func(t *testing.T) {
-					defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.RuntimeClass, enabled)()
-
-					var oldPodSpec *api.PodSpec
-					if oldPod != nil {
-						oldPodSpec = &oldPod.Spec
-					}
-					dropDisabledFields(&newPod.Spec, nil, oldPodSpec, nil)
-
-					// old pod should never be changed
-					if !reflect.DeepEqual(oldPod, oldPodInfo.pod()) {
-						t.Errorf("old pod changed: %v", diff.ObjectReflectDiff(oldPod, oldPodInfo.pod()))
-					}
-
-					switch {
-					case enabled || oldPodHasRuntimeClassName:
-						// new pod should not be changed if the feature is enabled, or if the old pod had RuntimeClass
-						if !reflect.DeepEqual(newPod, newPodInfo.pod()) {
-							t.Errorf("new pod changed: %v", diff.ObjectReflectDiff(newPod, newPodInfo.pod()))
-						}
-					case newPodHasRuntimeClassName:
-						// new pod should be changed
-						if reflect.DeepEqual(newPod, newPodInfo.pod()) {
-							t.Errorf("new pod was not changed")
-						}
-						// new pod should not have RuntimeClass
-						if !reflect.DeepEqual(newPod, podWithoutRuntimeClass()) {
-							t.Errorf("new pod had PodRuntimeClassName: %v", diff.ObjectReflectDiff(newPod, podWithoutRuntimeClass()))
-						}
-					default:
-						// new pod should not need to be changed
-						if !reflect.DeepEqual(newPod, newPodInfo.pod()) {
-							t.Errorf("new pod changed: %v", diff.ObjectReflectDiff(newPod, newPodInfo.pod()))
-						}
-					}
-				})
-			}
-		}
-	}
-}
-
 func TestDropProcMount(t *testing.T) {
 	procMount := api.UnmaskedProcMount
 	defaultProcMount := api.DefaultProcMount
--- a/pkg/api/podsecuritypolicy/BUILD
+++ b/pkg/api/podsecuritypolicy/BUILD
@@ -41,6 +41,5 @@ go_test(
        "//staging/src/k8s.io/apimachinery/pkg/util/diff:go_default_library",
        "//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
        "//staging/src/k8s.io/component-base/featuregate/testing:go_default_library",
-        "//vendor/github.com/stretchr/testify/assert:go_default_library",
    ],
 )
--- a/pkg/api/podsecuritypolicy/util.go
+++ b/pkg/api/podsecuritypolicy/util.go
@@ -38,10 +38,6 @@ func DropDisabledFields(pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec) {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.CSIInlineVolume) {
 		pspSpec.AllowedCSIDrivers = nil
 	}
-	if !utilfeature.DefaultFeatureGate.Enabled(features.RuntimeClass) &&
-		(oldPSPSpec == nil || oldPSPSpec.RuntimeClass == nil) {
-		pspSpec.RuntimeClass = nil
-	}
 }

 func allowedProcMountTypesInUse(oldPSPSpec *policy.PodSecurityPolicySpec) bool {
--- a/pkg/api/podsecuritypolicy/util_test.go
+++ b/pkg/api/podsecuritypolicy/util_test.go
@@ -21,8 +21,6 @@ import (
 	"reflect"
 	"testing"

-	"github.com/stretchr/testify/assert"
-
 	"k8s.io/apimachinery/pkg/util/diff"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	featuregatetesting "k8s.io/component-base/featuregate/testing"
@@ -278,55 +276,3 @@ func TestDropSysctls(t *testing.T) {
 		}
 	}
 }
-
-func TestDropRuntimeClass(t *testing.T) {
-	type testcase struct {
-		name                string
-		featureEnabled      bool
-		pspSpec, oldPSPSpec *policy.PodSecurityPolicySpec
-		expectRuntimeClass  bool
-	}
-	tests := []testcase{}
-	pspGenerator := func(withRuntimeClass bool) *policy.PodSecurityPolicySpec {
-		psp := &policy.PodSecurityPolicySpec{}
-		if withRuntimeClass {
-			psp.RuntimeClass = &policy.RuntimeClassStrategyOptions{
-				AllowedRuntimeClassNames: []string{policy.AllowAllRuntimeClassNames},
-			}
-		}
-		return psp
-	}
-	for _, enabled := range []bool{true, false} {
-		for _, hasRuntimeClass := range []bool{true, false} {
-			tests = append(tests, testcase{
-				name:               fmt.Sprintf("create feature:%t hasRC:%t", enabled, hasRuntimeClass),
-				featureEnabled:     enabled,
-				pspSpec:            pspGenerator(hasRuntimeClass),
-				expectRuntimeClass: enabled && hasRuntimeClass,
-			})
-			for _, hadRuntimeClass := range []bool{true, false} {
-				tests = append(tests, testcase{
-					name:               fmt.Sprintf("update feature:%t hasRC:%t hadRC:%t", enabled, hasRuntimeClass, hadRuntimeClass),
-					featureEnabled:     enabled,
-					pspSpec:            pspGenerator(hasRuntimeClass),
-					oldPSPSpec:         pspGenerator(hadRuntimeClass),
-					expectRuntimeClass: hasRuntimeClass && (enabled || hadRuntimeClass),
-				})
-			}
-		}
-	}
-
-	for _, test := range tests {
-		t.Run(test.name, func(t *testing.T) {
-			defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, features.RuntimeClass, test.featureEnabled)()
-
-			DropDisabledFields(test.pspSpec, test.oldPSPSpec)
-
-			if test.expectRuntimeClass {
-				assert.NotNil(t, test.pspSpec.RuntimeClass)
-			} else {
-				assert.Nil(t, test.pspSpec.RuntimeClass)
-			}
-		})
-	}
-}