mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-08-01 07:47:56 +00:00
drop InPlacePodVerticalScaling support in windows
This commit is contained in:
Anish Shah
parent
e2bf630940
commit
207842d3e0
@ -5503,6 +5503,11 @@ func ValidatePodResize(newPod, oldPod *core.Pod, opts PodValidationOptions) fiel
|
|||||||
return field.ErrorList{field.Forbidden(field.NewPath(""), "static pods cannot be resized")}
|
return field.ErrorList{field.Forbidden(field.NewPath(""), "static pods cannot be resized")}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// windows pods are not supported.
|
||||||
|
if oldPod.Spec.OS != nil && oldPod.Spec.OS.Name == core.Windows {
|
||||||
|
return field.ErrorList{field.Forbidden(field.NewPath(""), "windows pods cannot be resized")}
|
||||||
|
}
|
||||||
|
|
||||||
// Part 2: Validate that the changes between oldPod.Spec.Containers[].Resources and
|
// Part 2: Validate that the changes between oldPod.Spec.Containers[].Resources and
|
||||||
// newPod.Spec.Containers[].Resources are allowed.
|
// newPod.Spec.Containers[].Resources are allowed.
|
||||||
specPath := field.NewPath("spec")
|
specPath := field.NewPath("spec")
|
||||||
|
|||||||
@ -25075,22 +25075,20 @@ func TestValidateSELinuxChangePolicy(t *testing.T) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func TestValidatePodResize(t *testing.T) {
|
func TestValidatePodResize(t *testing.T) {
|
||||||
mkPod := func(req, lim core.ResourceList, tweaks ...podtest.TweakContainer) *core.Pod {
|
mkPod := func(req, lim core.ResourceList, tweaks ...podtest.Tweak) *core.Pod {
|
||||||
return podtest.MakePod("pod",
|
return podtest.MakePod("pod", append(tweaks,
|
||||||
podtest.SetContainers(
|
podtest.SetContainers(
|
||||||
podtest.MakeContainer(
|
podtest.MakeContainer(
|
||||||
"container",
|
"container",
|
||||||
append(tweaks,
|
podtest.SetContainerResources(
|
||||||
podtest.SetContainerResources(
|
core.ResourceRequirements{
|
||||||
core.ResourceRequirements{
|
Requests: req,
|
||||||
Requests: req,
|
Limits: lim,
|
||||||
Limits: lim,
|
},
|
||||||
},
|
),
|
||||||
),
|
|
||||||
)...,
|
|
||||||
),
|
),
|
||||||
),
|
),
|
||||||
)
|
)...)
|
||||||
}
|
}
|
||||||
|
|
||||||
tests := []struct {
|
tests := []struct {
|
||||||
@ -25179,6 +25177,16 @@ func TestValidatePodResize(t *testing.T) {
|
|||||||
old: mkPod(getResources("100m", "100Mi", "", ""), getResources("200m", "200Mi", "", "")),
|
old: mkPod(getResources("100m", "100Mi", "", ""), getResources("200m", "200Mi", "", "")),
|
||||||
new: mkPod(core.ResourceList{}, core.ResourceList{}),
|
new: mkPod(core.ResourceList{}, core.ResourceList{}),
|
||||||
err: "Pod QOS Class may not change as a result of resizing",
|
err: "Pod QOS Class may not change as a result of resizing",
|
||||||
|
}, {
|
||||||
|
test: "windows pod, no resource change",
|
||||||
|
old: mkPod(core.ResourceList{}, getResources("100m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
|
||||||
|
new: mkPod(core.ResourceList{}, getResources("100m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
|
||||||
|
err: "Forbidden: windows pods cannot be resized",
|
||||||
|
}, {
|
||||||
|
test: "windows pod, resource change",
|
||||||
|
old: mkPod(core.ResourceList{}, getResources("100m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
|
||||||
|
new: mkPod(core.ResourceList{}, getResources("200m", "0", "1Gi", ""), podtest.SetOS(core.Windows)),
|
||||||
|
err: "Forbidden: windows pods cannot be resized",
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -243,10 +243,13 @@ var (
|
|||||||
topologymanager.ErrorTopologyAffinity,
|
topologymanager.ErrorTopologyAffinity,
|
||||||
nodeshutdown.NodeShutdownNotAdmittedReason,
|
nodeshutdown.NodeShutdownNotAdmittedReason,
|
||||||
)
|
)
|
||||||
|
|
||||||
|
// This is exposed for unit tests.
|
||||||
|
goos = sysruntime.GOOS
|
||||||
)
|
)
|
||||||
|
|
||||||
func getContainerEtcHostsPath() string {
|
func getContainerEtcHostsPath() string {
|
||||||
if sysruntime.GOOS == "windows" {
|
if goos == "windows" {
|
||||||
return windowsEtcHostsPath
|
return windowsEtcHostsPath
|
||||||
}
|
}
|
||||||
return linuxEtcHostsPath
|
return linuxEtcHostsPath
|
||||||
@ -940,7 +943,7 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
|||||||
opt(klet)
|
opt(klet)
|
||||||
}
|
}
|
||||||
|
|
||||||
if sysruntime.GOOS == "linux" {
|
if goos == "linux" {
|
||||||
// AppArmor is a Linux kernel security module and it does not support other operating systems.
|
// AppArmor is a Linux kernel security module and it does not support other operating systems.
|
||||||
klet.appArmorValidator = apparmor.NewValidator()
|
klet.appArmorValidator = apparmor.NewValidator()
|
||||||
klet.admitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
klet.admitHandlers.AddPodAdmitHandler(lifecycle.NewAppArmorAdmitHandler(klet.appArmorValidator))
|
||||||
@ -1564,7 +1567,7 @@ func (kl *Kubelet) initializeModules() error {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if sysruntime.GOOS == "windows" {
|
if goos == "windows" {
|
||||||
// On Windows we should not allow other users to read the logs directory
|
// On Windows we should not allow other users to read the logs directory
|
||||||
// to avoid allowing non-root containers from reading the logs of other containers.
|
// to avoid allowing non-root containers from reading the logs of other containers.
|
||||||
if err := utilfs.Chmod(ContainerLogsDir, 0750); err != nil {
|
if err := utilfs.Chmod(ContainerLogsDir, 0750); err != nil {
|
||||||
@ -2865,6 +2868,10 @@ func (kl *Kubelet) handlePodResourcesResize(pod *v1.Pod, podStatus *kubecontaine
|
|||||||
// Pod allocation does not need to be updated.
|
// Pod allocation does not need to be updated.
|
||||||
return allocatedPod, nil
|
return allocatedPod, nil
|
||||||
}
|
}
|
||||||
|
if goos == "windows" {
|
||||||
|
kl.statusManager.SetPodResizeStatus(pod.UID, v1.PodResizeStatusInfeasible)
|
||||||
|
return allocatedPod, nil
|
||||||
|
}
|
||||||
|
|
||||||
kl.podResizeMutex.Lock()
|
kl.podResizeMutex.Lock()
|
||||||
defer kl.podResizeMutex.Unlock()
|
defer kl.podResizeMutex.Unlock()
|
||||||
|
|||||||
@ -2676,6 +2676,7 @@ func TestHandlePodResourcesResize(t *testing.T) {
|
|||||||
newRequestsAllocated bool // Whether the new requests have already been allocated (but not actuated)
|
newRequestsAllocated bool // Whether the new requests have already been allocated (but not actuated)
|
||||||
expectedAllocations v1.ResourceList
|
expectedAllocations v1.ResourceList
|
||||||
expectedResize v1.PodResizeStatus
|
expectedResize v1.PodResizeStatus
|
||||||
|
goos string
|
||||||
}{
|
}{
|
||||||
{
|
{
|
||||||
name: "Request CPU and memory decrease - expect InProgress",
|
name: "Request CPU and memory decrease - expect InProgress",
|
||||||
@ -2741,10 +2742,23 @@ func TestHandlePodResourcesResize(t *testing.T) {
|
|||||||
expectedAllocations: v1.ResourceList{v1.ResourceCPU: cpu1000m, v1.ResourceMemory: mem1000M},
|
expectedAllocations: v1.ResourceList{v1.ResourceCPU: cpu1000m, v1.ResourceMemory: mem1000M},
|
||||||
expectedResize: "",
|
expectedResize: "",
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "windows node, expect Infeasible",
|
||||||
|
pod: testPod2,
|
||||||
|
newRequests: v1.ResourceList{v1.ResourceCPU: cpu500m, v1.ResourceMemory: mem500M},
|
||||||
|
expectedAllocations: v1.ResourceList{v1.ResourceCPU: cpu1000m, v1.ResourceMemory: mem1000M},
|
||||||
|
expectedResize: v1.PodResizeStatusInfeasible,
|
||||||
|
goos: "windows",
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
for _, tt := range tests {
|
for _, tt := range tests {
|
||||||
t.Run(tt.name, func(t *testing.T) {
|
t.Run(tt.name, func(t *testing.T) {
|
||||||
|
oldGOOS := goos
|
||||||
|
defer func() { goos = oldGOOS }()
|
||||||
|
if tt.goos != "" {
|
||||||
|
goos = tt.goos
|
||||||
|
}
|
||||||
kubelet.statusManager = status.NewFakeManager()
|
kubelet.statusManager = status.NewFakeManager()
|
||||||
|
|
||||||
newPod := tt.pod.DeepCopy()
|
newPod := tt.pod.DeepCopy()
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user