Skip to content

Commit

Permalink
Only inject Pods that are Pending. (#501)
Browse files Browse the repository at this point in the history
  • Loading branch information
cjyar authored Aug 16, 2023
1 parent e813ad9 commit adb76bf
Show file tree
Hide file tree
Showing 2 changed files with 16 additions and 5 deletions.
5 changes: 5 additions & 0 deletions agent-inject/agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -540,6 +540,11 @@ func ShouldInject(pod *corev1.Pod) (bool, error) {
return false, nil
}

// If injection didn't happen on pod creation, then it's too late now.
if pod.Status.Phase != "" && pod.Status.Phase != corev1.PodPending {
return false, nil
}

// This shouldn't happen so bail.
raw, ok = pod.Annotations[AnnotationAgentStatus]
if !ok {
Expand Down
16 changes: 11 additions & 5 deletions agent-inject/agent/agent_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,17 +91,23 @@ func testPodIRSA(annotations map[string]string) *corev1.Pod {
func TestShouldInject(t *testing.T) {
tests := []struct {
annotations map[string]string
phase corev1.PodPhase
inject bool
}{
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: ""}, true},
{map[string]string{AnnotationAgentInject: "false", AnnotationAgentStatus: ""}, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: "injected"}, false},
{map[string]string{AnnotationAgentInject: "false", AnnotationAgentStatus: "injected"}, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: "update"}, true},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: ""}, corev1.PodPending, true},
{map[string]string{AnnotationAgentInject: "false", AnnotationAgentStatus: ""}, corev1.PodPending, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: "injected"}, corev1.PodPending, false},
{map[string]string{AnnotationAgentInject: "false", AnnotationAgentStatus: "injected"}, corev1.PodPending, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: "update"}, corev1.PodPending, true},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: ""}, corev1.PodRunning, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: ""}, corev1.PodSucceeded, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: ""}, corev1.PodFailed, false},
{map[string]string{AnnotationAgentInject: "true", AnnotationAgentStatus: "update"}, corev1.PodRunning, false},
}

for _, tt := range tests {
pod := testPod(tt.annotations)
pod.Status.Phase = tt.phase
inject, err := ShouldInject(pod)
if err != nil {
t.Errorf("got error, shouldn't have: %s", err)
Expand Down

0 comments on commit adb76bf

Please sign in to comment.