github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-07 19:23:40 +00:00
Code Issues Projects Releases Wiki Activity

kubelet/userns: Remove alpha maxPods limitation

Browse Source 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
This commit is contained in:
Rodrigo Campos 2024-03-01 13:16:17 -03:00 committed by Giuseppe Scrivano
parent 4180284dc9
commit 39c6815676
No known key found for this signature in database
GPG Key ID: 67E38F7A8BA21772
2 changed files with 3 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkg/kubelet/userns/userns_manager.go
View File

@ -55,10 +55,9 @@ type userNsPodsManager interface {
}
type UsernsManager struct {
used *allocator.AllocationBitmap
usedBy map[types.UID]uint32 // Map pod.UID to range used
removed int
numAllocated int
used *allocator.AllocationBitmap
usedBy map[types.UID]uint32 // Map pod.UID to range used
removed int
off int
len int
@ -216,16 +215,6 @@ func (m *UsernsManager) isSet(v uint32) bool {
// The first return value is the first ID in the user namespace, the second returns
// the length for the user namespace range.
func (m *UsernsManager) allocateOne(pod types.UID) (firstID uint32, length uint32, err error) {
if m.numAllocated >= maxPods {
return 0, 0, fmt.Errorf("limit on count of pods with user namespaces exceeded (limit is %v, current pods with userns: %v)", maxPods, m.numAllocated)
}
m.numAllocated++
defer func() {
if err != nil {
m.numAllocated--
}
}()
firstZero, found, err := m.used.AllocateNext()
if err != nil {
return 0, 0, err
@ -265,15 +254,6 @@ func (m *UsernsManager) record(pod types.UID, from, length uint32) (err error) {
if found && prevFrom == from {
return nil
}
if m.numAllocated >= maxPods {
return fmt.Errorf("limit on count of pods with user namespaces exceeded (limit is %v, current pods with userns: %v)", maxPods, m.numAllocated)
}
m.numAllocated++
defer func() {
if err != nil {
m.numAllocated--
}
}()
klog.V(5).InfoS("new pod user namespace allocation", "podUID", pod)
@ -318,7 +298,6 @@ func (m *UsernsManager) releaseWithLock(pod types.UID) {
delete(m.usedBy, pod)
klog.V(5).InfoS("releasing pod user namespace allocation", "podUID", pod)
m.numAllocated--
m.removed++
_ = os.Remove(filepath.Join(m.kl.GetPodDir(pod), mappingsFile))

36
pkg/kubelet/userns/userns_manager_test.go
View File

@ -378,42 +378,6 @@ func TestCleanupOrphanedPodUsernsAllocations(t *testing.T) {
}
}
func TestAllocateMaxPods(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)()
testUserNsPodsManager := &testUserNsPodsManager{}
m, err := MakeUserNsManager(testUserNsPodsManager)
require.NoError(t, err)
// The first maxPods allocations should succeed.
for i := 0; i < maxPods; i++ {
_, _, err = m.allocateOne(types.UID(fmt.Sprintf("%d", i)))
require.NoError(t, err)
}
// The next allocation should fail, hitting maxPods.
_, _, err = m.allocateOne(types.UID(fmt.Sprintf("%d", maxPods+1)))
assert.Error(t, err)
}
func TestRecordMaxPods(t *testing.T) {
defer featuregatetesting.SetFeatureGateDuringTest(t, utilfeature.DefaultFeatureGate, pkgfeatures.UserNamespacesSupport, true)()
testUserNsPodsManager := &testUserNsPodsManager{}
m, err := MakeUserNsManager(testUserNsPodsManager)
require.NoError(t, err)
// The first maxPods allocations should succeed.
for i := 0; i < maxPods; i++ {
err = m.record(types.UID(fmt.Sprintf("%d", i)), uint32((i+1)*65536), 65536)
require.NoError(t, err)
}
// The next allocation should fail, hitting maxPods.
err = m.record(types.UID(fmt.Sprintf("%d", maxPods+1)), uint32((maxPods+1)*65536), 65536)
assert.Error(t, err)
}
type failingUserNsPodsManager struct {
testUserNsPodsManager
}