The original handshake timeout is too short to dial connection
successfully under some situation. So the activator pod can not be
active. And the log message just say "Failed to send ping message to
ws://autoscaler.knative-serving.svc.cluster.local:8080", not easy to
figure out what's the problem underneeth.
The fix switch to websocket default dial, so the default handle shake
time is 45 seconds, and once dial error found, the error will be
reported as error.
* Allow glog to coexist with klog
glog isn't used in our repos with good reason, but performance tests
use it, for now. This commit removes the ability to set klog flags
that aren't shared with glog, in return for the ability of glog to be imported.
* update-codegen
By combining our validation logic into our mutating webhook we were previously allowing for mutating webhooks evaluated after our own to modify our resources into invalid shapes. There are no guarantees around ordering of mutating webhooks (that I could find), so the only way to remedy this properly is to split apart the two into separate webhook configurations:
- `defaulting`: which runs during the mutating admission webhook phase
- `validation`: which runs during the validating admission webhook phase.
The diagram in [this post](https://kubernetes.io/blog/2019/03/21/a-guide-to-kubernetes-admission-controllers/) is very helpful in illustrating the flow of webhooks.
Fixes: https://github.com/knative/pkg/issues/847
In every log we get the ugly string printed:
2019-11-13T08:44:42.421-0800 info logging/config.go:50
Successfully created the logger. {"knative.dev/jsonconfig": "{\n\t
\"level\": \"debug\",\n\t \"encoding\": \"console\",\n\t
\"outputPaths\": [\"stdout\"],\n\t \"errorOutputPaths\":
[\"stderr\"],\n\t \"encoderConfig\": {\n\t \"timeKey\":
\"ts\",\n\t \"messageKey\": \"message\",\n\t \"levelKey\":
\"level\",\n\t \"nameKey\": \"logger\",\n\t \"callerKey\":
\"caller\",\n\t \"messageKey\": \"msg\",\n\t \"stacktraceKey\":
\"stacktrace\",\n\t \"lineEnding\": \"\",\n\t \"levelEncoder\":
\"\",\n\t \"timeEncoder\": \"iso8601\",\n\t \"durationEncoder\":
\"\",\n\t \"callerEncoder\": \"\"\n\t }\n\t}"}
It's all a constant (see test/logging/logging.go:newLogger), except
"level", which is then printed immediately afterward. So just remove
printing this string.
the observability config is used in other packages including
the sample controller. This commit pulls observability config
into knative.dev/pkg similar to logging config for better reusability.
* Add support for Selector in tracker.Reference.
`tracker.Reference` may now optionally replace `Name` with `Selector` to track zero or multiple resources of a particular `apiVersion`, `kind` and `namespace`.
Fixes: https://github.com/knative/pkg/issues/859
* Address code review comments
`TrackReference` is the same as `Track`, but takes a `tracker.Reference` instead. This type has been seeded with the subset of `corev1.ObjectReference` that the tracker currently consumes / supports, but the intention is to expand this type to allow inexact references that (optionally) use label selectors in place of name to reference objects.
See also: https://github.com/knative/pkg/issues/859
Not having this causes the listers to log an annoying log message like
W1108 02:48:54.848573 211995 listers.go:77] can not retrieve list of objects using index : Index with name namespace does not exist
That message doesn't cause the tests to fail because the cache logic works around by doing a "slow indexing". I was very confused by this log though and sunk a bit of time into debugging it, so here we go.
Destination sits in a strange versioned directory without a group under APIs. Destination is in fact part of our duck type space, so it belongs under the `duck` group. This moves the definition (previously v1alpha1) to `v1` because it is referenced from source types that have been designated `v1`.
* marking the metrics as internal as we need to pre-process them to include
pod_name and container_name...
* removing eventSource
* updates
* rollbacking changes to source
* updating changes to source
* minimizing change
* minimizing change
* Restrict Stackdriver Secret to controlled name & namespace
* Address PR comments
* Lock when reading secret name & namespace
* Export StackdriverClientConfig struct so consumers don't have to
redefine it
* Ensure metrics pkg consumers call SetStackdriverSecretLocation to set
Secret name and namespace
* Export StackdriverClientConfig consts & helper function
* Add TODO for secret watcher
* Create a new singleton Reconciler for the webhook secret.
This change creates a new Reconciler (not yet hooked up) that ensures that the
webhook secret has the appropriate shape. I call this a "singleton Reconciler"
because this reconciler exists to effectively reconcile a single resource, which
will be a pattern for the webhook's reconcilers.
* Address linter problems
With the simplified `webhook.New` signature, this supports detecting when one or more of the controllers we have launched has a `Reconciler` that implements `webhook.AdmissionController` and launching the webhook with this admission controllers registered.
There is still work that needs to be done to refactor the webhooks to follow this shape, but this hopefully starts to paint the picture of where things are headed.
With this change folks will need to call `webhook.RegisterMetrics()` to register the opencensus view with the metrics for the webhook's StatsReporter. This is needed to avoid having `sharedmain` crashloop the activator due to linking multiple on-`init()` views that register metrics named `request_latencies`.
In general, I believe that we should move away from registering these views via `init()` and more towards the broader K8s MetricsProvider pattern.
GetCertificate allows us to start in TLS mode and dynamically fetch new certificates as they change. This will eventually allow us to decouple the cert creation process from the core webhook logic, and in a subsequent change service this from a secret lister cache.
This builds on https://github.com/knative/pkg/pull/817 and makes further
breaking changes. The options pertinent to each admission controller are
now passed to their respective constructors, which leads to a cleaner
options struct, and better prepares for greater webhook diversity.
JUN JIE NAN
Matt Moore
coryrc
coryrc
Vincent
Nima Kaviani
Adriano Cunha
Victor Agababov
Markus Thömmes
Francesco Guardiani
Ignacio (Nacho) Cano
Yanwei Guo
Antoine Cotten
Ville Aikas
Scott Nichols
Maisem Ali
Evan Anderson
Annie Fu
Matt Moore
mattmoor-sockpuppet
Joyce Liu
Chi Zhang