This change updates the NowFunc to be per KMS provider instead of global
to the API server. This allows integration tests that use distinct
provider names to run in parallel when simulating key expiry.
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: 480fad996d58af5f6700389a68c662287e746992
Listing all keys from etcd turned out to be too expensive, negativly
impacting events POST latency. Events resource is the only resource that
by default has watch cache disabled and which includes very
large number of small objects making it very costly to list keys.
Expected impact:
* No apiserver_resource_size_estimate_bytes metric for events.
* APF overestimating LIST request cost to events. Fallback assumes
object size of 1.5MB, meaning LIST events will always get maxSeats
Kubernetes-commit: 3e84e16315ac2b3cb9729a98ed1ae636d8900db6
Authorization, token authentication, imagepolicy admission, and audit webhooks configure RESTClients
that encode to JSON regardless of the ContentType of the provided rest.Config. Because this is
opaque to the RESTClient, configuring a ContentType other than "application/json" results in
requests with JSON-encoded bodies and a non-JSON media type in the Content-Type header. Webhook
servers that respect the Content-Type request header will be unable to decode an object from the
request body.
Explicitly overriding the ContentType of the provided rest.Config fixes this issue and is consistent
with how clients are constructed for conversion and admission webhooks.
Kubernetes-commit: ed07efbc57939afdf154afa80be35507d0a81d66
* cache: do not allocate chan for nothing
The explicit purpose of this channel is to never be closed and nothing
to be sent down on it. Hence, there's no need to allocate a channel - a
nil channel has exactly the desired behaviour.
Additionally, this is more relevant now that testing/synctest gets
unhappy when goroutines are blocked on reading on channels which are
created outside of the synctest bubble. Since this is a package var, that's
hard to avoid when using this package. Synctest is fine with nil
channels though.
Reported-by: Jussi Maki <jussi@isovalent.com>
Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
* handlers: do not allocate chan for nothing
Nil chan has the desired semantics already, and this breaks
testing/synctest because the channel is allocated outside of the bubble.
Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
---------
Signed-off-by: David Bimmler <david.bimmler@isovalent.com>
Kubernetes-commit: 52b7d035f9655d0c6ebeaaafd60add99700bb468
The metrics assertion race with the metric update, and since this
happens at the serverside, we use an active look to check the metrics
instead of expecting to be updated immidiatly.
Change-Id: I9a64b66301d5f4ac3df0c0a01de10602a20f89ea
Kubernetes-commit: f07dcd443d7335d09dc0de7a47485e2e6c87d725
Test that assert on metrics use the returned status to sync the test, if
the metric is updated AFTER the state is returned the test will flake
because the assertion on the metric will race.
Change-Id: I317708a22cb47256c37dac3cab0463a2f925ad6b
Kubernetes-commit: 7ba22700bfd12cd32ff72db022e4b53ccda1deca
Reset metrics per status code also allow to log the particular status
code that flake, in case the problem comes from an specific one.
Change-Id: I29f67d4c5d76449350f45049f45ce8325a2d0ddd
Kubernetes-commit: 0aea6a1e45d178371b44eabcaf0d318a01f9ac3d
Jordan Liggitt
Marek Siarkowicz
Lalit Chauhan
Richa Banker
Joe Betz
Anish Ramasekar
Nour
Mayuka Channankaiah
aerosouund
Ben Luddy
Alex Dudko
David Bimmler
Owen Strain
Gavin Lam
Antonio Ojea
Joel Speed
ylink-lfs
Simran Kaur
Dan Winship
Taahir Ahmed
David Ashpole