From 1e7c0a4b0c15c1fd1dbdccd587da42eb587f47a9 Mon Sep 17 00:00:00 2001 From: Ricky Pai Date: Mon, 14 Aug 2017 15:39:14 -0700 Subject: [PATCH] remove validation disallowing hostAlias with hostNetwork --- pkg/api/validation/validation.go | 11 ----------- pkg/api/validation/validation_test.go | 17 ++++++++++------- 2 files changed, 10 insertions(+), 18 deletions(-) diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index b160c0110c1..7283cfca522 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -2067,16 +2067,6 @@ func validateHostNetwork(hostNetwork bool, containers []api.Container, fldPath * return allErrors } -func validateHostNetworkNoHostAliases(hostNetwork bool, hostAliases []api.HostAlias, fldPath *field.Path) field.ErrorList { - allErrors := field.ErrorList{} - if hostNetwork { - if len(hostAliases) > 0 { - allErrors = append(allErrors, field.Forbidden(fldPath, "may not be set when `hostNetwork` is true")) - } - } - return allErrors -} - // validateImagePullSecrets checks to make sure the pull secrets are well // formed. Right now, we only expect name to be set (it's the only field). If // this ever changes and someone decides to set those fields, we'd like to @@ -2620,7 +2610,6 @@ func ValidatePodSecurityContext(securityContext *api.PodSecurityContext, spec *a if securityContext != nil { allErrs = append(allErrs, validateHostNetwork(securityContext.HostNetwork, spec.Containers, specPath.Child("containers"))...) - allErrs = append(allErrs, validateHostNetworkNoHostAliases(securityContext.HostNetwork, spec.HostAliases, specPath)...) if securityContext.FSGroup != nil { for _, msg := range validation.IsValidGroupID(*securityContext.FSGroup) { allErrs = append(allErrs, field.Invalid(fldPath.Child("fsGroup"), *(securityContext.FSGroup), msg)) diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index a849df8445f..5be6f56a061 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -3844,13 +3844,22 @@ func TestValidatePodSpec(t *testing.T) { RestartPolicy: api.RestartPolicyAlways, DNSPolicy: api.DNSClusterFirst, }, - { // Populate HostAliases with `foo.bar` hostnames . + { // Populate HostAliases with `foo.bar` hostnames. HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1.foo", "host2.bar"}}}, Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, RestartPolicy: api.RestartPolicyAlways, DNSPolicy: api.DNSClusterFirst, }, + { // Populate HostAliases with HostNetwork. + HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1.foo", "host2.bar"}}}, + Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, + SecurityContext: &api.PodSecurityContext{ + HostNetwork: true, + }, + RestartPolicy: api.RestartPolicyAlways, + DNSPolicy: api.DNSClusterFirst, + }, { // Populate PriorityClassName. Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}, @@ -3923,12 +3932,6 @@ func TestValidatePodSpec(t *testing.T) { RestartPolicy: api.RestartPolicyAlways, DNSPolicy: api.DNSClusterFirst, }, - "with hostNetwork and hostAliases": { - SecurityContext: &api.PodSecurityContext{ - HostNetwork: true, - }, - HostAliases: []api.HostAlias{{IP: "12.34.56.78", Hostnames: []string{"host1", "host2"}}}, - }, "with hostAliases with invalid IP": { SecurityContext: &api.PodSecurityContext{ HostNetwork: false,