github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-27 05:27:21 +00:00
Code Issues Projects Releases Wiki Activity

Invalid environment var names are reported and pod starts

Browse Source 
When processing EnvFrom items, all invalid keys are collected and
reported as a single event.

The Pod is allowed to start.
This commit is contained in:
Michael Fraenkel 2017-03-07 06:19:49 -08:00 committed by vagrant
parent 7b4bec038c
commit c4d07466e8
2 changed files with 44 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkg/kubelet/kubelet_pods.go
View File

@ -432,15 +432,21 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
configMaps[name] = configMap configMaps[name] = configMap
} }
invalidKeys := []string{}
for k, v := range configMap.Data { for k, v := range configMap.Data {
if len(envFrom.Prefix) > 0 { if len(envFrom.Prefix) > 0 {
k = envFrom.Prefix + k k = envFrom.Prefix + k
} }
if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 { if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
return result, fmt.Errorf("Invalid environment variable name, %v, from configmap %v/%v: %s", k, pod.Namespace, name, errMsgs[0]) invalidKeys = append(invalidKeys, k)
continue
} }
tmpEnv[k] = v tmpEnv[k] = v
} }
if len(invalidKeys) > 0 {
sort.Strings(invalidKeys)
kl.recorder.Eventf(pod, v1.EventTypeWarning, "InvalidEnvironmentVariableNames", "Keys [%s] from the EnvFrom configMap %s/%s were skipped since they are considered invalid environment variable names.", strings.Join(invalidKeys, ", "), pod.Namespace, name)
}
case envFrom.SecretRef != nil: case envFrom.SecretRef != nil:
s := envFrom.SecretRef s := envFrom.SecretRef
name := s.Name name := s.Name
@ -461,15 +467,21 @@ func (kl *Kubelet) makeEnvironmentVariables(pod *v1.Pod, container *v1.Container
secrets[name] = secret secrets[name] = secret
} }
invalidKeys := []string{}
for k, v := range secret.Data { for k, v := range secret.Data {
if len(envFrom.Prefix) > 0 { if len(envFrom.Prefix) > 0 {
k = envFrom.Prefix + k k = envFrom.Prefix + k
} }
if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 { if errMsgs := utilvalidation.IsCIdentifier(k); len(errMsgs) != 0 {
return result, fmt.Errorf("Invalid environment variable name, %v, from secret %v/%v: %s", k, pod.Namespace, name, errMsgs[0]) invalidKeys = append(invalidKeys, k)
continue
} }
tmpEnv[k] = string(v) tmpEnv[k] = string(v)
} }
if len(invalidKeys) > 0 {
sort.Strings(invalidKeys)
kl.recorder.Eventf(pod, v1.EventTypeWarning, "InvalidEnvironmentVariableNames", "Keys [%s] from the EnvFrom secret %s/%s were skipped since they are considered invalid environment variable names.", strings.Join(invalidKeys, ", "), pod.Namespace, name)
}
} }
} }

34
pkg/kubelet/kubelet_pods_test.go
View File

@ -32,6 +32,7 @@ import (
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/types"
core "k8s.io/client-go/testing" core "k8s.io/client-go/testing"
"k8s.io/client-go/tools/record"
"k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/api"
"k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/api/v1"
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container" kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
@ -307,6 +308,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
secret *v1.Secret // an optional Secret to pull from secret *v1.Secret // an optional Secret to pull from
expectedEnvs []kubecontainer.EnvVar // a set of expected environment vars expectedEnvs []kubecontainer.EnvVar // a set of expected environment vars
expectedError bool // does the test fail expectedError bool // does the test fail
expectedEvent string // does the test emit an event
}{ }{
{ {
name: "api server = Y, kubelet = Y", name: "api server = Y, kubelet = Y",
@ -864,7 +866,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
{ {
name: "configmap_invalid_keys", name: "configmap_invalid_keys",
ns: "test1", ns: "test",
container: &v1.Container{ container: &v1.Container{
EnvFrom: []v1.EnvFromSource{ EnvFrom: []v1.EnvFromSource{
{ConfigMapRef: &v1.ConfigMapEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"}}}, {ConfigMapRef: &v1.ConfigMapEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-config-map"}}},
@ -878,9 +880,17 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
Data: map[string]string{ Data: map[string]string{
"1234": "abc", "1234": "abc",
"1z": "abc",
"key": "value",
}, },
}, },
expectedError: true, expectedEnvs: []kubecontainer.EnvVar{
{
Name: "key",
Value: "value",
},
},
expectedEvent: "Warning InvalidEnvironmentVariableNames Keys [1234, 1z] from the EnvFrom configMap test/test-config-map were skipped since they are considered invalid environment variable names.",
}, },
{ {
name: "configmap_invalid_keys_valid", name: "configmap_invalid_keys_valid",
@ -1031,7 +1041,7 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
{ {
name: "secret_invalid_keys", name: "secret_invalid_keys",
ns: "test1", ns: "test",
container: &v1.Container{ container: &v1.Container{
EnvFrom: []v1.EnvFromSource{ EnvFrom: []v1.EnvFromSource{
{SecretRef: &v1.SecretEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-secret"}}}, {SecretRef: &v1.SecretEnvSource{LocalObjectReference: v1.LocalObjectReference{Name: "test-secret"}}},
@ -1045,9 +1055,17 @@ func TestMakeEnvironmentVariables(t *testing.T) {
}, },
Data: map[string][]byte{ Data: map[string][]byte{
"1234": []byte("abc"), "1234": []byte("abc"),
"1z": []byte("abc"),
"key": []byte("value"),
}, },
}, },
expectedError: true, expectedEnvs: []kubecontainer.EnvVar{
{
Name: "key",
Value: "value",
},
},
expectedEvent: "Warning InvalidEnvironmentVariableNames Keys [1234, 1z] from the EnvFrom secret test/test-secret were skipped since they are considered invalid environment variable names.",
}, },
{ {
name: "secret_invalid_keys_valid", name: "secret_invalid_keys_valid",
@ -1080,7 +1098,9 @@ func TestMakeEnvironmentVariables(t *testing.T) {
} }
for _, tc := range testCases { for _, tc := range testCases {
fakeRecorder := record.NewFakeRecorder(1)
testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */) testKubelet := newTestKubelet(t, false /* controllerAttachDetachEnabled */)
testKubelet.kubelet.recorder = fakeRecorder
defer testKubelet.Cleanup() defer testKubelet.Cleanup()
kl := testKubelet.kubelet kl := testKubelet.kubelet
kl.masterServiceNamespace = tc.masterServiceNs kl.masterServiceNamespace = tc.masterServiceNs
@ -1126,6 +1146,12 @@ func TestMakeEnvironmentVariables(t *testing.T) {
podIP := "1.2.3.4" podIP := "1.2.3.4"
result, err := kl.makeEnvironmentVariables(testPod, tc.container, podIP) result, err := kl.makeEnvironmentVariables(testPod, tc.container, podIP)
select {
case e := <-fakeRecorder.Events:
assert.Equal(t, tc.expectedEvent, e)
default:
assert.Equal(t, "", tc.expectedEvent)
}
if tc.expectedError { if tc.expectedError {
assert.Error(t, err, tc.name) assert.Error(t, err, tc.name)
} else { } else {