Fix resource quota controller panic #52092
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The pod evaluator used by the resource quota controller made direct calls to an unsafe pod conversion function which mutates the pod argument. With multiple resource quota controller workers, concurrent processing of the same pod from a shared informer can result in a panic when the conversion code attempts to write to a map field in the pod. Swap out the direct conversion function call to Scheme.ConvertToVersion, which copies the input before conversion.
k8s-ci-robot
added
sig/api-machinery
k8s-github-robot
added
do-not-merge/cherry-pick-not-approved
|
link to issue? |
|
release note can probably be less detailed |
|
this LGTM |
|
/approve |
k8s-github-robot
added
the
approved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: derekwaynecarr, ironcladlou Associated issue: 52093 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
/retest Review the full test history for this PR. |
|
/test pull-kubernetes-e2e-kops-aws |
|
lgtm |
|
@wojtek-t for release approval |
wojtek-t
added
cherry-pick-approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
openshift-merge-robot
added a commit
to openshift/origin
that referenced
this pull request
Sep 8, 2017
Automatic merge from submit-queue UPSTREAM: 52092: Fix resource quota controller panic (Drop in 1.8) The pod evaluator used by the resource quota controller made direct calls to an unsafe pod conversion function which mutates the pod argument. With multiple resource quota controller workers, concurrent processing of the same pod from a shared informer can result in a panic when the conversion code attempts to write to a map field in the pod. Swap out the direct conversion function call to Scheme.ConvertToVersion, which copies the input before conversion. Fixes https://bugzilla.redhat.com/show_bug.cgi?id=1486416 /xref kubernetes/kubernetes#52092
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The pod evaluator used by the resource quota controller made direct calls to an
unsafe pod conversion function which mutates the pod argument. With multiple
resource quota controller workers, concurrent processing of the same pod from a
shared informer can result in a panic when the conversion code attempts to write
to a map field in the pod.
Swap out the direct conversion function call to Scheme.ConvertToVersion, which
copies the input before conversion.
Fixes #52093.
@kubernetes/sig-api-machinery-bugs
/cc @liggitt