github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-13 05:02:50 +00:00
Code Issues Projects Releases Wiki Activity

Mirror pod without OwnerReference should not be created

Browse Source 
Signed-off-by: Ted Yu <yuzhihong@gmail.com>
This commit is contained in:
Ted Yu
2020-06-21 08:00:17 -07:00
parent 4c8207dc1e
commit 9f95fdd3cd
3 changed files with 32 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
plugin/pkg/admission/noderestriction/admission.go
View File

@@ -224,6 +224,9 @@ func (p *Plugin) admitPodCreate(nodeName string, a admission.Attributes) error {
if len(pod.OwnerReferences) > 1 {
return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with a single owner reference set to itself", nodeName))
}
if len(pod.OwnerReferences) == 0 {
return admission.NewForbidden(a, fmt.Errorf("node %q can only create pods with an owner reference set to itself", nodeName))
}
if len(pod.OwnerReferences) == 1 {
owner := pod.OwnerReferences[0]
if owner.APIVersion != v1.SchemeGroupVersion.String() ||

5
plugin/pkg/admission/noderestriction/admission_test.go
View File

@@ -1314,8 +1314,9 @@ func Test_nodePlugin_Admit_OwnerReference(t *testing.T) {
expectErr string
}{
{
name: "no owner",
owners: nil,
name: "no owner",
owners: nil,
expectErr: "pods \"test\" is forbidden: node \"mynode\" can only create pods with an owner reference set to itself",
},
{
name: "valid owner",