-
Notifications
You must be signed in to change notification settings - Fork 40.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix resource quota controller panic #52092
Fix resource quota controller panic #52092
Conversation
The pod evaluator used by the resource quota controller made direct calls to an unsafe pod conversion function which mutates the pod argument. With multiple resource quota controller workers, concurrent processing of the same pod from a shared informer can result in a panic when the conversion code attempts to write to a map field in the pod. Swap out the direct conversion function call to Scheme.ConvertToVersion, which copies the input before conversion.
link to issue? |
release note can probably be less detailed |
this LGTM |
/approve |
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, ironcladlou Associated issue: 52093 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/retest Review the full test history for this PR. |
/test pull-kubernetes-e2e-kops-aws |
lgtm |
@wojtek-t for release approval |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
Automatic merge from submit-queue UPSTREAM: 52092: Fix resource quota controller panic (Drop in 1.8) The pod evaluator used by the resource quota controller made direct calls to an unsafe pod conversion function which mutates the pod argument. With multiple resource quota controller workers, concurrent processing of the same pod from a shared informer can result in a panic when the conversion code attempts to write to a map field in the pod. Swap out the direct conversion function call to Scheme.ConvertToVersion, which copies the input before conversion. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1486416 /xref kubernetes/kubernetes#52092
The pod evaluator used by the resource quota controller made direct calls to an
unsafe pod conversion function which mutates the pod argument. With multiple
resource quota controller workers, concurrent processing of the same pod from a
shared informer can result in a panic when the conversion code attempts to write
to a map field in the pod.
Swap out the direct conversion function call to Scheme.ConvertToVersion, which
copies the input before conversion.
Fixes #52093.
@kubernetes/sig-api-machinery-bugs
/cc @liggitt