Extends the certificate attribute deprecation RoundTrippers wrapper with
a checker that counts certificates with sha-1 signatures in server responses.
Non-root non-self-signed SHA-1 certificate signatures were deprecated in
Golang 1.18.
Kubernetes-commit: 499ee65a9b0cd45d41716b513fae0d537f7f9c88
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:
- Logging a message only above a certain verbosity threshold without
recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
this matters when using a logging backend which records the verbosity
level.
- Passing a format string with parameters to a logging function that
doesn't do string formatting.
All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.
In some cases it reports false positives, but those can be suppressed with
source code comments.
Kubernetes-commit: edffc700a43e610f641907290a5152ca593bad79
This reverts commit 83ca74541216405323ddfb67f5f80ad5717da826, reversing
changes made to 1c216c6ec86e700170620fe4c75fa3a2a2817530.
Kubernetes-commit: b0b460921b81b260473d5c393d85beeb5a03e834
This change updates the generic webhook logic to use a rest.Config
as its input instead of a kubeconfig file. This exposes all of the
rest.Config knobs to the caller instead of the more limited set
available through the kubeconfig format. This is useful when this
code is being used as a library outside of core Kubernetes. For
example, a downstream consumer may want to override the webhook's
internals such as its TLS configuration.
Signed-off-by: Monis Khan <mok@vmware.com>
Kubernetes-commit: fef7d0ef1e1fbff65e8d445256036704bb9dbcbd
This reverts commit 6faa4f001008a5a29476f5722f66430c35f48229, reversing
changes made to 33a2c50bce334467640e016f68cf19e9382ba1a7.
Kubernetes-commit: 8fb33338635565f2f755a4557b94c26039c175d9
In the following code pattern, the log message will get logged with v=0 in JSON
output although conceptually it has a higher verbosity:
if klog.V(5).Enabled() {
klog.Info("hello world")
}
Having the actual verbosity in the JSON output is relevant, for example for
filtering out only the important info messages. The solution is to use
klog.V(5).Info or something similar.
Whether the outer if is necessary at all depends on how complex the parameters
are. The return value of klog.V can be captured in a variable and be used
multiple times to avoid the overhead for that function call and to avoid
repeating the verbosity level.
Kubernetes-commit: 9eaa2dc554e0c3d4485d4c916dfdbc2f517db2e0
The new handler is meant to be executed at the end of the delegation chain.
It simply checks if the request have been made before the server has installed all known HTTP paths.
In that case it returns a 503 response otherwise it returns a 404.
We don't want to add additional checks to the readyz path as it might prevent fixing bricked clusters.
This specific handler is meant to "protect" requests that arrive before the paths and handlers are fully initialized.
Kubernetes-commit: 53867975e72c7a2d2dd94aac6bd2869411f92094
Track the introduction of FinalSeats.
Give up on calculating expected results for tests with added latency,
because I did not find an easy and obvious way to do it.
Kubernetes-commit: 0fc595e03360ba7fc4c3e251d4b41f39172aca72
New anti-windup technique: use the request arrival time as the floor
on the virtual dispatch time. Prevent bound violations where they
might arise rather than fixing up just one queue at dispatch time,
so that the fixed up dispatch times figure into the dispatching choice.
Two tweaks to the shuffle sharding. Take seats of executing requests
into account as well as seats of waiting requests. Do not always
consider the generated hand in the same order.
Rename the queueset methods that do shuffle sharding and finding the
queue to dispatch from, because the old names were confusingly
similar.
Tighten up some request margins.
Name the test cases in TestNoRestraint and TestWindup.
Kubernetes-commit: 4b9cba85874158b25b5c994773a4ec04343820c2
Canonicalize listing of test cases.
Make TestNoRestraint try both cases: competition and none.
Kubernetes-commit: 0ee1a7b4ff9012b050bd447055ad5e1e8c57c30e
Make TestNoRestraint verify that fairness is NOT achieved
when there is real competition.
Make TestWindup run two cases, to show that 0.1 is too narrow
a margin and 0.26 is wide enough.
Kubernetes-commit: c4945fdf0c14ba2032a5c8edf192678d9fe00374
These behavioral unit tests of queueset were failing because the
evaluation criteria were too strict.
Kubernetes-commit: 59d319ec06bb33289a87036418b4a61ed3bb215f
So that the width estimate has some effect but not a grossly excessive
one.
Added the fifo::Peek method to simplify the fifo client code.
Also renamed the queueSet::estimatedServiceTime field to
estimatedServiceSeconds to make the units clear.
Kubernetes-commit: a0c161f2f6908ee424ea888ff40f75ff071bd20a
Instead of a plain `Mutex`, use an `RWMutex` so that the common
operations can proceed in parallel.
Kubernetes-commit: 58927c1abede11ce7a8a74104328cf823df1b39e
The cmp comparison is relatively expensive (#104821). If we're not
going to log it, we shouldn't make the comparison.
Kubernetes-commit: f9f556dc7061df1dfc8c1628db983eeb97149317
Now tries a little harder to get to meaningful stack frames.
This revision seems to strike a balance that is useful in the queueset tests.
Kubernetes-commit: b56dd725032cb7a14aa27e4c50c1c9d7c6d23eb1
Added missing dispatching after delayed release of seats.
Updated logging for all six situations of execution completion and
seat release.
Added behavioral tests for non-zero extra latency and non-unit width.
Also added two tests for baseline functionality.
Also improved some comments and other logging in `queueset.go`.
Kubernetes-commit: d2a27a58f0af20c6185fa1c21890d666e9d3746b
Add comment outlining TestContextCancel.
Stop calling `t.Errorf` from wrong goroutine.
Package up queueNoteFn expectation checking.
Add counting of goroutine in req1 exec fn.
Remove unnecessary assignment to `_`.
Make TestContextCancel wait on fake clock, to insulate timing check
from scheduler noise.
Factor goroutine counting out of queueset.go, into queueset_test.go,
where it matters.
Refactor promise: Use a simple channel-based implementation for normal
code, a mutex-based one for testing code.
Took all the panics out of queueset.go
Shrink the timeouts in promise tests to 1 second.
Kubernetes-commit: 1db36ae3b30e30d70972998a22987a7db470479b
Rename from `clock` to `eventclock`.
Simplify by removing the prohibition on an EventFunc suspending and
resuming activity.
Remove "EventClock" from names to avoid stuttering.
Start to consolidate test code under fairqueuing/testing/.
Kubernetes-commit: 80ca6a4ae6ff571c32962a7155efd55edefff9e6
So we can move off of the apimachinery clock package.
Switch queueset to new clocks.
Removed event clocks based on apimachinery clocks,
because this PR introduces ones based on k8s.io/utils/clock .
Removed interface that is implemented by only one interesting type.
Simplify RealEventClock::EventAfterTime.
Kubernetes-commit: dcb298c9552de44e27ed52f5e2b58a0dd7cd8d54
- add plumbing that allows us to estimated "width" of a request
- the default implementation returns 1 as the "width" of all
incoming requests, this is in keeping with the current behavior.
Kubernetes-commit: 9b72eb1929a64b9d5a5234090a631ba312fb4d41
Adds counters to generic webhook code and to the kube aggregator
so that it is possible to effectively measure the impact of
Golang 1.15's deprecation of x509 cert CN hostname
verification.
Kubernetes-commit: 9d6a19efff05a40081337a2fcb3dce6331b04022
- don't expose the internal states of the apf controller to the caller
- return a boolean, instead of the priority level states
Kubernetes-commit: f20c6cb2d9060920cae9ff5cade1739c7e0b7f7a
webhook.WithExponentialBackoff returns an error, and the priority is:
- A: if the last invocation of the webhook function returned an error
that error should be returned, otherwise
- B: the error associated with the context if it has been canceled or
it has expired, or the ErrWaitTimeout returned by the wait package
once all retries have been exhausted.
caller should check the error returned by webhook.WithExponentialBackoff
to handle both A and B. Currently, we only handle A.
Kubernetes-commit: ae2b353fbf519b29d168c534f88c373fd67a1c31
When the error is due to the object having been deleted, the
controller does not need to do anything before the coming
notification.
Kubernetes-commit: ef1e2039b5fc7f955ec4f9c636a64aa403cba2ab
Collect the parameters of newTestableController into a named type.
Also tolerate the surprising situation in which a request's user
groups include neither `system:authenticated` nor
`system:unauthenticated` --- because this is observed to happen in
some tests.
Also a few other minor fixups.
Kubernetes-commit: 10df6d459b5bca7b42471f9409182417fbc3f253
Changed quantization to use monotonic clock readings.
Stopping panicing when monotonic clock readings go backwards because
https://github.com/kubernetes/kubernetes/issues/96459 reported it
happening.
Re-organized sampleAndWaterMarkHistograms::innerSet to `defer` the
Unlock call, because that is the preferred pattern.
Kubernetes-commit: 0809220fd04d26892f0fcfd3bf54cc4baeda22da
Currently webhook retry backoff parameters are hard coded, we want
to have the ability to configure the backoff parameters for webhook
retry logic.
Kubernetes-commit: 53a1307f68ccf6c9ffd252eeea2b333e818c1103
- Inside WithExponentialBackoff function, handle error returned
by wait.ExponentialBackoff.
- Ensure that the wait time is bound to the given context.
Kubernetes-commit: f8e35de156f212b6989b465e608dd99b525bd5dc
Jordan Liggitt
Stanislav Laznicka
Jiahui Feng
Patrick Ohly
Abu Kashem
Monis Khan
Jefftree
Joe Julian
erwinvaneyk
Wojciech Tyczyński
Mike Spreitzer
Davanum Srinivas
Lukasz Szaszkiewicz
Ben Luddy
Justin SB
Maciej Borsz
Ryan Moriarty
Manu Gupta
David Ashpole
Ryan Phillips
youhonglian
Gautier Delorme
John Howard
David Eads
yoyinzyc
Adhityaa Chandrasekar
pacoxu
corehello
Ken Sipe
yue9944882
Andrew Sy Kim