receiver name obj should be consistent with previous receiver name s for SimpleStream
error var hookNotFinished should have name of the form errFoo
Kubernetes-commit: ae385ee874a81cd01ee4fef98efc1bd5c219c9b7
This change updates the API server code to load the encryption
config once at start up instead of multiple times. Previously the
code would set up the storage transformers and the etcd healthz
checks in separate parse steps. This is problematic for KMS v2 key
ID based staleness checks which need to be able to assert that the
API server has a single view into the KMS plugin's current key ID.
Signed-off-by: Monis Khan <mok@microsoft.com>
Kubernetes-commit: f507bc255382b2e2095351053bc17e74f7100d35
- Moves kms proto apis to the staging repo
- Updates generate and verify kms proto scripts to check staging repo
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: c3794e2377016b1c18b1dcb63dc61d686c8ebcbf
return the last request error, instead of last error received
The rate limit allows 1 event per healthcheck timeout / 2
Kubernetes-commit: 510a85c53a5138babb1650fadd328e6f34baa03b
Fix the one path where boundNextDispatchLocked was not being called
after modifying a queue.
Also check for negative work in a request.
These are motivated by
https://github.com/kubernetes/kubernetes/issues/112169 but I do not
have a way to reproduce it and so can not check that these changes
actually remove that symptom. But these changes are good anyway.
Kubernetes-commit: 6ee93e2cee695203a6ce4935da1b9a807b624260
Use GroupResource instead of object reflection when recording the
following metrics:
- etcd_request_duration_seconds
- etcd_bookmark_counts
Add GroupResource to logs and traces where only reflection-based typing
was previously used.
Both of these changes allow us to disginguish between different CRDs,
all of which are represented as *unstructured.Unstructured.
Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
Kubernetes-commit: 305fa2add60ad507417304d865f001006d5175fe
Use the group resource instead of objectType in watch cache metrics,
because all CustomResources are grouped together as
*unstructured.Unstructured, instead of 1 entry per type.
Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
Kubernetes-commit: d08b69e8d35a5aa73a178c508f9b0e1ad74b882d
All CustomResources are treated as *unstructured.Unstructured, leading
the watch cache to log anything related to CRs as Unstructured. This
change uses the schema.GroupResource instead of object type for all type
related log messages in the watch cache, resulting in distinct output
for each CR type.
Signed-off-by: Andy Goldstein <andy.goldstein@redhat.com>
Kubernetes-commit: 397533a4c2df9639ff4422c907d06fae195a1835
this is specifically so that we have more structured information when
the metric is parsed and stored as a stable metric. This change does not
change the name of the actual metrics.
Change-Id: I861482401ad9a0ae12306b93abf91d6f76d7a407
Kubernetes-commit: 178e57c17b66eb572a961690bd10782aeb3c3582
- add feature gate
- add encrypted object and run generated_files
- generate protobuf for encrypted object and add unit tests
- move parse endpoint to util and refactor
- refactor interface and remove unused interceptor
- add protobuf generate to update-generated-kms.sh
- add integration tests
- add defaulting for apiVersion in kmsConfiguration
- handle v1/v2 and default in encryption config parsing
- move metrics to own pkg and reuse for v2
- use Marshal and Unmarshal instead of serializer
- add context for all service methods
- check version and keyid for healthz
Signed-off-by: Anish Ramasekar <anish.ramasekar@gmail.com>
Kubernetes-commit: f19f3f409938ff9ac8a61966e47fbe9c6075ec90
Replicated from https://github.com/etcd-io/etcd/blob/v3.5.4/client/v3/logger.go#L47
The logic of this function doesn't make a lot of sense to me, but
copying it will avoid any behaviour change.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: c1aa7a0fe73cbcab8e70f7b73a845ae9394f9a71
Currently the API server creates one etcd client per CRD. If clients
aren't provided a logger they'll each create their own. These loggers
can account for ~20% of API server memory consumption on a cluster with
hundreds of CRDs.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 0c81eabb853e581abbcb37ebf094af3316e1012e
This logger is responsible for 20% of the API server's memory usage when
many CRDs are installed. See the below issue for more context.
https://github.com/kubernetes/kubernetes/issues/111476
Signed-off-by: Nic Cope <nicc@rk0n.org>
Kubernetes-commit: 0e5401c93940126beac45264aa056507b0950075
- Run hack/update-codegen.sh
- Run hack/update-generated-device-plugin.sh
- Run hack/update-generated-protobuf.sh
- Run hack/update-generated-runtime.sh
- Run hack/update-generated-swagger-docs.sh
- Run hack/update-openapi-spec.sh
- Run hack/update-gofmt.sh
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Kubernetes-commit: a9593d634c6a053848413e600dadbf974627515f
v1.43.0 marked grpc.WithInsecure() deprecated so this commit moves to use
what is the recommended replacement:
grpc.WithTransportCredentials(insecure.NewCredentials())
Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>
Kubernetes-commit: 2c8bfad9106039aa15233b5bf7282b25a7b7e0a0
add short-circuiting logic for long comaprison
replace timestamps rather than doing a full managed fields deepcopy
add guard
Kubernetes-commit: 7233538008489c189d09bb042fbabca97d9cdbaf
Make the test accept all the legitimate outcomes.
Expand the explanation of how TestPriorityAndFairnessWithPanicRecoveryAndTimeoutFilter/priority_level_concurrency_is_set_to_1,_queue_length_is_1,_first_request_should_time_out_and_second_(enqueued)_request_should_time_out_as_well is supposed to work.
Expand debug information that is available when the test fails.
Kubernetes-commit: 1f450695ffd5b2d028c87328b8b32630a8052129
expiredBookmarkWatchers allows us to schedule the next bookmark event after dispatching not before as it was previously.
It opens a new functionality in which a watcher might decide to change when the next bookmark should be delivered based on some internal state.
Kubernetes-commit: 0576f6a011cba8f0c8550fd3dd31111376c9dcd0
Using a Pod type in a GetList() call in a test
can panic at worst and error out at best. Here,
neither happened because the error condition
being tested for (cacher being stopped or not)
gets returned before the list pointer can be
enforced.
This commit changes the above to use PodList.
Signed-off-by: Madhav Jivrajani <madhav.jiv@gmail.com>
Kubernetes-commit: 487761f4e2543114db158f0d59e598dedc481882
Before:
Create()
BeginCreate()
BeforeCreate()
init UID <---------------------
strategy code
After:
Create()
init UID <-------------------------
BeginCreate()
BeforeCreate()
strategy code
This also wipes UID early (suggested by David) and asserts it is set in
BeforeCreate().
Kubernetes-commit: 5615de51f9e768dd01d7fe49a48e8db756bd8ac8
Our tests are mostly error based and explicit error typing allows
us to test against error types directly. Having made this change also
makes it obvious that our test coverage was lacking in two branches,
specifically, we were previously not testing empty start keys nor were
we testing for invalid start RVs.
Kubernetes-commit: 213e380a2e48830db6c71d2da5485d4226d95625
Members are not used in (waiting,executing) pairs, so stopped
using the wrapper that adds such pairing.
Kubernetes-commit: cd33c7cf2260b351dd345497223a944e80bc7b61
Validating admission webhook evaluation can fail, if uncaught this
crashes a kube-apiserver. Add handling to catch panic while preserving
the behavior of "must not fail".
Kubernetes-commit: d412bf92b3b02bda93707c6aaba945f28bf60c72
The means by which we encode and decode the continue token during a
paginated LIST call is not specific to etcd3. In order to allow for a
generic suite of tests against any storage.Interface implementation, we
need this logic to live outside of the etcd3 package, or import cycles
will exist.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: eb3aa5be10393968d8083c79f5958501fc029e8d
This test resource only exists to test the versioning logic, but it
cannot live in the general testing package, or import cycles will exist.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: fa2a6d633984aaa36ef988ecf4410c20e27897ea
The means by which we extract and parse the version of an API object is
not specific to etcd3. In order to allow for a generic suite of tests
against any storage.Interface imlpementation, we need this logic to live
outside of the etcd3 package, or import cycles will exist.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 3939f3003e9605c06f65e64d1fc6f94b294f9d97
The cacher blocks requests until it is ready, however, the
ready variable doesn't differentiate if the cacher was stopped.
The cacher is using a condition variable based on sync.Cond to
handle the readiness, however, this was not taking into account
if it was not ready because it was waiting to be ready or it was
stopped.
Add a new condition to the condition variable to handle the
stop condition, and returning an error to signal the goroutines
that they should stop waiting and bail out.
Kubernetes-commit: 2cb3a56e83ae33464edb174b1b6373ba50600759
There's no reason to create the watch using the underlying watcher.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 774870611c1d2b405d67eb73ade628ced5e0e994
Different callers to this test may need to do different backend-specific
validation on the stored data, so we allow them a callback for this.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 6d25e96cedaad249fe75aac4b1fe08bb69829a61
There is no functional difference between checking for an empty key
using the database client and doing so with the storage interface. Using
the latter allows this test to be more portable.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: f894f8196d9266915424e2cefc9e4eb480ae6f5e
These can't live in `_test.go` files, or others won't be able to re-use
them as you can't import from test files.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 0bfeb728786726cd28b4c64d48874d45a2724165
This commit simply factors the test functionality into functions that
accept `storage.Interface`.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 117f674cab1f598251483811fb769046dc3458a3
Merge conflicts become less likely when:
- features are sorted alphabetically because
then changes are more likely to be done in
different parts of the files
- blank lines separate the hash entries because
gofmt then doesn't change the formating of
other entries when adding or removing one
Merge conflicts where pretty common shortly before a code freeze when everyone
added new features at the end of the files.
Kubernetes-commit: 85513e4bca6d34a8bb034165079dca176fbf2e4e
It is not possible for the nil-check to ever return anything different
from what the explicit boolean used to, but this is only something that
a reader can come to the conclusion on if they very, very carefuly read
the code. Instead of having this implicit flow that is difficult to
follow, let's keep the boolean.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 809fd64b289add1b378b45c748c23b7278c366f1
Previous work by liggitt in 01760927b82 improved the boilerplate
required to run an embedded etcd server for tests as well as set up the
`*etcd3.store{}` for testing. A number of tests were not ported to use the
new helpers, though, either due to custom setup or due to inconsistent
use of setup options. A follow-up by stevekuznetsov in 6aa37eb0624
removed much of the inconsistency, meaning that most callers to
`newStore()` were simply using the default boilerplate and options that
`testSetup()` used.
This patch moves all users to testSetup(), adding options as necessary
to enable some fringe setup use-cases. With a unified setup, new tests
will not copy boilerplate they do not need and it will be immediately
obvious when reading a test if the client or storage setup is *not*
default, improving readability.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: 138faa3799341d02df9fc4bedc1371d338c34887
We must ensure that we notice if the etcd behavior on linearized reads
changes.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: ed5fd905f2b42e9919d99c40a1cb25014f0a7f89
In a number of tests, the underlying storage backend interaction will
return the revision (logical clock underpinning the MVCC implementation)
at the call-time of the RPC. Previously, the tests validated that this
returned revision was exactly equal to some previously seen revision.
This assertion is only true in systems where no other events are
advancing the logical clock. For instance, when using a single etcd
cluster as a shared fixture for these tests, the assertion is not valid
any longer. By checking that the returned revision is no older than the
previously seen revision, the validation logic is correct in all cases.
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
Kubernetes-commit: eba25cdbbcc5d35e707516194f64d8ed363c2773
Extends the certificate attribute deprecation RoundTrippers wrapper with
a checker that counts certificates with sha-1 signatures in server responses.
Non-root non-self-signed SHA-1 certificate signatures were deprecated in
Golang 1.18.
Kubernetes-commit: 499ee65a9b0cd45d41716b513fae0d537f7f9c88
Han Kang
Abu Kashem
Maciej Wyrzuc
twilight0620
Paco Xu
Harsha Narayana
Monis Khan
Jiahui Feng
Manish Kumar
Cici Huang
Abirdcfly
SataQiu
Alex Zielenski
Anish Ramasekar
qmloong
Wojciech Tyczyński
Davanum Srinivas
Marcel Zięba
viveksahu26
Antonio Ojea
Shyam Jeedigunta
HaoJie Liu
Mike Spreitzer
xueqzhan
Alexander Zielenski
Andy Goldstein
cndoit18
Jordan Liggitt
leilei.wan.cn
David Eads
Sally O'Malley
Maciej Borsz
Nic Cope
Lukasz Szaszkiewicz
jupblb
Mikko Ylinen
Kevin Delgado
Artur Żyliński
Tim Allclair
Vladimir Nachev
zk
Madhav Jivrajani
21kyu
Ikko Ashimine
Tim Hockin
ialidzhikov
scott
Mikhail Mazurskiy
Guillaume Le Biller
Steve Kuznetsov
Dr. Stefan Schimanski
Daniel Smith
Patrick Ohly
Sebastian Laskawiec
Sanskar Jaiswal
Jefftree
Ross Peoples
Kensei Nakada
Tim Allclair
Tim Bannister
Stanislav Laznicka