-
Notifications
You must be signed in to change notification settings - Fork 994
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Skip verify volcano job container's Privileged mode #411
Conversation
Travis tests have failedHey @hzxuzhonghu, TravisBuddy Request Identifier: fd89a9e0-bcb9-11e9-af47-41b3464977ce |
Travis tests have failedHey @hzxuzhonghu, TravisBuddy Request Identifier: 2da36520-bcbb-11e9-af47-41b3464977ce |
// Skip verify container SecurityContex.Privileged | ||
for i, container := range coreTemplateSpec.Spec.Containers { | ||
if container.SecurityContext != nil && container.SecurityContext.Privileged != nil { | ||
coreTemplateSpec.Spec.Containers[i].SecurityContext.Privileged = nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Where did we validate privileged
, ValidatePodTemplate
? BTW, we should enable/disable this validation according to --allow-privileged
of kube-apiserver.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Just leave the validation to apiserver, as we may not know the cluster flag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Just leave the validation to apiserver, as we may not know the cluster flag.
Better to add this into code notes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is there any other validation dependent on api-server parameter? This's a kind of hack :(
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let me have an investigate
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should have no other fields. But will ignore some fields validation which depends on the feature gate, like CustomPodDNS
.
I think this still does not matter as #412 in.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm... so how to identify those issues before user?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@hzxuzhonghu , let's get this merged firstly, and open an issue on how to identify those issues before user;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I suggest introducing k8s native ut cases into volcano, i think they should already cover corner cases.
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: hzxuzhonghu, k82cn The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
fixes: #409