This reverts commit 0c0e19b343d48d4bea0e7fa735e3781c70298a34.
During stress test for SVM controller, the controller is unable to
make a list call due to following error:
resourceversion.go:155: I0716 21:49:26.973127] storage-version-migrator-controller: Error syncing SVM resource, retrying svm="crdsvm" err="error getting latest resourceVersion for stable.example.com/v1, Resource=testcrds: Timeout: Too large resource version: 28976, current: 20349"
With the feature disabled, the stress test passes.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: aeb51a16e369d5b823a8ae6488d1d5e12c683516
This handler allows running execution prior to actual serving in a separate
goroutine when serving requests. Doing so benefits cases in serving long running
requests because it allows freeing memory used by the separate goroutine
and keeps the serving routines slim.
Signed-off-by: Eric Lin <exlin@google.com>
Kubernetes-commit: 7b2698a5e5c61b303481c2006847409fc8704746
This change fully addresses CVE-2023-44487 and CVE-2023-39325 for
the API server when the client is unauthenticated.
The changes to util/runtime are required because otherwise a large
number of requests can get blocked on the time.Sleep calls.
For unauthenticated clients (either via 401 or the anonymous user),
we simply no longer allow such clients to hold open http2
connections. They can use http2, but with the performance of http1
(with keep-alive disabled).
Since this change has the potential to cause issues, the
UnauthenticatedHTTP2DOSMitigation feature gate can be disabled to
remove this protection (it is enabled by default). For example,
when the API server is fronted by an L7 load balancer that is set up
to mitigate http2 attacks, unauthenticated clients could force
disable connection reuse between the load balancer and the API
server (many incoming connections could share the same backend
connection). An API server that is on a private network may opt to
disable this protection to prevent performance regressions for
unauthenticated clients.
For all other clients, we rely on the golang.org/x/net fix in
b225e7ca6d
That change is not sufficient to adequately protect against a
motivated client - future changes to Kube and/or golang.org/x/net
will be explored to address this gap.
The Kube API server now uses a max stream of 100 instead of 250
(this matches the Go http2 client default). This lowers the abuse
limit from 1000 to 400.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 800a8eaba7f25bd223fefe6e7613e39a5d7f1eeb
Request bookmark every 100ms when there is at least one request blocked on revision not present in watch cache.
Kubernetes-commit: 39bb8f4bb1d013937aceac6c387563ffe13545c5
* api changes adding match conditions
* feature gate and registry strategy to drop fields
* matchConditions logic for admission webhooks
* feedback
* update test
* import order
* bears.com
* update fail policy ignore behavior
* update docs and matcher to hold fail policy as non-pointer
* update matcher error aggregation, fix early fail failpolicy ignore, update docs
* final cleanup
* openapi gen
Kubernetes-commit: 5e5b3029f3bbfc93c3569f07ad300a5c6057fc58
Marek Siarkowicz
Ben Luddy
Jefftree
Cici Huang
David Eads
Lukasz Szaszkiewicz
Monis Khan
Abu Kashem
Wojciech Tyczyński
Vinayak Goyal
Siyuan Zhang
Marek Siarkowicz
Joe Betz
Jordan Liggitt
Igor Velichkovich
Cici Huang
Eric Lin
carlory
Rita Zhang
guangli.bao
Nabarun Pal
Anish Ramasekar
Alexander Zielenski
Amine
shubham82
yulng
Igor Velichkovich