diff --git a/plugin/pkg/admission/podtolerationrestriction/admission.go b/plugin/pkg/admission/podtolerationrestriction/admission.go index 12d7beb5a51..e672f99ff8f 100644 --- a/plugin/pkg/admission/podtolerationrestriction/admission.go +++ b/plugin/pkg/admission/podtolerationrestriction/admission.go @@ -132,8 +132,9 @@ func (p *podTolerationsPlugin) Admit(a admission.Attributes, o admission.ObjectI }, }) } - pod.Spec.Tolerations = finalTolerations - + // Final merge of tolerations irrespective of pod type, if the user while creating pods gives + // conflicting tolerations(with same key+effect), the existing ones should be overwritten by latest one + pod.Spec.Tolerations = tolerations.MergeTolerations(finalTolerations, []api.Toleration{}) return p.Validate(a, o) } func (p *podTolerationsPlugin) Validate(a admission.Attributes, o admission.ObjectInterfaces) error { diff --git a/plugin/pkg/admission/podtolerationrestriction/admission_test.go b/plugin/pkg/admission/podtolerationrestriction/admission_test.go index 7b7d9d88034..0b0849c9468 100644 --- a/plugin/pkg/admission/podtolerationrestriction/admission_test.go +++ b/plugin/pkg/admission/podtolerationrestriction/admission_test.go @@ -201,6 +201,18 @@ func TestPodAdmission(t *testing.T) { admit: true, testName: "added memoryPressure/DiskPressure for Burstable pod", }, + { + pod: bestEffortPod, + defaultClusterTolerations: []api.Toleration{}, + namespaceTolerations: []api.Toleration{}, + whitelist: []api.Toleration{}, + podTolerations: []api.Toleration{{Key: "testKey", Operator: "Equal", Value: "testValue", Effect: "NoSchedule", TolerationSeconds: nil}, {Key: "testKey", Operator: "Equal", Value: "testValue1", Effect: "NoSchedule", TolerationSeconds: nil}}, + mergedTolerations: []api.Toleration{ + {Key: "testKey", Operator: "Equal", Value: "testValue1", Effect: "NoSchedule", TolerationSeconds: nil}, + }, + admit: true, + testName: "Besteffort pod should overwrite for conflicting tolerations", + }, { pod: guaranteedPod, defaultClusterTolerations: []api.Toleration{},