kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
6,272 Commits 30 Branches 1,482 Tags 31 MiB
Commit Graph

973 Commits

Author SHA1 Message Date
Monis Khan 70b4742ce2 kms: fix go routine leak in gRPC connection 
Signed-off-by: Monis Khan <mok@microsoft.com>

Kubernetes-commit: 4e68e9b5ad70ae074b3fb20f0fb2ba25d0792274
 2022-08-24 01:51:19 +00:00
xueqzhan 9d6934f8fa Add DisableAnonymous to DelegatingAuthenticationOptions 
Kubernetes-commit: 5619c71eb0b9fae13c831d92797da9427094518f
 2022-09-01 11:58:51 -04:00
Jordan Liggitt 9397c6d674 Enforce strict handling in alpha 
Kubernetes-commit: 065cca38e937bcd517504a21472e72987e0f95a7
 2022-08-23 09:07:46 -04:00
Anish Ramasekar bdd7082eed chore(kms): remove unused plugin name and migrate from deprecated `io/ioutil` pkg 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 7db7a63959162d743f771183bf4e88e82afef868
 2022-08-23 22:55:22 +00:00
David Eads 6a7c6a0940 Revert "Add an option to conditionally disable compression based on client ip." 
This reverts commit 023583a15586328569ccab505db2f57f398e04b3.

Kubernetes-commit: 2f3ffbed2cffaaba63304318bc1d09b0144600ff
 2022-08-17 15:08:39 -04:00
David Eads c6b4b28cf9 Revert "enforce strict alpha handling for API serving" 
This reverts commit 233e0cb8c3a723f57d578be2179284e4eb9d017d.

Kubernetes-commit: 696e41a69859f196ac02d3ceb270a3979fc2861f
 2022-08-10 09:42:37 -04:00
Anish Ramasekar 225e26ac4a Implement KMS v2alpha1 
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz

Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
 2022-06-29 20:51:35 +00:00
Sally O'Malley 4f9e133507 kubelet tracing 
Signed-off-by: Sally O'Malley <somalley@redhat.com>
Co-authored-by: David Ashpole <dashpole@google.com>

Kubernetes-commit: 47e7d8034ff3be8e198dde6a671d05a11c30e333
 2021-10-10 09:17:27 -04:00
Maciej Borsz 40280f9889 Add an option to conditionally disable compression based on client ip. 
Kubernetes-commit: 023583a15586328569ccab505db2f57f398e04b3
 2022-07-29 08:44:14 +00:00
Anish Ramasekar 8ab3aa3011 feat:(kms) encrypt data with DEK using AES-GCM instead of AES-CBC 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: d54631a41a869f7a28d82fcab2e174ee85879027
 2022-07-13 17:14:50 +00:00
Maciej Wyrzuc cb0bb2af35 Add additional etcd check to readyz with 2 seconds timeout. 
Kubernetes-commit: b42045a64fd07fb948660839b6c7c14440bee9df
 2022-07-25 13:08:50 +00:00
Davanum Srinivas 7e94033a61 Generate and format files 
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh

Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
 2022-07-19 20:54:13 -04:00
Mikko Ylinen 12a8b7fef3 grpc: move to use grpc.WithTransportCredentials() 
v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use
what is the recommended replacement:

grpc.WithTransportCredentials(insecure.NewCredentials())

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0
 2022-05-11 12:13:28 +03:00
Mike Spreitzer eb15930b31 Fix APF metric denominator problems 
Co-authored-by: JUN YANG <yang.jun22@zte.com.cn>

Kubernetes-commit: fdd921cad0cd9308ec62c1b86c9c1cc5d12e5d21
 2022-05-22 23:39:49 -04:00
Wojciech Tyczyński 8f7c120935 Eliminate MaintainObservations function in P&F 
Kubernetes-commit: badf436ac4451590e5e84e537f2234e3632ea3b4
 2021-11-25 12:44:50 +01:00
HaoJie Liu 4c5e4623d3 cleanup: use append other than for loop 
Signed-off-by: HaoJie Liu <liuhaojie@beyondcent.com>

Kubernetes-commit: 29b5cd04bd2c7e2676687d3b613c9b065b128e54
 2022-07-21 15:29:30 +08:00
Mike Spreitzer 7aa625fb37 Make timeout test properly liberal 
Make the test accept all the legitimate outcomes.

Expand the explanation of how TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter/priority_level_concurrency_is_set_to_1,_queue_length_is_1,_first_request_should_time_out_and_second_(enqueued)_request_should_time_out_as_well is supposed to work.

Expand debug information that is available when the test fails.

Kubernetes-commit: 1f450695ffd5b2d028c87328b8b32630a8052129
 2022-07-14 19:45:15 -04:00
jupblb 738a050cda Introduce config for API Priority and Fairness 
Linked all the default values with a single config structure.

Kubernetes-commit: 1c594e7e01a899807431c806cd11c1d27c885c9c
 2022-07-20 11:33:45 +02:00
Artur Żyliński e34c622d49 Add audit-id to storage traces 
Refactor GetAuditIDTruncated to use context instead of request

Kubernetes-commit: b1e12b01b6c578da3eb593805b48e9d4a69efe54
 2022-06-20 17:09:32 +02:00
Abirdcfly dde070e1ff cleanup: remove duplicate import 
Signed-off-by: Abirdcfly <fp544037857@gmail.com>

Kubernetes-commit: 00b9ead02c37921011ebe5293558cea5277cd295
 2022-04-24 20:58:04 +08:00
Vladimir Nachev 5236515712 Ensure the dir of --audit-log-path exists 
Signed-off-by: Vladimir Nachev <vladimir.nachev@sap.com>

Kubernetes-commit: a380ef5c416194826b70ae75dc4e86776e1a3afe
 2022-06-27 17:21:02 +03:00
Artur Żyliński 87b03dd4f5 Always log APF InitialSeats and FinalSeats values 
Add apf_additionalLatency field, to have all WorkEstimate data

Kubernetes-commit: 962eb52be433bd1302210645d8cdbb0a6f6b8b24
 2022-07-13 10:38:11 +02:00
Mike Spreitzer 959fbf9f84 Use timing ratio histograms instead of sample-and-watermark histograms 
Kubernetes-commit: 0c0b7ca49f9ade72b990bf3a6f568485586af8b4
 2022-05-18 02:56:48 -04:00
Ikko Ashimine f0eede2023 fix typo in genericapiserver.go 
runnning -> running

Kubernetes-commit: a3f66a45977f95274ede281a6994350352b5fd36
 2022-03-20 23:29:01 +09:00
Mike Spreitzer c86ffebc09 Make sure metrics are registered in tests 
Also, include metrics registration in server construction --- for
convenience.

Kubernetes-commit: 5ecf5f4ad30bbaac74a4fc87e8af06009ceb8dc0
 2022-06-11 01:26:38 -04:00
Davanum Srinivas 30571358f5 Switch to v3 of github.com/emicklei/go-restful 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: ab690750df1d27409d31fd270d77b4390bac4431
 2022-06-02 10:03:29 -04:00
Han Kang a414002089 cleanup deprecated metrics and usages 
Kubernetes-commit: f223b900907b71431d7b6ceefa1642bb44fd9d84
 2022-06-01 11:55:14 -07:00
Davanum Srinivas 8a97d520ab Move from k8s.gcr.io to registry.k8s.io 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 50bea1dad89930ad565526910aadc314b9e9f38b
 2022-05-10 08:30:09 -04:00
Mike Spreitzer 0f5737dda8 Remove unhelpful pairing of members of read_vs_write_request_count_samples 
Members are not used in (waiting,executing) pairs, so stopped
using the wrapper that adds such pairing.

Kubernetes-commit: cd33c7cf2260b351dd345497223a944e80bc7b61
 2022-05-22 22:39:06 -04:00
Abu Kashem 658eeac034 fix preshutdown hook behavor with graceful termination 
Kubernetes-commit: 9644edc321e3b7e5180eb7c15a27bf28e19485db
 2022-05-12 19:58:33 -04:00
Mikhail Mazurskiy 17134151a6 Always dial using a context 
Kubernetes-commit: 2d62c57533f96985b7847dd63f91471167bd6006
 2022-05-18 10:39:35 +10:00
Mike Spreitzer cae328fb1c Give apf metrics abstractions more familiar names 
The logic is similar to Prometheus gauges and vectors,
adopt that terminology.

Kubernetes-commit: 7d64a93a1407f91b5e13bf540a0fa834a41622eb
 2022-05-17 23:27:47 -04:00
Wojciech Tyczyński 5ab2c69c4c Fix ResourceQuota admission shutdown 
Kubernetes-commit: f8211d7e447cc6c29139ebf3422f0752278d6da1
 2022-05-18 19:30:23 +02:00
Abu Kashem eb2b1d986c apiserver: refactor graceful termination test 
Kubernetes-commit: f28710bc465189b56c085876caf5aaa1ad037654
 2022-05-18 22:58:36 -04:00
Wojciech Tyczyński 2f9a2acafb Fix stop signal to drained signal in genericapiserver config 
Kubernetes-commit: b56491e6cfe216adc245abfa099757e779403982
 2022-05-18 18:55:45 +02:00
Abu Kashem 2000c163ec apiserver: add lifecycle signal for preshutdown hook 
Kubernetes-commit: b1f7b60515798934b011d27bfeba1cee4fcd26b7
 2022-05-17 12:00:04 -04:00
Abu Kashem 771df84108 apiserver: refactor - move AuditBackend.Run out of NonBlockingRun 
Kubernetes-commit: 6b8398318c005753383700f27bd398f4724b37a9
 2022-05-17 11:14:11 -04:00
Wojciech Tyczyński 751a040f24 Cleanup CRD storage on shutdown 
Kubernetes-commit: 01cf641ffbb3c876c4fc6c3e53a0613356f883e5
 2022-05-15 22:25:43 +02:00
Wojciech Tyczyński 30c4077e0e Diagram for graceful shutdown 
Kubernetes-commit: 1145582de367b9aa4072e631845ce3abc37b8540
 2022-05-12 17:22:36 +02:00
Wojciech Tyczyński f5d65d90e9 Avoid leaking StorageObjectCountTracker goroutine 
Kubernetes-commit: 564b376812836fb1e77452d478ab16eee5101447
 2022-05-15 09:57:26 +02:00
David Eads 1a7e8fcfc4 enforce strict alpha handling for API serving 
Kubernetes-commit: 233e0cb8c3a723f57d578be2179284e4eb9d017d
 2022-05-04 15:47:03 -04:00
Wojciech Tyczyński 0a7c4bcca1 Cleanup etcd healthcheck on shutdown 
Kubernetes-commit: cb80082f666e0e5fe220df32e31a8face18e9393
 2022-05-10 11:12:08 +02:00
Wojciech Tyczyński 8010e8e7e3 Implement Destroy() method for all registries 
Kubernetes-commit: 80060a502c3f86f00800fbeba7684a85f1ce5e17
 2022-04-05 12:26:22 +02:00
Wojciech Tyczyński fbdcc3ee50 Cleanup rest storage resources on shutdown 
Kubernetes-commit: 0527a0dd453c4b76259389ec8e8e6888c5e2a5ab
 2022-04-05 11:00:06 +02:00
Mike Spreitzer 010d347f35 Update flag descriptions for watch cache 
Kubernetes-commit: 2ea3afe425836253202dd36239d8b54149ccb53c
 2022-03-31 10:55:51 -04:00
Mike Spreitzer 60facb736d Log whether watch cache is used for particular resources 
Kubernetes-commit: ce3bf7ae944d4d9255537617b340d5da4efc288f
 2022-03-30 23:16:02 -04:00
Paco Xu e389c500bd TestPreShutdownHooks: change timeout to 1s 
Kubernetes-commit: 99c447ff0e93157bf0760498c4090483162e7cf5
 2022-03-30 10:18:56 +08:00
Jefftree e4486afb41 Separate OpenAPI V2 and V3 Config 
Kubernetes-commit: 67d3dbfaae87a5bf3325fadda7266ed223766a53
 2022-03-28 13:18:56 -07:00
Anish Ramasekar e442eafb33 feat: prepare KMS data encryption for migration to AES-GCM 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Co-authored-by: Monis Khan <mok@vmware.com>
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 90b42f91fd904b71fd52ca9ae55a5de73e6b779a
 2022-03-16 17:54:10 +00:00
Abu Kashem af86802d1a apiserver: stop http server after pre shutdown hooks 
Kubernetes-commit: 8d96cc2dfbd650544660e41c5e8efc8d1e1033a3
 2022-02-09 16:40:57 -05:00
Tim Allclair 1e36b0a9fb Don't add audit annotations directly to the audit event 
Kubernetes-commit: bdebc62d49293a0fbbd7e0d95bfd94b1ce21015c
 2022-03-28 11:38:38 -07:00
Abu Kashem 1b651c5994 add latency tracker for storage and transform 
Kubernetes-commit: eca90856940e9251ecf3fde95c5e4d2d16f5ad68
 2022-02-01 18:13:03 -05:00
Patrick Ohly ba3b8e9322 enhance and fix log calls 
Some of these changes are cosmetic (repeatedly calling klog.V instead of
reusing the result), others address real issues:

- Logging a message only above a certain verbosity threshold without
  recording that verbosity level (if klog.V().Enabled() { klog.Info... }):
  this matters when using a logging backend which records the verbosity
  level.

- Passing a format string with parameters to a logging function that
  doesn't do string formatting.

All of these locations where found by the enhanced logcheck tool from
https://github.com/kubernetes/klog/pull/297.

In some cases it reports false positives, but those can be suppressed with
source code comments.

Kubernetes-commit: edffc700a43e610f641907290a5152ca593bad79
 2022-02-16 12:17:47 +01:00
Maciej Wyrzuc 253e375283 Copy request in timeout handler 
Kubernetes-commit: 44705c71401d327c6d596597adc55596973e89d0
 2022-02-24 13:42:32 +00:00
Wojciech Tyczyński abc4243fac Record dropped requests in apiserver_request_total metric 
Kubernetes-commit: 14396349954be57abea7162d7fe091e58a80ec4b
 2022-03-23 16:16:36 +01:00
kerthcet 6316e03e25 fix: race detected in TestErrConnKilled 
Signed-off-by: kerthcet <kerthcet@gmail.com>

Kubernetes-commit: dd75d3b9ecca72968bcb7ce50b39ec00e7415b41
 2022-03-24 01:48:49 +08:00
Ravi Gudimetla 1ee261d219 API Server Changes 
This commit includes all the changes needed for APIServer. Instead of modifying the existing signatures for the methods which either generate or return stopChannel, we generate a context from the channel and use the generated context to be passed to the controllers which are started in APIServer. This ensures we don't have to touch APIServer dependencies.

Kubernetes-commit: 8b84a793b39fed2a62af0876b2eda461a68008c9
 2022-03-07 09:20:45 -05:00
Kermit Alexander c679395394 Add maxLength/maxItems/maxProperties support to cel.Compile. 
Kubernetes-commit: 83e4d192b136ac3a28ea26a9d09dc9fee7c6b665
 2022-02-15 08:49:37 +00:00
ialidzhikov 38f395ca57 apiserver: Remove the deprecated `--deserialization-cache-size` flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: ee2530ffd4db0cdc8384f7d4acb014e79bb224e9
 2022-03-02 15:33:21 +02:00
jupblb c0c615eb7a Remove apf_fd from httplog 
Since flowDistinguisher may hold data identifying a user accessing the
cluster this can be a source of a PII leak.

Kubernetes-commit: 94c92f78e5b02c27502f3b9d59b4e194e476a6f4
 2022-03-10 12:59:00 +01:00
carlory 871a4b7200 remove audit.k8s.io/v1[alpha|beta]1 versions 
Kubernetes-commit: fcc282f9f2050aaa4007d6f0444b0f4972925fea
 2022-02-13 13:23:49 +08:00
ialidzhikov bce3488a65 apiserver: Remove the deprecated `--target-ram-mb` flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: bdbc7501293eac721ea6f77b55918652f2cd6aab
 2022-03-02 18:52:46 +02:00
ialidzhikov aa165d392e apiserver: Remove the deprecated `--experimental-encryption-provider-config` flag 
Signed-off-by: ialidzhikov <i.alidjikov@gmail.com>

Kubernetes-commit: 244bf1bd69c962041ba5cabc3c9e92f3f94a3ba4
 2022-03-01 19:21:18 +02:00
David Eads 388a62292f prevent enabling beta by default for new api groups 
Kubernetes-commit: af99d192cf95cd29e455d186878db409b8cbdf2c
 2022-02-07 13:32:01 -05:00
David Eads 57ccdb5af8 reduce API surface area of whether a resource is enabled 
Kubernetes-commit: a59b92e8c039fb3646dec18f9e64ee2b5462db42
 2022-02-21 17:23:19 -05:00
David Eads 7fd5822a08 migrate more rest handlers to select by resource enablement 
Kubernetes-commit: 0ec20f97d27e08be8d8bbbbff52e68a4409ab43c
 2022-02-21 16:10:25 -05:00
Steve Kuznetsov af1cb1cefe storage: transformers: pass a context.Context 
When an envelope transformer calls out to KMS (for instance), it will be
very helpful to pass a `context.Context` to allow for cancellation. This
patch does that, while passing the previously-expected additional data
via a context value.

Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>

Kubernetes-commit: 27312feb9983c18d1daf00afba788727d024cdd0
 2022-02-17 07:29:44 -08:00
Wojciech Tyczyński 5e8e1ff118 Relax to using namer instead of selflinker in API groupversion 
Kubernetes-commit: 0ad588b27b6845d9ece955bfdde0e2863b8e1394
 2022-01-13 16:34:56 +01:00
David Eads 1452003cc5 update resourceconfig to have per-resource preferences take priority 
Kubernetes-commit: 41b2662bac7a80d41dfbab13d72c9e1557c0f613
 2022-02-09 15:44:47 -05:00
David Eads 28da9a6848 update the --runtime-config handling to ensure that user preferences always take priority over hardcoded preferences 
Kubernetes-commit: e378fd2bae0fec4756a8e755395193337d13caa2
 2022-02-09 13:05:12 -05:00
brianpursley 21a4aa1138 Fix wrong status code in unit test error messages. 
Replace deprecated use of diff.ObjectReflectDiff() with cmp.Diff().

Kubernetes-commit: e9211d3279649795e40d9698f05e9752d111024a
 2022-01-25 20:31:47 -05:00
Abu Kashem dc55a1a6cc fix flake in TestTimeoutHeaders 
Kubernetes-commit: 2ae70e85d27ad30c29084b56572a817bc18b42e1
 2022-02-07 10:34:20 -05:00
Abu Kashem 72aa2c42fc refactor: rename webhook duration tracker 
Kubernetes-commit: 4a9b9028153c6984b9cf69067cc0a1aa12a00e73
 2022-02-01 15:44:59 -05:00
Patrick Ohly ec795ae204 avoid klog Info calls without verbosity 
In the following code pattern, the log message will get logged with v=0 in JSON
output although conceptually it has a higher verbosity:

   if klog.V(5).Enabled() {
       klog.Info("hello world")
   }

Having the actual verbosity in the JSON output is relevant, for example for
filtering out only the important info messages. The solution is to use
klog.V(5).Info or something similar.

Whether the outer if is necessary at all depends on how complex the parameters
are. The return value of klog.V can be captured in a variable and be used
multiple times to avoid the overhead for that function call and to avoid
repeating the verbosity level.

Kubernetes-commit: 9eaa2dc554e0c3d4485d4c916dfdbc2f517db2e0
 2021-12-11 12:10:21 +01:00
Jordan Liggitt 0edf32708d Fix header mutation race in timeout filter 
Kubernetes-commit: 5b2a31f375755386b5cb2541b912f3561f7d6431
 2022-01-04 22:57:29 -05:00
Ben Luddy 681941e62b Don't bypass ResponseWriter wrappers for apiserver healthz errors. 
The effective layering of ResponseWriters is today, from outside to
inside, httplog(timeout(audit(metrics(original)))). From
6e3fd91e1aa3259d7bd67e0a65693e346ade347d, calls to http.Error in the
apiserver's root healthz handler use an unwrapped ResponseWriter --
effectively timeout(audit(metrics(original))) -- to avoid logging
stack traces for those requests.

From 0d50c969c587c8a6c16e0962118305ac652c5a6b, the same call to
http.Error receives a completely-unwrapped ResponseWriter. This has
the effect of bypassing not only the httplog wrapper, but also
timeout, audit, and metrics. The timeout wrapper defends against
the (disallowed) use of underyling ResponseWriter after the completion
of its request's ServeHTTP call. Since that defensive behavior is
being bypassed, it's possible for the root healthz handler to panic
when health probes time out.

Instead of continuing to use a wrapper-aware means of disabling stack
traces, this commit adds a new function to httplog that allows
customization of the stack trace logging predicate on a per-request
basis.

Kubernetes-commit: ff849fe8b688606d5173d5ee0213a96cffae23c0
 2021-12-14 16:23:36 -05:00
Pingan2017 41eb079182 Remove args enable-swagger-ui since no effect from 1.14 
Kubernetes-commit: 206f3aeec2748ef149a36a9c69329b5be2953ecb
 2021-09-15 10:32:35 +08:00
Mateusz Gozdek fa92f23eb9 k8s.io/apiserver/pkg/server: fix name in APIServerHandler description 
In 18177e2bdeafbddeb3d66fec0b8cb88794cd69ff, PostGoRestful field has
been renamed to NonGoRestfulMux, but the documentation change did not
follow.

This commit fixes that to avoid potential confusion.

Signed-off-by: Mateusz Gozdek <mgozdek@microsoft.com>

Kubernetes-commit: 36ede8de945adcc06bde21c49dc157e9c741e0d2
 2021-10-04 14:54:14 +02:00
William Zhang c0fcf30dd4 cleanup(apiserver): delete the --max-resource-write-bytes & --json-patch-max-copy-bytes description. 
Change-Id: I0fe27dce27db6a1e186bd44a968c6e931de88dd8
Signed-off-by: William Zhang <warmchang@outlook.com>

Kubernetes-commit: 584165cfcc861bc0c8911e11347734cfc8feb8c8
 2021-12-08 17:12:37 +08:00
Davanum Srinivas b840d63feb Cleanup OWNERS files (No Activity in the last year) 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 497e9c1971c9e7d0193bc6d11503ec4ad527f1d5
 2021-12-10 15:18:50 -05:00
Arda Güçlü 1fbc8d31a2 Rename ServeWithListenerStopped to Serve in secure_serving 
This PR removes Serve function and uses all required places
ServeWithListenerStopped which takes place new Serve function.

This function returns ListenerStopped channel can be used to drain
requests before shutting down the server.

Kubernetes-commit: a8d2b3a7926394b1c53621804cdeb93e4a61b7c8
 2021-11-08 17:20:31 +03:00
Abu Kashem 6bd59a523a apf: add a metric to count seat samples 
Kubernetes-commit: bb15bdf15c1cc4d5a4380f3f6ed46d4adc9662a1
 2021-11-23 11:36:09 -05:00
Abu Kashem b88c96a347 apf: add initial and final seats to httplog 
Kubernetes-commit: be085b63455738d3f89fd804c84ae7ab0ac81008
 2021-11-23 10:26:10 -05:00
Abu Kashem 1d83e4074a apf: ensure exempt request notes the classification 
Kubernetes-commit: 8b2dd74c277d6a56a14e99830d39b23c5788c62e
 2021-12-05 11:29:15 -05:00
Davanum Srinivas 56a3a30ae1 Check in OWNERS modified by update-yamlfmt.sh 
Signed-off-by: Davanum Srinivas <davanum@gmail.com>

Kubernetes-commit: 9405e9b55ebcd461f161859a698b949ea3bde31d
 2021-12-09 21:31:26 -05:00
Andy Goldstein b6300d119d Improve pathrecorder duplicate registration info 
Print information from both the original path registration and the new
path registration stack traces when encountering a duplicate. This helps
the developer determine where the duplication is coming from and makes
it much easier to resolve.

Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>

Kubernetes-commit: 04aa8f9dcdbc575fde37e25e45315359b0aa1ca6
 2021-12-03 14:42:27 -05:00
Sergey Kanzhelev 95790548cb remove ReallyCrashForTesting and cleaned up some references to HandleCrash behavior 
Kubernetes-commit: a11453efbc4a5575f7945af1c6fd4f7c00379529
 2021-05-04 00:10:11 +00:00
Antonio Ojea 2f6960cc90 remove unused variable responseBodySize 
Kubernetes-commit: 9336ff78f4a95cca8eb4a5cf528812d1bcac552c
 2021-11-16 22:49:22 +01:00
Antonio Ojea 990b0d9a2e no lint unused variables 
Kubernetes-commit: e82e0b38ffff895210fc6ce58bb347f77a828c01
 2021-11-16 19:00:22 +01:00
Jefftree 649cd36479 Add OpenAPI v3 publishing under feature gate OpenAPIV3 
Kubernetes-commit: 5bf3ed7a98e1e5247fe3fc2f6f948e6ed9a23521
 2021-10-26 11:11:59 -07:00
Mike Spreitzer 4098be7694 Factored TimedObserver into less surprising pieces 
Kubernetes-commit: ab64e852023965fd8873abcd50ff09cf79814d11
 2021-11-15 14:59:30 -05:00
Paweł Banaszewski 78c055e084 Added requestSloLatencies metric 
Kubernetes-commit: 0afa569499d480df4977568454a50790891860f5
 2021-10-25 22:19:24 +00:00
Jordan Liggitt 2b38d6fe21 Revert strict-in-alpha to false 
Kubernetes-commit: 8b1e1a4af833ead47e27375b4151bc59a7598ad6
 2021-11-12 17:04:41 -05:00
Mike Spreitzer 56b220f8cd Add metrics about watch counts seen by APF 
Kubernetes-commit: 154bf6aab33c2486a9066f66ab3a056c1095cb9a
 2021-10-25 03:31:47 -04:00
Wojciech Tyczyński 9ad8b586fc P&F: Update WatchTracker interface to pass more information 
Kubernetes-commit: 12746f4bc15458d585ffd4c6e9d6066810e27361
 2021-10-28 12:41:41 +02:00
Marcel Zięba 35731724b9 Fix race condition in logging when request times out 
Kubernetes-commit: 269431c9c894d70a4412bb79d96822d842725cb0
 2021-10-18 14:48:47 +00:00
Lukasz Szaszkiewicz 3af709f483 aggregator: pass apiServiceRegistrationControllerInitiated signal directly to apiserviceRegistration controller 
Kubernetes-commit: 5116a508a7bf84844f4987ab2db14af88bfd296f
 2021-10-20 11:06:27 +02:00
Lukasz Szaszkiewicz 67be998d0f rename to muxAndDiscoveryComplete 
Kubernetes-commit: 9e2bdfee02a6851fbb13ffe28611e9d2b6242785
 2021-10-19 12:24:00 +02:00
Lukasz Szaszkiewicz 5c13ee7dbf genericapiserver: indroduce muxCompleteSignals for holding signals that indicate all known HTTP paths have been registered 
the new field exists primarily to avoid returning a 404 response when a resource actually exists but we haven't installed the path to a handler.
it is exposed for easier composition of the individual servers.
the primary users of this field are the WithMuxCompleteProtection filter and the NotFoundHandler.

Kubernetes-commit: ddfbb5d2bb57ee44b3e10f0b58f9cc7001f55802
 2021-10-15 18:14:20 +02:00
Lukasz Szaszkiewicz b96eea9892 allow for passing a custom handler to the empty delegate 
Kubernetes-commit: 207478c1e6f94b26d8033d5edc7a8a91c69ef716
 2021-09-02 14:22:23 +02:00
wojtekt c18ab3e1b1 Estimate width of the request based on watchers count in P&F 
Kubernetes-commit: 223f9be59778b6ec2e44fd57df523f00e246bd95
 2021-07-07 10:48:29 +02:00
Antonio Ojea 9bb5c950e8 apiserver aggregator upgrade unit test 
Co-authored-by: Chao Xu <xuchao@google.com>

Kubernetes-commit: 3627462ef3e741f2b8e6de7ed3f51be3122cbc6d
 2021-10-05 00:19:43 +02:00
Abu Kashem 9560ec6e92 introduce final seats for work estimate 
Kubernetes-commit: 3d6cc118fee15313419bf7aa0082a2a608ec62f6
 2021-09-24 15:18:27 -04:00
Abu Kashem 733c3f75e9 apf: print watch init latency in httplog 
Kubernetes-commit: 9b21e11cf9f4cda7c985a588f60925f0766fac02
 2021-10-01 10:18:19 -04:00
Abu Kashem a1d74a4e54 remove httplog filter from handler chain when klog.v < 3 
Kubernetes-commit: b05d805fd3337d3e3ea6a195883a4eb9c66a7b8a
 2021-08-24 14:29:49 -04:00
Abu Kashem 6013da2b94 apiserver: wrap ResponseWriter using abstraction 
Kubernetes-commit: 0d50c969c587c8a6c16e0962118305ac652c5a6b
 2021-09-20 11:21:56 -04:00
Abu Kashem d53acfe201 apiserver: store (event, evaluated policy) pair in request context 
Kubernetes-commit: 8be823b0b0270e1b979b3d4c6e683e1daa0f2e01
 2021-09-20 17:43:16 -04:00
astraw99 2e5bed6053 fix typo `registry` 
Kubernetes-commit: 6d16238fe53bf1135d781c73d3df4283ecef7fed
 2021-08-08 18:37:16 +08:00
Abu Kashem c491eeb785 make lifecycle signal thread safe 
Kubernetes-commit: d3e2e9ede295fd743c991e15789a1bc2e8d123f7
 2021-09-30 15:24:38 -04:00
Abu Kashem 863c48fbc2 apf: rename WorkEstimate.Seats to InitialSeats 
Kubernetes-commit: 5d67896adedbce27f01b59eb5f2054919a047f2b
 2021-09-24 09:41:38 -04:00
Anish Ramasekar 1e3c9bfcdb fix typo in kms encryption config logs 
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>

Kubernetes-commit: 63295a126e316fb7b8630dbc57e98041e747cbed
 2021-09-16 18:18:59 +00:00
Mike Spreitzer 889106eff7 Add metrics about handling LIST requests 
Add metrics that illuminate the costs of handling LIST requests.

Kubernetes-commit: bf424292db185546c474b27b963fd27bdbafc72f
 2021-09-01 18:18:23 -04:00
wojtekt b898581360 Migrate to k8s.io/utils/clock in apiserver 
Kubernetes-commit: 859a98c0358610e2c127cd2fba1be601ca975188
 2021-09-14 20:36:07 +02:00
Paco Xu d1458891b4 remove deprecated validEgressSelectorNames 'master' (#102242) 
* remove deprecated validEgressSelectorNames 'master'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* update gce configure: replace deprecated egress name 'master' with 'controlplane'

Signed-off-by: pacoxu <paco.xu@daocloud.io>

* add dup error for EgressSelection & fix converting alpha/beta to v1 name

Kubernetes-commit: a48a2efbd45ad77901dd09f2665d8cc1e1d8dbf6
 2021-09-16 22:09:46 +08:00
Mike Spreitzer fa81877012 Rename httplog entry from "apf_d" to "apf_fd" 
Because it is for the "Flow Distinguisher".

Kubernetes-commit: be717abb8317ed309a9d2139856a8e87fad76a16
 2021-09-15 17:10:11 -04:00
Abu Kashem db8aff032b apf: update apf logic to use v1beta2 
Kubernetes-commit: 28f2b42a4116a9223113e8b152e02a4f1e602ff4
 2021-08-16 17:53:57 -04:00
Mike Spreitzer 06debee006 Remove race condition from TestApfExecuteWatchRequestsWithInitializationSignal 
Kubernetes-commit: b78baaad5ff4bcaf12e5de9e7e35f8fadba1c25b
 2021-08-31 17:40:03 -04:00
Mike Spreitzer b225af44fe Introduce storagebackend.ConfigForResource 
This is a Config specialized for a GroupResource.
It will support generating new resource-specific metrics.

Kubernetes-commit: 85bcd243aa3c8769a5904a1aea44ce704f5e7174
 2021-08-29 01:06:12 -04:00
Abu Kashem 033ff70436 Revert "Merge pull request #104281 from tkashem/not-ready-429" 
This reverts commit fc5863b8b276e0789f717859e8cce58d7d060181, reversing
changes made to 027fe2554fd18343b8be39eddc8ff6570a6c390f.

Kubernetes-commit: f9f08725907b7db2104ee5fe9f82ab0752726533
 2021-08-31 10:10:46 -04:00
Abu Kashem a687b3b7a9 Revert "Merge pull request #104630 from tkashem/remove-option" 
This reverts commit edb0a72cff0e43bab72a02cada8486d562ee1cd5, reversing
changes made to 80feff6f407be9f0898c449ba3f9d4d013f05ec9.

Kubernetes-commit: 8844d3092a46a40915b4df6e3b9944d5081f8268
 2021-08-31 10:06:12 -04:00
Abu Kashem ee2c906b05 apiserver: remove server option startup-send-retry-after-until-ready 
Kubernetes-commit: 7adc79a4ea33cc44aa8d694c4949e01219e016de
 2021-08-27 10:29:37 -04:00
Stephen Augustus 771ffe6475 generated: Run hack/update-gofmt.sh 
Signed-off-by: Stephen Augustus <foo@auggie.dev>

Kubernetes-commit: 481cf6fbe753b9eb2a47ced179211206b0a99540
 2021-08-12 17:13:11 -04:00
Maciej Borsz 02f98184b3 Add APF's priorityLevel to httplog.go 
Kubernetes-commit: 6db63869b0fd0551382dec1b30b649fda4289444
 2021-08-13 13:00:07 +02:00
Abu Kashem cafef859a7 apiserver: add key/value pair to httplog 
Kubernetes-commit: bdedd2a4c16487e075db45e778c9e47ddd57448f
 2021-08-19 17:07:24 -04:00
Antonio Ojea 38c6ad936b run hack/update-netparse-cve.sh 
Kubernetes-commit: 0cd75e8fec62a2531637e80bb950ac9983cac1b0
 2021-08-20 01:16:14 +02:00
Abu Kashem 450b7e8f12 rename audit Checker interface 
Kubernetes-commit: 27f150351475adaef416bd893403e7066b70d33a
 2021-03-24 13:07:21 -04:00
Abu Kashem f3ae70d0cf send retry-after until ready 
Kubernetes-commit: 6e3923d0a4f4720d2d9f628eb9c073d2d3ee291a
 2021-08-10 12:03:21 -04:00
Abu Kashem 030819c510 apiserver: refactor WithRetryAfter server filter 
Kubernetes-commit: 83889ae5940036d89b9822a1e38f0f939308e408
 2021-08-09 18:25:29 -04:00
Abu Kashem ffb869e08f apiserver: add a new mode for graceful termination 
add a new mode for graceful termination with the new server run option
'shutdown-send-retry-after'
- shutdown-send-retry-after=true: we initiate shutdown of the
  HTTP Server when all in-flight request(s) have been drained. during
  this window all incoming requests are rejected with status code
  429 and the following response headers:
    - 'Retry-After: N' - client should retry after N seconds
    - 'Connection: close' - tear down the TCP connection
- shutdown-send-retry-after=false: we initiate shutdown of the
  HTTP Server as soon as shutdown-delay-duration has elapsed. This
  is in keeping with the current behavior.

Kubernetes-commit: 3182b69e970bd1fd036ff839fdf811f14e790244
 2021-07-14 10:39:29 -04:00
Abu Kashem 5d12abfebe apiserver: rename test variables 
Kubernetes-commit: e8381733068f63f4a3e30bae52cea2c7abdde365
 2021-07-14 10:29:53 -04:00
Abu Kashem bd2ef9810a apf: estimate list width 
Kubernetes-commit: 296c18ec323328bf1c6a621a9ca3a094d78bb9d0
 2021-06-22 19:38:00 -04:00
Quan Tian 0737519ac6 Improve dynamic cert file change detection 
DynamicFileCAContent and DynamicCertKeyPairContent used periodical job
to check whether the file content has changed, leading to 1 minute of
delay in worst case. This patch improves it by leveraging fsnotify
watcher. The content change will be reflected immediately.

Kubernetes-commit: 3cfe3d048ff37c1c6994d131ed8557f3c8bddc8a
 2021-08-03 21:28:01 +08:00
Jordan Liggitt 1e6293c86f Set idle and readheader timeouts 
Kubernetes-commit: db48793269ef9eca63fa12abb1a25d017c0e09bb
 2021-07-27 11:58:45 -04:00
Abu Kashem feb4eefe1c apiserver: add callback to get notified of object count 
Kubernetes-commit: 2c60feffbee690af4632d068158e640abe10f678
 2021-07-14 16:44:34 -04:00
Alexi Kessler 80b28d7c2c Update doc description for --audit-log-maxbackup 
Per https://pkg.go.dev/gopkg.in/natefinch/lumberjack.v1 a value of 0 will retain all logs. Not understanding this led to an outage for my team.

Kubernetes-commit: 94977dce8d13ec1e8b4bd8b449f555af685c3ab6
 2021-07-22 09:42:30 -04:00
wojtekt b4c306e1e8 Rename width to workEstimate in P&F code 
Kubernetes-commit: 73211256e8f15cf84ee69d6fe8258c3a912e0f94
 2021-07-13 15:10:58 +02:00
Andrew Rynhard bfbd0aaa7d Do not try to create an audit log file named "-" 
That PR fixes --audit-log-path=- support.
It now logs to stdout as in 1.21.

Kubernetes-commit: 7728428f017350d5fb9a91e6e5dc3ccf86348478
 2021-07-23 14:26:28 +00:00
wojtekt 280558d490 Add additional APF test for handling other panic types 
Kubernetes-commit: faed88bb7200cc4693b7a3f9cecff1a99ea1fc95
 2021-07-14 16:36:38 +02:00
wojtekt 242c8c8a1c Optimize APF support for watch initialization to fix the pod startup time regression. 
Kubernetes-commit: ef435b85b47618d0d463ac93e9758d75c2998681
 2021-07-13 10:22:30 +02:00
Ryan Phillips 7afffd8ef3 Revert "apiserver: add callback to get notified of object count" 
Kubernetes-commit: d95b14e1abfb5ec87248e5dd826b89d0c738af42
 2021-07-08 13:56:39 -05:00
wojtekt fbc127e994 Add watch tracker to APF for request cost estimation 
Kubernetes-commit: cea1dcfeed2fc4e8ab89cd43e5a0e402251c8df5
 2021-06-15 10:49:42 +02:00
Abu Kashem cf5c77fde9 apf: add additional latency into width 
Kubernetes-commit: 24e19229101d242d924ce98a562be3864dde9eae
 2021-06-27 12:45:24 -04:00
David Ashpole fe620be9c7 change tracing service from kube-apiserver to apiserver 
Kubernetes-commit: 8972efc65fe7f4d2ed840ba1a2bd8ff31e829a7a
 2021-07-02 07:04:26 -07:00
Abu Kashem d929410e13 apiserver: add callback to get notified of object count 
Kubernetes-commit: 1002b0d163dd948334f10b0e25d0e91d253791e8
 2021-06-18 10:44:07 -04:00
Lukasz Szaszkiewicz aefd8ed86f adds HasBeenReady signal that fires when the readyz endpoint succeeds 
Kubernetes-commit: 58b91ffca9efe3afb20d80914cdc33c6b0acdef2
 2021-07-02 15:18:19 +02:00
Lukasz Szaszkiewicz 279d11fb1e readyz signals when the handler succeeds for the first time. 
Co-authored-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>

Kubernetes-commit: ca108d109d55e927c292e3e558fc4f761a3a4e7c
 2021-06-30 11:04:44 +02:00
Lukasz Szaszkiewicz d8c0235e05 remove logging from the Signal method 
Kubernetes-commit: 6c88a62cb4c849e3844dcc3870073a1b5e05d301
 2021-07-02 12:50:20 +02:00
Lukasz Szaszkiewicz 3f407f0668 rename terminationSignals to lifecycleSignals 
Kubernetes-commit: dae08bc3a735e50845af7cf639bdbb8971a2115a
 2021-07-02 12:28:07 +02:00
David Ashpole 71612b014d move tracing instantiation further up, and check for nil 
Kubernetes-commit: b0ffaa93f5c607325203f978c1ae685d6b64d053
 2021-07-01 10:42:11 -07:00
David Ashpole 5053bddd06 add tracing to the apiserver's client-go requests 
Kubernetes-commit: 79d400c4416f903af604fb2cf07d2c34bb4b98f7
 2021-06-26 09:16:32 -07:00