a559cb8be1
Unify references to group resource in metrics
...
Skip apiserver_storage_objects as it's a stable metrics that doesn't
have "group" label. As defined in KEP-1209 adding a label is considered
a breaking change so this change should be done via deprecation and
introduction of new metric.
Tested via:
```
kubectl get --raw /metrics | grep -i apiservice | grep -v APIServiceRegistrationController | grep -v aggregator_unavailable_apiservice | python3 -c "import sys; print('\n'.join([k+' ' + v for k,v in {a.split('{')[0]:'{'+a.split('{')[1].split('}')[0]+'}' for a in sys.stdin.readlines() if '#' not in a and '_sum' not in a and '_bucket' not in a}.items()]))"
```
Before:
```
apiserver_cache_list_fetched_objects_total {index="",resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_cache_list_returned_objects_total {resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_cache_list_total {index="",resource_prefix="/apiregistration.k8s.io/apiservices"}
apiserver_longrunning_requests {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_request_body_size_bytes_count {resource="apiservices.apiregistration.k8s.io",verb="create"}
apiserver_request_duration_seconds_count {component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_sli_duration_seconds_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_total {code="201",component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_response_sizes_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="LIST",version="v1"}
apiserver_selfrequest_total {resource="apiservices",subresource="",verb="POST"}
apiserver_storage_events_received_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_evaluated_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_fetched_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_returned_objects_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_list_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_storage_objects {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_dispatched_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_received_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_initializations_total {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_resource_version {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_events_sizes_count {group="apiregistration.k8s.io",kind="APIService",version="v1"}
apiserver_watch_events_total {group="apiregistration.k8s.io",kind="APIService",version="v1"}
etcd_request_duration_seconds_count {operation="listWithCount",type="/registry/apiregistration.k8s.io/apiservices/"}
etcd_requests_total {operation="listWithCount",type="/registry/apiregistration.k8s.io/apiservices/"}
watch_cache_capacity {resource="apiservices.apiregistration.k8s.io"}
```
After:
```
apiserver_cache_list_fetched_objects_total {group="apiregistration.k8s.io",index="",resource="apiservices"}
apiserver_cache_list_returned_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_cache_list_total {group="apiregistration.k8s.io",index="",resource="apiservices"}
apiserver_longrunning_requests {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_request_body_size_bytes_count {group="apiregistration.k8s.io",resource="apiservices",verb="create"}
apiserver_request_duration_seconds_count {component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_sli_duration_seconds_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_request_total {code="201",component="apiserver",dry_run="",group="apiregistration.k8s.io",resource="apiservices",scope="resource",subresource="",verb="POST",version="v1"}
apiserver_response_sizes_count {component="apiserver",group="apiregistration.k8s.io",resource="apiservices",scope="cluster",subresource="",verb="WATCH",version="v1"}
apiserver_selfrequest_total {group="apiregistration.k8s.io",resource="apiservices",subresource="",verb="WATCH"}
apiserver_storage_events_received_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_evaluated_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_fetched_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_returned_objects_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_list_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_storage_objects {resource="apiservices.apiregistration.k8s.io"}
apiserver_watch_cache_events_dispatched_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_events_received_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_initializations_total {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_cache_resource_version {group="apiregistration.k8s.io",resource="apiservices"}
apiserver_watch_events_sizes_count {group="apiregistration.k8s.io",resource="apiservices",version="v1"}
apiserver_watch_events_total {group="apiregistration.k8s.io",resource="apiservices",version="v1"}
etcd_bookmark_counts {group="apiregistration.k8s.io",resource="apiservices"}
etcd_request_duration_seconds_count {group="apiregistration.k8s.io",operation="listWithCount",resource="apiservices"}
etcd_requests_total {group="apiregistration.k8s.io",operation="listWithCount",resource="apiservices"}
watch_cache_capacity {group="apiregistration.k8s.io",resource="apiservices"}
```
Kubernetes-commit: f712b01ddb55f6569b930ca714499051ba8cb311
2025-05-19 11:41:09 +02:00
1bb7b2e6ab
introduce a proper trace context
...
Signed-off-by: carlory <baofa.fan@daocloud.io>
Co-authored-by: CasperLiu <qiuyuzhe521@gmail.com>
Kubernetes-commit: 5b2632f70763aeadfc334df1364946fe39fc10bb
2024-04-07 17:58:59 +08:00
757565c389
SSA: improve create authz error message
...
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: 857127f7c44a029f6f8dd44b0b40364aa00aa13d
2024-08-02 17:20:53 -04:00
4bd3e89853
remove checks for fieldmanager from handlers
...
it should never be nil
Kubernetes-commit: ad5cda4d21974104db01732474130d10c001d3f2
2023-03-14 15:08:00 -07:00
29e89f54e2
move check for noop managed field timestamp updates
...
this check needs to go after any mutations. After the mutating admission chain, rest.BeforeUpdate (which is responsible for reverting updates to immutable timestamp fields, among other things.) is called in the store.Update function. Without moving this check, it will be possible for an object to be written to etcd with only a change to its managed fields timestamp.
Kubernetes-commit: 2b01f63b115e19e8ac9f8ee8e00dde65c5f40290
2023-03-22 11:18:50 -07:00
aa161f2fc0
migrate apiserver utiltrace usage to component-base/tracing
...
Kubernetes-commit: de26b9023f2872c5cd7e15fad5dd5ab649222c13
2022-10-20 18:15:38 +00:00
ce7b4d6e8c
Add request body size metric
...
Change-Id: Ica5d9b5457d4f844c4500b2c05b2f0631c27454c
Kubernetes-commit: 43c95cbf0682895cf5bb79452b1f011123ac4513
2022-08-24 09:15:23 -07:00
ea69e5d51c
remove DryRun feature gate checks
...
Kubernetes-commit: a1bfb76458a219577884d312ceb93eb1bb3f7e39
2022-08-26 11:33:56 +02:00
81749c6ee9
revert timestamp updates to object if non-managed fields do not change
...
add short-circuiting logic for long comaprison
replace timestamps rather than doing a full managed fields deepcopy
add guard
Kubernetes-commit: 7233538008489c189d09bb042fbabca97d9cdbaf
2022-07-14 11:40:20 -07:00
17c48c0f65
Improve Create/Update/Patch traces.
...
Kubernetes-commit: 56769e794b757c541d1c7fef36a5507e52e3e7b2
2022-04-20 07:30:12 +00:00
1e36b0a9fb
Don't add audit annotations directly to the audit event
...
Kubernetes-commit: bdebc62d49293a0fbbd7e0d95bfd94b1ce21015c
2022-03-28 11:38:38 -07:00
bacaca81ed
set/validate object namespace before admission
...
Kubernetes-commit: 92422a73053129a88ea48e62a44410103a400376
2020-09-09 01:12:31 -04:00
8949a1cdfc
add trace step for transformResponseObject
...
Kubernetes-commit: 41cef06f66dd4d7e87ff852dc228ab69587be9de
2021-11-22 13:18:02 -05:00
59227ac996
Server Side Field Validation
...
Implements server side field validation behind the
`ServerSideFieldValidation` feature gate. With the
feature enabled, any create/update/patch request
with the `fieldValidation` query param set to
"Strict" will error if the object in the request
body have unknown fields. A value of "Warn"
(also the default when the feautre is enabled)
will succeed the request with a warning.
When the feature is disabled (or the query param
has a value of "Ignore"), the request will succeed
as it previously had with no indications of any
unknown or duplicate fields.
Kubernetes-commit: e50e2bbc889eb274ad1463a54188a2805767bfde
2021-08-18 02:25:36 +00:00
fea88b8efd
drop managed fields from audit entries
...
drop the managed fields of the objects from the audit entries when we
are logging request and response bodies.
Kubernetes-commit: bbc59348318c29199e23b27981fb56436ac68705
2020-10-12 13:18:59 -04:00
d53acfe201
apiserver: store (event, evaluated policy) pair in request context
...
Kubernetes-commit: 8be823b0b0270e1b979b3d4c6e683e1daa0f2e01
2021-09-20 17:43:16 -04:00
dd5fc094cd
Use objGV instead of gvk.GroupVersion
...
Kubernetes-commit: 15c4d579f08335f33555d3cab5eff41c74e671b9
2021-06-02 14:27:30 +08:00
1b73b18c80
Simplify objGV construction
...
Co-authored-by: Jordan Liggitt <jordan@liggitt.net>
Kubernetes-commit: 0ae6a7bac6ba268c59e82222d69ad91e381e79bc
2021-06-02 10:52:22 +08:00
790f5a21a7
Fix auditing failed of request: encoding failed
...
Kubernetes-commit: 329f7d55d1344f728e28ce49728234f9f8f4c5d3
2021-05-17 02:31:08 +08:00
b97dfc761c
allow evictions subresource to accept policy/v1 and policy/v1beta1
...
Kubernetes-commit: 33ad842480353f2816873bf728d75333948e4817
2021-03-31 16:54:55 -04:00
28c097bee7
move FinishRequest to its own package
...
Kubernetes-commit: 393a1f73fbaa1bf1facb8882eaf4fead16b94f58
2021-03-22 16:39:14 -04:00
82e671a5f8
add managedFields admission
...
Kubernetes-commit: f86b59ab79227929e7f283b859b4c59317399807
2021-02-11 16:22:16 +01:00
7da058f6bb
disable webhook for testing
...
Kubernetes-commit: ffbae9c5b4a3df9f7400d0047a5d7a957adf295d
2021-02-01 17:56:49 +01:00
a29734176f
use managedFields admission controller in create/patch/update
...
Kubernetes-commit: 3d306e222de3b13a55030a53fef93622bb300646
2021-01-14 20:15:11 +01:00
026eb846a4
apiserver: plumb context with request deadline
...
- as soon as a request is received by the apiserver, determine the
timeout of the request and set a new request context with the deadline.
- the timeout filter that times out non-long-running requests should
use the request context as opposed to a fixed 60s wait today.
- admission and storage layer uses the same request context with the
deadline specified.
we use the default timeout enforced by the apiserver:
- if the user has specified a timeout of 0s, this implies no timeout on the user's part.
- if the user has specified a timeout that exceeds the maximum deadline allowed by the apiserver.
Kubernetes-commit: e416c9e574c49fd0190c8cdac58322aa33a935cf
2020-11-26 23:53:20 -05:00
36a172d35e
Code optimization for add additional information to log trace in api server
...
Kubernetes-commit: 5d61e18a4343773105e39c36b944b4f223e70eaf
2020-11-23 16:27:05 +08:00
cec339c07a
Revert "plumb context with request deadline"
...
This reverts commit 83f869ee1350da1b65d508725749fb70d0f535f2.
Kubernetes-commit: afd92b3b3ea8fa8e3dbe2521d6ce213c809d25c7
2020-11-19 18:15:04 -05:00
00bc4d7843
apiserver dedups owner references and adds warning
...
for CREATE and UPDATE requests, we check duplication before managedFields
update, and after mutating admission; for PATCH requests, we check
duplication after mutating admission
Kubernetes-commit: ffc54ed1d2cbf4396fcc498beeb6ad34ac3df69c
2020-11-18 12:35:45 -08:00
46e3e4810e
plumb context with request deadline
...
- as soon as a request is received by the apiserver, determine the
timeout of the request and set a new request context with the deadline.
- the timeout filter that times out non-long-running requests should
use the request context as opposed to a fixed 60s wait today.
- admission and storage layer uses the same request context with the
deadline specified.
Kubernetes-commit: 83f869ee1350da1b65d508725749fb70d0f535f2
2020-10-30 16:30:05 -04:00
97937c66f2
Revert nested trace PR#88936
...
Kubernetes-commit: 02cf58102a61b6d1e021e256381ff750573ce55d
2020-07-20 09:55:05 -07:00
7a467399ac
Enable nested tracing, add request filter chain tracing incl. authn/authz tracing
...
Kubernetes-commit: b12ac0abc64adb71d97fbde12f373b1424631f20
2020-03-06 16:11:21 -08:00
cc0f41ad59
fieldManager: Ignore and log all errors when updating managedFields
...
Kubernetes-commit: 5378a788e471a18594c446888306d826d3b44661
2020-05-08 12:48:09 -07:00
a87d964ed1
Don't save managedFields if object is too large
...
Kubernetes-commit: ccd9e4e2de32b8708f3a7be159f7a4316449c433
2020-01-22 15:38:27 -08:00
a521baa66a
Minor nit in error message about feature gate stage
...
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>
Kubernetes-commit: 1eaa0ee3f9553cce1821434ce64e745ba5b135d2
2020-01-01 15:54:06 +02:00
a5b9ca7482
feat(apiserver): add user-agent and remote info into trace log for endpoints handlers.
...
Kubernetes-commit: 91bddd13485082892be8e8e471e358be317c4e9b
2019-10-10 21:30:05 +08:00
d1d66bda16
Propagate context to Authorize() calls
...
Kubernetes-commit: 92eb072989eba22236d034b56cc2bf159dfb4915
2019-09-24 10:06:32 -04:00
ba8f49cc73
Ensure conversions are registered for metainternalversion codecs
...
Kubernetes-commit: 54163527a69a8c868b87d301876559495220d1b0
2019-09-11 16:30:08 +02:00
0c706a033c
Plumb context to admission Admit/Validate
...
Kubernetes-commit: 61774cd7176cae0c0324d23ab20e6c6b3038153f
2019-08-19 10:48:08 -04:00
aab7154c4f
plumb client-specified request timeout to context
...
Kubernetes-commit: 89d5c1f3ea8d8e27526e4f558872c4e24ddc526c
2019-08-20 10:36:34 -04:00
f103fcda51
Replace string concatination with trace fields
...
Kubernetes-commit: 46a04d50af78e01d06a9879d62cc71fbe892076f
2019-08-02 23:47:24 -07:00
19327df6d5
Pass {Operation}Option to Webhooks
...
Kubernetes-commit: 140c8c73a64deb102b528109138ca9fb7dbb2392
2019-05-07 13:34:18 -07:00
c8f7d5017d
Make RequestScope be a pointer consistently for better memory use
...
RequestScope is a large struct and causes stack growth when we pass
it by value into multiple stack levels. Avoid the allocations for
this read only struct by passing a pointer.
Kubernetes-commit: 8fede0b18a81a6fb1acc1a48857f482857c25286
2019-03-25 23:33:48 -04:00
46d98f52ff
Add "fieldManager" to flag to PATCH/CREATE/UPDATE
...
And add a corresponding flag in kubectl (for apply), even though the
value is defaulted in kubectl with "kubectl".
The flag is required for Apply patch-type, and optional for other PATCH,
CREATE and UPDATE (in which case we fallback on the user-agent).
Kubernetes-commit: eb904d8fa89da491f400614f99458ed3f0d529fb
2019-02-16 20:16:11 -08:00
87b5ac0c06
Add ObjectInterfaces to Admission and Validation
...
Kubernetes-commit: 513a87c7b25aa58f84fafe0dc170cee4c76e481b
2019-02-16 12:27:24 -08:00
4ebbf20f41
Adding a limit on the maximum bytes accepted to be decoded in a resource
...
write request.
Kubernetes-commit: b971b12d3cfa8887aa87957fbba92b90e3e99dc6
2019-02-06 16:58:24 -08:00
3c768f935f
Avoid closure
...
Kubernetes-commit: bbab0d6c5f9fe75388583772ef4f094e863f9627
2019-01-30 14:15:25 -08:00
91c401c45f
Add object information on FieldManager failures
...
Kubernetes-commit: 79f3135d2ea2884d2d8115dcdd93a0b454c87b6f
2019-01-29 16:19:52 -08:00
d1a2d7fd8d
Plugin FieldManager in CRD handler, change to API
...
Kubernetes-commit: b55417f429353e1109df8b3bfa2afc8dbd9f240b
2019-01-29 14:24:52 -08:00
337fc9ccde
API Machinery, Kubectl and tests
...
Kubernetes-commit: 0e1d50e70fdc9ed838d75a7a1abbe5fa607d22a1
2019-01-16 21:14:42 -08:00
2b43930b32
replace k8s.io/apiserver/pkg/util/trace with k8s.io/utils/trace
...
Kubernetes-commit: 93b086f6eafc1e94214fc1d946a1917482751cf3
2019-01-24 11:50:30 -05:00
Marek Siarkowicz
CasperLiu
Monis Khan
Alexander Zielenski
David Ashpole
Han Kang
Antonio Ojea
Alexander Zielenski
Maciej Borsz
Tim Allclair
Jordan Liggitt
Abu Kashem
Kevin Delgado
njuptlzf
Kasakaze
Kevin Wiesmueller
lala123912
Haowei Cai
Joe Betz
Antoine Pelisse
jennybuckley
ialidzhikov
Jianfei Bai
wojtekt
Clayton Coleman
Antoine Pelisse
Mehdy Bohlool
Chao Xu
Andrew Kim