github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-12 05:21:58 +00:00
Code Issues Projects Releases Wiki Activity

pod: dropDisabledFields: recognize RecursiveReadOnlyMounts

Browse Source 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2024-03-09 09:48:12 +09:00
parent d940886d0a
commit ce1918875f
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
1 changed files with 47 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
pkg/api/pod/util.go
View File

@ -685,6 +685,24 @@ func dropDisabledFields(
// For other types of containers, validateContainers will handle them.
}
if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !rroInUse(oldPodSpec) {
for i := range podSpec.Containers {
for j := range podSpec.Containers[i].VolumeMounts {
podSpec.Containers[i].VolumeMounts[j].RecursiveReadOnly = nil
}
}
for i := range podSpec.InitContainers {
for j := range podSpec.InitContainers[i].VolumeMounts {
podSpec.InitContainers[i].VolumeMounts[j].RecursiveReadOnly = nil
}
}
for i := range podSpec.EphemeralContainers {
for j := range podSpec.EphemeralContainers[i].VolumeMounts {
podSpec.EphemeralContainers[i].VolumeMounts[j].RecursiveReadOnly = nil
}
}
}
dropPodLifecycleSleepAction(podSpec, oldPodSpec)
}
@ -790,6 +808,18 @@ func dropDisabledPodStatusFields(podStatus, oldPodStatus *api.PodStatus, podSpec
if !utilfeature.DefaultFeatureGate.Enabled(features.PodHostIPs) && !hostIPsInUse(oldPodStatus) {
podStatus.HostIPs = nil
}
if !utilfeature.DefaultFeatureGate.Enabled(features.RecursiveReadOnlyMounts) && !rroInUse(oldPodSpec) {
for i := range podStatus.ContainerStatuses {
podStatus.ContainerStatuses[i].VolumeMounts = nil
}
for i := range podStatus.InitContainerStatuses {
podStatus.InitContainerStatuses[i].VolumeMounts = nil
}
for i := range podStatus.EphemeralContainerStatuses {
podStatus.EphemeralContainerStatuses[i].VolumeMounts = nil
}
}
}
func hostIPsInUse(podStatus *api.PodStatus) bool {
@ -1102,6 +1132,23 @@ func clusterTrustBundleProjectionInUse(podSpec *api.PodSpec) bool {
return false
}
func rroInUse(podSpec *api.PodSpec) bool {
if podSpec == nil {
return false
}
var inUse bool
VisitContainers(podSpec, AllContainers, func(c *api.Container, _ ContainerType) bool {
for _, f := range c.VolumeMounts {
if f.RecursiveReadOnly != nil {
inUse = true
return false
}
}
return true
})
return inUse
}
func dropDisabledClusterTrustBundleProjection(podSpec, oldPodSpec *api.PodSpec) {
if utilfeature.DefaultFeatureGate.Enabled(features.ClusterTrustBundleProjection) {
return