github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-12-02 02:21:22 +00:00
Code Issues Projects Releases Wiki Activity

pod terminationGracePeriodSeconds is always valid (#124461)

Browse Source 
* Pod terminationGracePeriodSeconds is always valid

Validation of a pod spec will always use the pod's
TerminationGracePeriodSeconds value.

A set of pod test-helpers have been created to help construct Pods.

* remove unused func

* reduction

* reduce 2

* simplify test

* report invalid grace period

* update SupplementalGroupPolicy tests
This commit is contained in:
Michael Fraenkel
2024-06-29 19:09:29 -06:00
committed by GitHub
parent a9c156baef
commit a7264f95ff
22 changed files with 3137 additions and 5558 deletions
Download Patch File Download Diff File Expand all files Collapse all files

216
pkg/apis/apps/validation/validation_test.go
View File

@@ -34,6 +34,7 @@ import (
utilfeature "k8s.io/apiserver/pkg/util/feature"
featuregatetesting "k8s.io/component-base/featuregate/testing"
"k8s.io/kubernetes/pkg/api/pod"
podtest "k8s.io/kubernetes/pkg/api/pod/testing"
"k8s.io/kubernetes/pkg/apis/apps"
api "k8s.io/kubernetes/pkg/apis/core"
corevalidation "k8s.io/kubernetes/pkg/apis/core/validation"
@@ -1503,29 +1504,15 @@ func TestValidateDaemonSetUpdate(t *testing.T) {
validSelector2 := map[string]string{"c": "d"}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
validPodSpecAbc := api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
}
validPodSpecDef := api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "def", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
}
validPodSpecNodeSelector := api.PodSpec{
NodeSelector: validSelector,
NodeName: "xyz",
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
}
validPodSpecVolume := api.PodSpec{
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
}
validPodSpecAbc := podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetContainers(podtest.MakeContainer("abc")))
validPodSpecDef := podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetContainers(podtest.MakeContainer("def")))
validPodSpecNodeSelector := podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetNodeSelector(validSelector),
podtest.SetNodeName("xyz"))
validPodSpecVolume := podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetVolumes(api.Volume{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}))
validPodTemplateAbc := api.PodTemplate{
Template: api.PodTemplateSpec{
@@ -1570,11 +1557,8 @@ func TestValidateDaemonSetUpdate(t *testing.T) {
}
invalidPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
// no containers specified
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
// no containers specified
Spec: podtest.MakePodSpec(api.RestartPolicyAlways, podtest.SetContainers()),
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
@@ -1992,11 +1976,7 @@ func TestValidateDaemonSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
}
validHostNetPodTemplate := api.PodTemplate{
@@ -2004,35 +1984,22 @@ func TestValidateDaemonSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
SecurityContext: &api.PodSecurityContext{
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetSecurityContext(&api.PodSecurityContext{
HostNetwork: true,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{
Name: "abc",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: api.TerminationMessageReadFile,
Ports: []api.ContainerPort{{
}),
podtest.SetContainers(podtest.MakeContainer("abc",
podtest.SetContainerPorts(api.ContainerPort{
ContainerPort: 12345,
Protocol: api.ProtocolTCP,
}},
}},
},
}))),
),
},
}
invalidSelector := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
ObjectMeta: metav1.ObjectMeta{
Labels: invalidSelector,
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways, podtest.SetLabels(invalidSelector)),
},
}
successCases := []apps.DaemonSet{{
@@ -2157,14 +2124,7 @@ func TestValidateDaemonSet(t *testing.T) {
Spec: apps.DaemonSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validSelector},
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyOnFailure,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
Spec: podtest.MakePodSpec(api.RestartPolicyOnFailure, podtest.SetLabels(validSelector)),
},
},
},
@@ -2176,14 +2136,7 @@ func TestValidateDaemonSet(t *testing.T) {
Spec: apps.DaemonSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validSelector},
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyNever,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
Spec: podtest.MakePodSpec(api.RestartPolicyNever, podtest.SetLabels(validSelector)),
},
},
},
@@ -2195,12 +2148,8 @@ func TestValidateDaemonSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validSelector,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
EphemeralContainers: []api.EphemeralContainer{{EphemeralContainerCommon: api.EphemeralContainerCommon{Name: "debug", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetEphemeralContainers(api.EphemeralContainer{EphemeralContainerCommon: api.EphemeralContainerCommon{Name: "debug", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: "File"}})),
},
UpdateStrategy: apps.DaemonSetUpdateStrategy{
Type: apps.OnDeleteDaemonSetStrategyType,
@@ -2258,16 +2207,7 @@ func validDeployment(tweaks ...func(d *apps.Deployment)) *apps.Deployment {
"name": "abc",
},
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSDefault,
Containers: []api.Container{{
Name: "nginx",
Image: "image",
ImagePullPolicy: api.PullNever,
TerminationMessagePolicy: api.TerminationMessageReadFile,
}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
RollbackTo: &apps.RollbackConfig{
Revision: 1,
@@ -2598,11 +2538,7 @@ func TestValidateDeploymentUpdate(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
}
readWriteVolumePodTemplate := api.PodTemplate{
@@ -2610,22 +2546,16 @@ func TestValidateDeploymentUpdate(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetVolumes(api.Volume{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}),
),
},
}
invalidLabels := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
// no containers specified
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
// no containers specified
Spec: podtest.MakePodSpec(api.RestartPolicyAlways, podtest.SetContainers()),
ObjectMeta: metav1.ObjectMeta{
Labels: invalidLabels,
},
@@ -2922,11 +2852,7 @@ func TestValidateReplicaSetStatusUpdate(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
}
type rcUpdateTest struct {
@@ -3004,11 +2930,7 @@ func TestValidateReplicaSetUpdate(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
}
readWriteVolumePodTemplate := api.PodTemplate{
@@ -3016,21 +2938,15 @@ func TestValidateReplicaSetUpdate(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetVolumes(api.Volume{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}),
),
},
}
invalidLabels := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways, podtest.SetContainers()),
ObjectMeta: metav1.ObjectMeta{
Labels: invalidLabels,
},
@@ -3180,11 +3096,7 @@ func TestValidateReplicaSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
},
}
validHostNetPodTemplate := api.PodTemplate{
@@ -3192,23 +3104,15 @@ func TestValidateReplicaSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
SecurityContext: &api.PodSecurityContext{
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetSecurityContext(&api.PodSecurityContext{
HostNetwork: true,
},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{
Name: "abc",
Image: "image",
ImagePullPolicy: "IfNotPresent",
TerminationMessagePolicy: api.TerminationMessageReadFile,
Ports: []api.ContainerPort{{
ContainerPort: 12345,
Protocol: api.ProtocolTCP,
}},
}},
},
}),
podtest.SetContainers(podtest.MakeContainer("abc", podtest.SetContainerPorts(api.ContainerPort{
ContainerPort: 12345,
Protocol: api.ProtocolTCP,
}))),
),
},
}
readWriteVolumePodTemplate := api.PodTemplate{
@@ -3216,21 +3120,15 @@ func TestValidateReplicaSet(t *testing.T) {
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
Spec: api.PodSpec{
Volumes: []api.Volume{{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}},
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "abc", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways,
podtest.SetVolumes(api.Volume{Name: "gcepd", VolumeSource: api.VolumeSource{GCEPersistentDisk: &api.GCEPersistentDiskVolumeSource{PDName: "my-PD", FSType: "ext4", Partition: 1, ReadOnly: false}}}),
),
},
}
invalidLabels := map[string]string{"NoUppercaseOrSpecialCharsLike=Equals": "b"}
invalidPodTemplate := api.PodTemplate{
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyAlways,
DNSPolicy: api.DNSClusterFirst,
},
Spec: podtest.MakePodSpec(api.RestartPolicyAlways),
ObjectMeta: metav1.ObjectMeta{
Labels: invalidLabels,
},
@@ -3364,11 +3262,7 @@ func TestValidateReplicaSet(t *testing.T) {
Spec: apps.ReplicaSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validLabels},
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyOnFailure,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyOnFailure),
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},
@@ -3383,11 +3277,7 @@ func TestValidateReplicaSet(t *testing.T) {
Spec: apps.ReplicaSetSpec{
Selector: &metav1.LabelSelector{MatchLabels: validLabels},
Template: api.PodTemplateSpec{
Spec: api.PodSpec{
RestartPolicy: api.RestartPolicyNever,
DNSPolicy: api.DNSClusterFirst,
Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", TerminationMessagePolicy: api.TerminationMessageReadFile}},
},
Spec: podtest.MakePodSpec(api.RestartPolicyNever),
ObjectMeta: metav1.ObjectMeta{
Labels: validLabels,
},