github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 19:56:01 +00:00
Code Issues Projects Releases Wiki Activity

Include pod UID in secret/configmap cache key

Browse Source
This commit is contained in:
Jordan Liggitt 2022-01-27 21:35:27 -05:00
parent 4dba52cdf4
commit 1d27942efc
2 changed files with 48 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
pkg/kubelet/util/manager/cache_based_manager.go
View File

@ -29,6 +29,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
"k8s.io/utils/clock" "k8s.io/utils/clock"
) )
@ -42,6 +43,7 @@ type GetObjectFunc func(string, string, metav1.GetOptions) (runtime.Object, erro
type objectKey struct { type objectKey struct {
namespace string namespace string
name string name string
uid types.UID
} }
// objectStoreItems is a single item stored in objectStore. // objectStoreItems is a single item stored in objectStore.
@ -226,7 +228,7 @@ func (c *cacheBasedManager) RegisterPod(pod *v1.Pod) {
c.objectStore.AddReference(pod.Namespace, name) c.objectStore.AddReference(pod.Namespace, name)
} }
var prev *v1.Pod var prev *v1.Pod
key := objectKey{namespace: pod.Namespace, name: pod.Name} key := objectKey{namespace: pod.Namespace, name: pod.Name, uid: pod.UID}
prev = c.registeredPods[key] prev = c.registeredPods[key]
c.registeredPods[key] = pod c.registeredPods[key] = pod
if prev != nil { if prev != nil {
@ -243,7 +245,7 @@ func (c *cacheBasedManager) RegisterPod(pod *v1.Pod) {
func (c *cacheBasedManager) UnregisterPod(pod *v1.Pod) { func (c *cacheBasedManager) UnregisterPod(pod *v1.Pod) {
var prev *v1.Pod var prev *v1.Pod
key := objectKey{namespace: pod.Namespace, name: pod.Name} key := objectKey{namespace: pod.Namespace, name: pod.Name, uid: pod.UID}
c.lock.Lock() c.lock.Lock()
defer c.lock.Unlock() defer c.lock.Unlock()
prev = c.registeredPods[key] prev = c.registeredPods[key]

46
pkg/kubelet/util/manager/cache_based_manager_test.go
View File

@ -30,6 +30,7 @@ import (
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
"k8s.io/apimachinery/pkg/util/sets" "k8s.io/apimachinery/pkg/util/sets"
clientset "k8s.io/client-go/kubernetes" clientset "k8s.io/client-go/kubernetes"
@ -335,10 +336,15 @@ type secretsToAttach struct {
} }
func podWithSecrets(ns, podName string, toAttach secretsToAttach) *v1.Pod { func podWithSecrets(ns, podName string, toAttach secretsToAttach) *v1.Pod {
return podWithSecretsAndUID(ns, podName, "", toAttach)
}
func podWithSecretsAndUID(ns, podName, podUID string, toAttach secretsToAttach) *v1.Pod {
pod := &v1.Pod{ pod := &v1.Pod{
ObjectMeta: metav1.ObjectMeta{ ObjectMeta: metav1.ObjectMeta{
Namespace: ns, Namespace: ns,
Name: podName, Name: podName,
UID: types.UID(podUID),
}, },
Spec: v1.PodSpec{}, Spec: v1.PodSpec{},
} }
@ -444,7 +450,7 @@ func TestRegisterIdempotence(t *testing.T) {
refs := func(ns, name string) int { refs := func(ns, name string) int {
store.lock.Lock() store.lock.Lock()
defer store.lock.Unlock() defer store.lock.Unlock()
item, ok := store.items[objectKey{ns, name}] item, ok := store.items[objectKey{namespace: ns, name: name}]
if !ok { if !ok {
return 0 return 0
} }
@ -531,7 +537,7 @@ func TestCacheRefcounts(t *testing.T) {
refs := func(ns, name string) int { refs := func(ns, name string) int {
store.lock.Lock() store.lock.Lock()
defer store.lock.Unlock() defer store.lock.Unlock()
item, ok := store.items[objectKey{ns, name}] item, ok := store.items[objectKey{namespace: ns, name: name}]
if !ok { if !ok {
return 0 return 0
} }
@ -549,6 +555,42 @@ func TestCacheRefcounts(t *testing.T) {
assert.Equal(t, 0, refs("ns1", "s60")) assert.Equal(t, 0, refs("ns1", "s60"))
assert.Equal(t, 1, refs("ns1", "s7")) assert.Equal(t, 1, refs("ns1", "s7"))
assert.Equal(t, 1, refs("ns1", "s70")) assert.Equal(t, 1, refs("ns1", "s70"))
// Check the interleaved registerpod/unregisterpod with identical names and different uids scenario
secret1 := secretsToAttach{
containerEnvSecrets: []envSecrets{
{envVarNames: []string{"secret1"}},
},
}
secret2 := secretsToAttach{
containerEnvSecrets: []envSecrets{
{envVarNames: []string{"secret2"}},
},
}
// precondition: no references
assert.Equal(t, 0, refs("nsinterleaved", "secret1"))
assert.Equal(t, 0, refs("nsinterleaved", "secret2"))
// add first pod that references secret1 only
manager.RegisterPod(podWithSecretsAndUID("nsinterleaved", "pod", "poduid1", secret1))
assert.Equal(t, 1, refs("nsinterleaved", "secret1"))
assert.Equal(t, 0, refs("nsinterleaved", "secret2"))
// add second pod that references secret2 only, retain references to secret1
manager.RegisterPod(podWithSecretsAndUID("nsinterleaved", "pod", "poduid2", secret2))
assert.Equal(t, 1, refs("nsinterleaved", "secret1"))
assert.Equal(t, 1, refs("nsinterleaved", "secret2"))
// remove first pod that references secret1, retain references to secret2
manager.UnregisterPod(podWithSecretsAndUID("nsinterleaved", "pod", "poduid1", secretsToAttach{}))
assert.Equal(t, 0, refs("nsinterleaved", "secret1"))
assert.Equal(t, 1, refs("nsinterleaved", "secret2"))
// remove second pod that references secret2
manager.UnregisterPod(podWithSecretsAndUID("nsinterleaved", "pod", "poduid2", secretsToAttach{}))
assert.Equal(t, 0, refs("nsinterleaved", "secret1"))
assert.Equal(t, 0, refs("nsinterleaved", "secret2"))
} }
func TestCacheBasedSecretManager(t *testing.T) { func TestCacheBasedSecretManager(t *testing.T) {