kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,103 Commits 29 Branches 1,436 Tags 31 MiB
Commit Graph

69 Commits

Author SHA1 Message Date
Marek Siarkowicz a559cb8be1 Unify references to group resource in metrics 
Skip apiserver_storage_objects as it's a stable metrics that doesn't
have "group" label. As defined in KEP-1209 adding a label is considered
a breaking change so this change should be done via deprecation and
introduction of new metric.

Tested via:
```
kubectl get --raw /metrics | grep -i apiservice | grep -v APIServiceRegistrationController | grep -v aggregator_unavailable_apiservice | python3 -c "import sys; print('\n'.join([k+' ' + v for k,v in {a.split('{')[0]:'{'+a.split('{')[1].split('}')[0]+'}' for a in sys.stdin.readlines() if '#' not in a and '_sum' not in a and '_bucket' not in a}.items()]))"
```

Before:
```
apiserver_cache_list_fetched_objects_total {index="",resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_cache_list_returned_objects_total {resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_cache_list_total {index="",resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_longrunning_requests {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_request_body_size_bytes_count {resource="apiservices.apiregistration.k8s.io",verb="create"}
apiserver_request_duration_seconds_count {component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_sli_duration_seconds_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_total {code="201",component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_response_sizes_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="LIST",version="v1"}
apiserver_selfrequest_total {resource="apiservices",subresource="",verb="POST"}
apiserver_storage_events_received_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_evaluated_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_fetched_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_returned_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_objects {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_dispatched_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_received_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_initializations_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_resource_version {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_events_sizes_count {group="apiregistration.k8s.io",kind="APIService",version="v1"}
apiserver_watch_events_total {group="apiregistration.k8s.io",kind="APIService",version="v1"}
etcd_request_duration_seconds_count {operation="listWithCount",type="/registry/apiregistration.k8s.io/apiservices/"}
etcd_requests_total {operation="listWithCount",type="/registry/apiregistration.k8s.io/apiservices/"}
watch_cache_capacity {resource="apiservices.apiregistration.k8s.io"}
```

After:
```
apiserver_cache_list_fetched_objects_total {group="apiregistration.k8s.io",index="",resource="apiservices"}
apiserver_cache_list_returned_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_cache_list_total {group="apiregistration.k8s.io",index="",resource="apiservices"}
apiserver_longrunning_requests {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_request_body_size_bytes_count {group="apiregistration.k8s.io",resource="apiservices",verb="create"}
apiserver_request_duration_seconds_count {component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_sli_duration_seconds_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_total {code="201",component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_response_sizes_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_selfrequest_total {group="apiregistration.k8s.io",resource="apiservices",subresource="",verb="WATCH"}
apiserver_storage_events_received_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_evaluated_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_fetched_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_returned_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_objects {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_dispatched_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_events_received_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_initializations_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_resource_version {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_events_sizes_count {group="apiregistration.k8s.io",resource="apiservices",version="v1"}
apiserver_watch_events_total {group="apiregistration.k8s.io",resource="apiservices",version="v1"}
etcd_bookmark_counts {group="apiregistration.k8s.io",resource="apiservices"}
etcd_request_duration_seconds_count {group="apiregistration.k8s.io",operation="listWithCount",resource="apiservices"}
etcd_requests_total {group="apiregistration.k8s.io",operation="listWithCount",resource="apiservices"}
watch_cache_capacity {group="apiregistration.k8s.io",resource="apiservices"}
```

Kubernetes-commit: f712b01ddb55f6569b930ca714499051ba8cb311
 2025-05-19 11:41:09 +02:00
CasperLiu 1bb7b2e6ab introduce a proper trace context 
Signed-off-by: carlory <baofa.fan@daocloud.io>
Co-authored-by: CasperLiu <qiuyuzhe521@gmail.com>

Kubernetes-commit: 5b2632f70763aeadfc334df1364946fe39fc10bb
 2024-04-07 17:58:59 +08:00
Alexander Zielenski 4bd3e89853 remove checks for fieldmanager from handlers 
it should never be nil

Kubernetes-commit: ad5cda4d21974104db01732474130d10c001d3f2
 2023-03-14 15:08:00 -07:00
Aldo Culquicondor 62e2e0a1b7 Preserve UID/ResourceVersion in the BindingREST endpoint 
Change-Id: If4023da10c455963a320fdb9fc2a73c099bea3db

Kubernetes-commit: 62889f416cb60f66b3f04810ef2475c425b8394a
 2023-03-16 16:35:39 -04:00
David Ashpole aa161f2fc0 migrate apiserver utiltrace usage to component-base/tracing 
Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13
 2022-10-20 18:15:38 +00:00
Han Kang ce7b4d6e8c Add request body size metric 
Change-Id: Ica5d9b5457d4f844c4500b2c05b2f0631c27454c

Kubernetes-commit: 43c95cbf0682895cf5bb79452b1f011123ac4513
 2022-08-24 09:15:23 -07:00
Antonio Ojea ea69e5d51c remove DryRun feature gate checks 
Kubernetes-commit: a1bfb76458a219577884d312ceb93eb1bb3f7e39
 2022-08-26 11:33:56 +02:00
Tim Hockin 970b3ee9bb Initialize UID earlier in the Create process 
Before:
  Create()
      BeginCreate()
      BeforeCreate()
          init UID <---------------------
          strategy code

After:
  Create()
      init UID <-------------------------
      BeginCreate()
      BeforeCreate()
          strategy code

This also wipes UID early (suggested by David) and asserts it is set in
BeforeCreate().

Kubernetes-commit: 5615de51f9e768dd01d7fe49a48e8db756bd8ac8
 2022-06-17 15:32:25 -07:00
Maciej Borsz 17c48c0f65 Improve Create/Update/Patch traces. 
Kubernetes-commit: 56769e794b757c541d1c7fef36a5507e52e3e7b2
 2022-04-20 07:30:12 +00:00
Tim Allclair 1e36b0a9fb Don't add audit annotations directly to the audit event 
Kubernetes-commit: bdebc62d49293a0fbbd7e0d95bfd94b1ce21015c
 2022-03-28 11:38:38 -07:00
Jordan Liggitt bacaca81ed set/validate object namespace before admission 
Kubernetes-commit: 92422a73053129a88ea48e62a44410103a400376
 2020-09-09 01:12:31 -04:00
Abu Kashem 8949a1cdfc add trace step for transformResponseObject 
Kubernetes-commit: 41cef06f66dd4d7e87ff852dc228ab69587be9de
 2021-11-22 13:18:02 -05:00
Kevin Delgado 59227ac996 Server Side Field Validation 
Implements server side field validation behind the
`ServerSideFieldValidation` feature gate. With the
feature enabled, any create/update/patch request
with the `fieldValidation` query param set to
"Strict" will error if the object in the request
body have unknown fields. A value of "Warn"
(also the default when the feautre is enabled)
will succeed the request with a warning.

When the feature is disabled (or the query param
has a value of "Ignore"), the request will succeed
as it previously had with no indications of any
unknown or duplicate fields.

Kubernetes-commit: e50e2bbc889eb274ad1463a54188a2805767bfde
 2021-08-18 02:25:36 +00:00
Abu Kashem fea88b8efd drop managed fields from audit entries 
drop the managed fields of the objects from the audit entries when we
are logging request and response bodies.

Kubernetes-commit: bbc59348318c29199e23b27981fb56436ac68705
 2020-10-12 13:18:59 -04:00
Abu Kashem d53acfe201 apiserver: store (event, evaluated policy) pair in request context 
Kubernetes-commit: 8be823b0b0270e1b979b3d4c6e683e1daa0f2e01
 2021-09-20 17:43:16 -04:00
CKchen0726 5c4bb8bb6a remove invalid nil check 
Kubernetes-commit: 3f1675312042cd855a39200c4bff8020cc0922de
 2021-09-13 21:04:31 +08:00
njuptlzf dd5fc094cd Use objGV instead of gvk.GroupVersion 
Kubernetes-commit: 15c4d579f08335f33555d3cab5eff41c74e671b9
 2021-06-02 14:27:30 +08:00
Kasakaze f0159a94e3 Simplify objGV construction 
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>

Kubernetes-commit: 58d7bf67d4694d52610097c72fe79012e19c5da0
 2021-06-02 10:53:05 +08:00
njuptlzf 790f5a21a7 Fix auditing failed of request: encoding failed 
Kubernetes-commit: 329f7d55d1344f728e28ce49728234f9f8f4c5d3
 2021-05-17 02:31:08 +08:00
Jordan Liggitt b97dfc761c allow evictions subresource to accept policy/v1 and policy/v1beta1 
Kubernetes-commit: 33ad842480353f2816873bf728d75333948e4817
 2021-03-31 16:54:55 -04:00
Abu Kashem 28c097bee7 move FinishRequest to its own package 
Kubernetes-commit: 393a1f73fbaa1bf1facb8882eaf4fead16b94f58
 2021-03-22 16:39:14 -04:00
Kevin Wiesmueller 82e671a5f8 add managedFields admission 
Kubernetes-commit: f86b59ab79227929e7f283b859b4c59317399807
 2021-02-11 16:22:16 +01:00
Kevin Wiesmueller 7da058f6bb disable webhook for testing 
Kubernetes-commit: ffbae9c5b4a3df9f7400d0047a5d7a957adf295d
 2021-02-01 17:56:49 +01:00
Kevin Wiesmueller a29734176f use managedFields admission controller in create/patch/update 
Kubernetes-commit: 3d306e222de3b13a55030a53fef93622bb300646
 2021-01-14 20:15:11 +01:00
Abu Kashem 026eb846a4 apiserver: plumb context with request deadline 
- as soon as a request is received by the apiserver, determine the
  timeout of the request and set a new request context with the deadline.
- the timeout filter that times out non-long-running requests should
  use the request context as opposed to a fixed 60s wait today.
- admission and storage layer uses the same request context with the
  deadline specified.

we use the default timeout enforced by the apiserver:
- if the user has specified a timeout of 0s, this implies no timeout on the user's part.
- if the user has specified a timeout that exceeds the maximum deadline allowed by the apiserver.

Kubernetes-commit: e416c9e574c49fd0190c8cdac58322aa33a935cf
 2020-11-26 23:53:20 -05:00
lala123912 36a172d35e Code optimization for add additional information to log trace in api server 
Kubernetes-commit: 5d61e18a4343773105e39c36b944b4f223e70eaf
 2020-11-23 16:27:05 +08:00
Jordan Liggitt cec339c07a Revert "plumb context with request deadline" 
This reverts commit 83f869ee1350da1b65d508725749fb70d0f535f2.

Kubernetes-commit: afd92b3b3ea8fa8e3dbe2521d6ce213c809d25c7
 2020-11-19 18:15:04 -05:00
Haowei Cai 00bc4d7843 apiserver dedups owner references and adds warning 
for CREATE and UPDATE requests, we check duplication before managedFields
update, and after mutating admission; for PATCH requests, we check
duplication after mutating admission

Kubernetes-commit: ffc54ed1d2cbf4396fcc498beeb6ad34ac3df69c
 2020-11-18 12:35:45 -08:00
Abu Kashem 46e3e4810e plumb context with request deadline 
- as soon as a request is received by the apiserver, determine the
timeout of the request and set a new request context with the deadline.
- the timeout filter that times out non-long-running requests should
use the request context as opposed to a fixed 60s wait today.
- admission and storage layer uses the same request context with the
deadline specified.

Kubernetes-commit: 83f869ee1350da1b65d508725749fb70d0f535f2
 2020-10-30 16:30:05 -04:00
Andrea Nodari 618f4b129a Make the creation of namespace using POST and PATCH consistent 
PATCH verb is used when creating a namespace using server-side apply,
while POST verb is used when creating a namespace using client-side
apply.

The difference in path between the two ways to create a namespace led to
an inconsistency when calling webhooks. When server-side apply is used,
the request sent to webhooks has the field "namespace" populated with
the name of namespace being created. On the other hand, when using
client-side apply the "namespace" field is omitted.

This commit aims to make the behaviour consistent and populates the
"namespace" field when creating a namespace using POST verb (i.e.
client-side apply).

Kubernetes-commit: 3cb510e33eecbdc37aad14f121396ccfbf5268cb
 2020-09-21 12:13:12 +02:00
Joe Betz 97937c66f2 Revert nested trace PR#88936 
Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d
 2020-07-20 09:55:05 -07:00
Joe Betz 7a467399ac Enable nested tracing, add request filter chain tracing incl. authn/authz tracing 
Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20
 2020-03-06 16:11:21 -08:00
Antoine Pelisse cc0f41ad59 fieldManager: Ignore and log all errors when updating managedFields 
Kubernetes-commit: 5378a788e471a18594c446888306d826d3b44661
 2020-05-08 12:48:09 -07:00
jennybuckley a87d964ed1 Don't save managedFields if object is too large 
Kubernetes-commit: ccd9e4e2de32b8708f3a7be159f7a4316449c433
 2020-01-22 15:38:27 -08:00
jennybuckley 216aab95f9 Move mutating admission into finishRequest 
Kubernetes-commit: 9bd42287f90feeb0cf1076fcfb180ff6e1d02110
 2020-01-29 13:21:58 -08:00
ialidzhikov a521baa66a Minor nit in error message about feature gate stage 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: 1eaa0ee3f9553cce1821434ce64e745ba5b135d2
 2020-01-01 15:54:06 +02:00
Jianfei Bai a5b9ca7482 feat(apiserver): add user-agent and remote info into trace log for endpoints handlers. 
Kubernetes-commit: 91bddd13485082892be8e8e471e358be317c4e9b
 2019-10-10 21:30:05 +08:00
wojtekt ba8f49cc73 Ensure conversions are registered for metainternalversion codecs 
Kubernetes-commit: 54163527a69a8c868b87d301876559495220d1b0
 2019-09-11 16:30:08 +02:00
Di Xu d9e587908f populate object name for admission attributes when CREATE 
Kubernetes-commit: 34cab8f80a9104be7fe5d8a5a22c3207dab46268
 2017-09-28 14:59:34 +08:00
Jordan Liggitt 0c706a033c Plumb context to admission Admit/Validate 
Kubernetes-commit: 61774cd7176cae0c0324d23ab20e6c6b3038153f
 2019-08-19 10:48:08 -04:00
Jordan Liggitt aab7154c4f plumb client-specified request timeout to context 
Kubernetes-commit: 89d5c1f3ea8d8e27526e4f558872c4e24ddc526c
 2019-08-20 10:36:34 -04:00
Joe Betz f103fcda51 Replace string concatination with trace fields 
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
 2019-08-02 23:47:24 -07:00
Joe Betz 19327df6d5 Pass {Operation}Option to Webhooks 
Kubernetes-commit: 140c8c73a64deb102b528109138ca9fb7dbb2392
 2019-05-07 13:34:18 -07:00
Clayton Coleman c8f7d5017d Make RequestScope be a pointer consistently for better memory use 
RequestScope is a large struct and causes stack growth when we pass
it by value into multiple stack levels. Avoid the allocations for
this read only struct by passing a pointer.

Kubernetes-commit: 8fede0b18a81a6fb1acc1a48857f482857c25286
 2019-03-25 23:33:48 -04:00
Antoine Pelisse 46d98f52ff Add "fieldManager" to flag to PATCH/CREATE/UPDATE 
And add a corresponding flag in kubectl (for apply), even though the
value is defaulted in kubectl with "kubectl".

The flag is required for Apply patch-type, and optional for other PATCH,
CREATE and UPDATE (in which case we fallback on the user-agent).

Kubernetes-commit: eb904d8fa89da491f400614f99458ed3f0d529fb
 2019-02-16 20:16:11 -08:00
Mehdy Bohlool 87b5ac0c06 Add ObjectInterfaces to Admission and Validation 
Kubernetes-commit: 513a87c7b25aa58f84fafe0dc170cee4c76e481b
 2019-02-16 12:27:24 -08:00
Chao Xu 4ebbf20f41 Adding a limit on the maximum bytes accepted to be decoded in a resource 
write request.

Kubernetes-commit: b971b12d3cfa8887aa87957fbba92b90e3e99dc6
 2019-02-06 16:58:24 -08:00
Antoine Pelisse 91c401c45f Add object information on FieldManager failures 
Kubernetes-commit: 79f3135d2ea2884d2d8115dcdd93a0b454c87b6f
 2019-01-29 16:19:52 -08:00
Antoine Pelisse d1a2d7fd8d Plugin FieldManager in CRD handler, change to API 
Kubernetes-commit: b55417f429353e1109df8b3bfa2afc8dbd9f240b
 2019-01-29 14:24:52 -08:00
Antoine Pelisse 337fc9ccde API Machinery, Kubectl and tests 
Kubernetes-commit: 0e1d50e70fdc9ed838d75a7a1abbe5fa607d22a1
 2019-01-16 21:14:42 -08:00