github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-29 14:37:00 +00:00
Code Issues Projects Releases Wiki Activity

Update property name in metrics

Browse Source 
selinux_volume_conflict should not have space in its label value - it's
harder to query for that value. Use SELinuxLabel as both human friendly (in
an event) and label value.
This commit is contained in:
Jan Safranek 2024-11-05 20:03:07 +01:00
parent cf7a2c7d35
commit 8791efc732
4 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/controller/volume/selinuxwarning/cache/conflict.go vendored
View File

@ -25,7 +25,7 @@ import (
// A single conflict between two Pods using the same volume with different SELinux labels or policies.
// Event should be sent to both of them.
type Conflict struct {
// Human-readable name of the conflicting property, like "SELinux label"
// Human-readable name of the conflicting property + value of "property" label of selinux_volume_conflict metric.
PropertyName string
// Reason for the event, to be set as the Event.Reason field.
EventReason string

6
pkg/controller/volume/selinuxwarning/cache/volumecache.go vendored
View File

@ -140,14 +140,14 @@ func (c *volumeCache) AddVolume(logger klog.Logger, volumeName v1.UniqueVolumeNa
if otherPodInfo.seLinuxLabel != label {
// Send conflict to both pods
conflicts = append(conflicts, Conflict{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: podKey,
PropertyValue: label,
OtherPod: otherPodKey,
OtherPropertyValue: otherPodInfo.seLinuxLabel,
}, Conflict{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: otherPodKey,
PropertyValue: otherPodInfo.seLinuxLabel,
@ -250,7 +250,7 @@ func (c *volumeCache) SendConflicts(logger klog.Logger, ch chan<- Conflict) {
}
if podInfo.seLinuxLabel != otherPodInfo.seLinuxLabel {
ch <- Conflict{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: podKey,
PropertyValue: podInfo.seLinuxLabel,

6
pkg/controller/volume/selinuxwarning/cache/volumecache_test.go vendored
View File

@ -204,7 +204,7 @@ func TestVolumeCache_AddVolumeSendConflicts(t *testing.T) {
},
expectedConflicts: []Conflict{
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: "testns", Name: "testpod"},
PropertyValue: "label-new",
@ -254,7 +254,7 @@ func TestVolumeCache_AddVolumeSendConflicts(t *testing.T) {
OtherPropertyValue: "MountOption",
},
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: "testns", Name: "testpod"},
PropertyValue: "label-new",
@ -297,7 +297,7 @@ func TestVolumeCache_AddVolumeSendConflicts(t *testing.T) {
OtherPropertyValue: "Recursive",
},
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: "ns3", Name: "pod3-1"},
PropertyValue: "label-new",

14
pkg/controller/volume/selinuxwarning/selinux_warning_controller_test.go
View File

@ -192,7 +192,7 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
pod: cache.ObjectName{Namespace: namespace, Name: "pod1"},
conflicts: []volumecache.Conflict{
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: namespace, Name: "pod1"},
PropertyValue: "label1",
@ -200,7 +200,7 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
OtherPropertyValue: "label2",
},
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: namespace, Name: "pod2"},
PropertyValue: "label2",
@ -218,8 +218,8 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
},
},
expectedEvents: []string{
`Normal SELinuxLabelConflict SELinux label "label1" conflicts with pod pod2 that uses the same volume as this pod with SELinux label "label2". If both pods land on the same node, only one of them may access the volume.`,
`Normal SELinuxLabelConflict SELinux label "label2" conflicts with pod pod1 that uses the same volume as this pod with SELinux label "label1". If both pods land on the same node, only one of them may access the volume.`,
`Normal SELinuxLabelConflict SELinuxLabel "label1" conflicts with pod pod2 that uses the same volume as this pod with SELinuxLabel "label2". If both pods land on the same node, only one of them may access the volume.`,
`Normal SELinuxLabelConflict SELinuxLabel "label2" conflicts with pod pod1 that uses the same volume as this pod with SELinuxLabel "label1". If both pods land on the same node, only one of them may access the volume.`,
},
},
{
@ -237,7 +237,7 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
pod: cache.ObjectName{Namespace: namespace, Name: "pod1"},
conflicts: []volumecache.Conflict{
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: namespace, Name: "pod1"},
PropertyValue: "label1",
@ -245,7 +245,7 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
OtherPropertyValue: "label2",
},
{
PropertyName: "SELinux label",
PropertyName: "SELinuxLabel",
EventReason: "SELinuxLabelConflict",
Pod: cache.ObjectName{Namespace: namespace, Name: "pod2"},
PropertyValue: "label2",
@ -264,7 +264,7 @@ func TestSELinuxWarningController_Sync(t *testing.T) {
},
expectedEvents: []string{
// Event for the missing pod is not sent
`Normal SELinuxLabelConflict SELinux label "label1" conflicts with pod pod2 that uses the same volume as this pod with SELinux label "label2". If both pods land on the same node, only one of them may access the volume.`,
`Normal SELinuxLabelConflict SELinuxLabel "label1" conflicts with pod pod2 that uses the same volume as this pod with SELinuxLabel "label2". If both pods land on the same node, only one of them may access the volume.`,
},
},
{