Merge pull request #54287 from hzxuzhonghu/audit-stage-1

Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. audit backend run before http server start and register presShutdown … …hook **What this PR does / why we need it**: 1. audit backend run before http server start , prevent coming request audit blocking 2. audit backend use preShutdownHook. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #54286 **Special notes for your reviewer**: **Release note**: ```release-note NONE ``` Kubernetes-commit: 192bb6262b5a73438d958408f91d198384c3f497
2017-10-25 00:58:17 -07:00 · 2017-10-25 00:58:17 -07:00 · ab0820408a
parent 920a596ded cc18a64aad
commit ab0820408a
2 changed files with 1704 additions and 1648 deletions
--- a/Godeps/Godeps.json
+++ b/Godeps/Godeps.json
--- a/pkg/server/genericapiserver.go
+++ b/pkg/server/genericapiserver.go
@ -266,6 +266,14 @@ func (s *GenericAPIServer) PrepareRun() preparedGenericAPIServer {
 // Run spawns the secure http server. It only returns if stopCh is closed
 // or the secure port cannot be listened on initially.
 func (s preparedGenericAPIServer) Run(stopCh <-chan struct{}) error {
+	// Register audit backend preShutdownHook.
+	if s.AuditBackend != nil {
+		s.AddPreShutdownHook("audit-backend", func() error {
+			s.AuditBackend.Shutdown()
+			return nil
+		})
+	}
+
 	err := s.NonBlockingRun(stopCh)
 	if err != nil {
 		return err
@ -273,16 +281,20 @@ func (s preparedGenericAPIServer) Run(stopCh <-chan struct{}) error {

 	<-stopCh

-	if s.GenericAPIServer.AuditBackend != nil {
-		s.GenericAPIServer.AuditBackend.Shutdown()
-	}
-
 	return s.RunPreShutdownHooks()
 }

 // NonBlockingRun spawns the secure http server. An error is
 // returned if the secure port cannot be listened on.
 func (s preparedGenericAPIServer) NonBlockingRun(stopCh <-chan struct{}) error {
+	// Start the audit backend before any request comes in. This means we must call Backend.Run
+	// before http server start serving. Otherwise the Backend.ProcessEvents call might block.
+	if s.AuditBackend != nil {
+		if err := s.AuditBackend.Run(stopCh); err != nil {
+			return fmt.Errorf("failed to run the audit backend: %v", err)
+		}
+	}
+
 	// Use an internal stop channel to allow cleanup of the listeners on error.
 	internalStopCh := make(chan struct{})

@ -301,14 +313,6 @@ func (s preparedGenericAPIServer) NonBlockingRun(stopCh <-chan struct{}) error {
 		close(internalStopCh)
 	}()

-	// Start the audit backend before any request comes in. This means we cannot turn it into a
-	// post start hook because without calling Backend.Run the Backend.ProcessEvents call might block.
-	if s.AuditBackend != nil {
-		if err := s.AuditBackend.Run(stopCh); err != nil {
-			return fmt.Errorf("failed to run the audit backend: %v", err)
-		}
-	}
-
 	s.RunPostStartHooks(stopCh)

 	if _, err := systemd.SdNotify(true, "READY=1\n"); err != nil {