398 lines
12 KiB
Go
398 lines
12 KiB
Go
/*
|
|
Copyright 2016 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package responsewriters
|
|
|
|
import (
|
|
"compress/gzip"
|
|
"context"
|
|
"encoding/json"
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"strconv"
|
|
"strings"
|
|
"sync"
|
|
"time"
|
|
|
|
"go.opentelemetry.io/otel/attribute"
|
|
|
|
"k8s.io/apiserver/pkg/features"
|
|
|
|
"k8s.io/apimachinery/pkg/runtime"
|
|
"k8s.io/apimachinery/pkg/runtime/schema"
|
|
"k8s.io/apimachinery/pkg/util/httpstream/wsstream"
|
|
utilruntime "k8s.io/apimachinery/pkg/util/runtime"
|
|
"k8s.io/apiserver/pkg/audit"
|
|
"k8s.io/apiserver/pkg/endpoints/handlers/negotiation"
|
|
"k8s.io/apiserver/pkg/endpoints/metrics"
|
|
"k8s.io/apiserver/pkg/endpoints/request"
|
|
"k8s.io/apiserver/pkg/registry/rest"
|
|
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
|
"k8s.io/apiserver/pkg/util/flushwriter"
|
|
"k8s.io/component-base/tracing"
|
|
)
|
|
|
|
// StreamObject performs input stream negotiation from a ResourceStreamer and writes that to the response.
|
|
// If the client requests a websocket upgrade, negotiate for a websocket reader protocol (because many
|
|
// browser clients cannot easily handle binary streaming protocols).
|
|
func StreamObject(statusCode int, gv schema.GroupVersion, s runtime.NegotiatedSerializer, stream rest.ResourceStreamer, w http.ResponseWriter, req *http.Request) {
|
|
out, flush, contentType, err := stream.InputStream(req.Context(), gv.String(), req.Header.Get("Accept"))
|
|
if err != nil {
|
|
ErrorNegotiated(err, s, gv, w, req)
|
|
return
|
|
}
|
|
if out == nil {
|
|
// No output provided - return StatusNoContent
|
|
w.WriteHeader(http.StatusNoContent)
|
|
return
|
|
}
|
|
defer out.Close()
|
|
|
|
if wsstream.IsWebSocketRequest(req) {
|
|
r := wsstream.NewReader(out, true, wsstream.NewDefaultReaderProtocols())
|
|
if err := r.Copy(w, req); err != nil {
|
|
utilruntime.HandleError(fmt.Errorf("error encountered while streaming results via websocket: %v", err))
|
|
}
|
|
return
|
|
}
|
|
|
|
if len(contentType) == 0 {
|
|
contentType = "application/octet-stream"
|
|
}
|
|
w.Header().Set("Content-Type", contentType)
|
|
w.WriteHeader(statusCode)
|
|
// Flush headers, if possible
|
|
if flusher, ok := w.(http.Flusher); ok {
|
|
flusher.Flush()
|
|
}
|
|
writer := w.(io.Writer)
|
|
if flush {
|
|
writer = flushwriter.Wrap(w)
|
|
}
|
|
io.Copy(writer, out)
|
|
}
|
|
|
|
// SerializeObject renders an object in the content type negotiated by the client using the provided encoder.
|
|
// The context is optional and can be nil. This method will perform optional content compression if requested by
|
|
// a client and the feature gate for APIResponseCompression is enabled.
|
|
func SerializeObject(mediaType string, encoder runtime.Encoder, hw http.ResponseWriter, req *http.Request, statusCode int, object runtime.Object) {
|
|
ctx := req.Context()
|
|
ctx, span := tracing.Start(ctx, "SerializeObject",
|
|
attribute.String("audit-id", audit.GetAuditIDTruncated(ctx)),
|
|
attribute.String("method", req.Method),
|
|
attribute.String("url", req.URL.Path),
|
|
attribute.String("protocol", req.Proto),
|
|
attribute.String("mediaType", mediaType),
|
|
attribute.String("encoder", string(encoder.Identifier())))
|
|
req = req.WithContext(ctx)
|
|
defer span.End(5 * time.Second)
|
|
|
|
w := &deferredResponseWriter{
|
|
mediaType: mediaType,
|
|
statusCode: statusCode,
|
|
contentEncoding: negotiateContentEncoding(req),
|
|
hw: hw,
|
|
ctx: ctx,
|
|
}
|
|
|
|
err := encoder.Encode(object, w)
|
|
if err == nil {
|
|
err = w.Close()
|
|
if err != nil {
|
|
// we cannot write an error to the writer anymore as the Encode call was successful.
|
|
utilruntime.HandleError(fmt.Errorf("apiserver was unable to close cleanly the response writer: %v", err))
|
|
}
|
|
return
|
|
}
|
|
|
|
// make a best effort to write the object if a failure is detected
|
|
utilruntime.HandleError(fmt.Errorf("apiserver was unable to write a JSON response: %v", err))
|
|
status := ErrorToAPIStatus(err)
|
|
candidateStatusCode := int(status.Code)
|
|
// if the current status code is successful, allow the error's status code to overwrite it
|
|
if statusCode >= http.StatusOK && statusCode < http.StatusBadRequest {
|
|
w.statusCode = candidateStatusCode
|
|
}
|
|
output, err := runtime.Encode(encoder, status)
|
|
if err != nil {
|
|
w.mediaType = "text/plain"
|
|
output = []byte(fmt.Sprintf("%s: %s", status.Reason, status.Message))
|
|
}
|
|
if _, err := w.Write(output); err != nil {
|
|
utilruntime.HandleError(fmt.Errorf("apiserver was unable to write a fallback JSON response: %v", err))
|
|
}
|
|
w.Close()
|
|
}
|
|
|
|
var gzipPool = &sync.Pool{
|
|
New: func() interface{} {
|
|
gw, err := gzip.NewWriterLevel(nil, defaultGzipContentEncodingLevel)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return gw
|
|
},
|
|
}
|
|
|
|
const (
|
|
// defaultGzipContentEncodingLevel is set to 1 which uses least CPU compared to higher levels, yet offers
|
|
// similar compression ratios (off by at most 1.5x, but typically within 1.1x-1.3x). For further details see -
|
|
// https://github.com/kubernetes/kubernetes/issues/112296
|
|
defaultGzipContentEncodingLevel = 1
|
|
// defaultGzipThresholdBytes is compared to the size of the first write from the stream
|
|
// (usually the entire object), and if the size is smaller no gzipping will be performed
|
|
// if the client requests it.
|
|
defaultGzipThresholdBytes = 128 * 1024
|
|
// Use the length of the first write of streaming implementations.
|
|
// TODO: Update when streaming proto is implemented
|
|
firstWriteStreamingThresholdBytes = 1
|
|
)
|
|
|
|
// negotiateContentEncoding returns a supported client-requested content encoding for the
|
|
// provided request. It will return the empty string if no supported content encoding was
|
|
// found or if response compression is disabled.
|
|
func negotiateContentEncoding(req *http.Request) string {
|
|
encoding := req.Header.Get("Accept-Encoding")
|
|
if len(encoding) == 0 {
|
|
return ""
|
|
}
|
|
if !utilfeature.DefaultFeatureGate.Enabled(features.APIResponseCompression) {
|
|
return ""
|
|
}
|
|
for len(encoding) > 0 {
|
|
var token string
|
|
if next := strings.Index(encoding, ","); next != -1 {
|
|
token = encoding[:next]
|
|
encoding = encoding[next+1:]
|
|
} else {
|
|
token = encoding
|
|
encoding = ""
|
|
}
|
|
switch strings.TrimSpace(token) {
|
|
case "gzip":
|
|
return "gzip"
|
|
}
|
|
}
|
|
return ""
|
|
}
|
|
|
|
type deferredResponseWriter struct {
|
|
mediaType string
|
|
statusCode int
|
|
contentEncoding string
|
|
|
|
hasBuffered bool
|
|
buffer []byte
|
|
hasWritten bool
|
|
hw http.ResponseWriter
|
|
w io.Writer
|
|
|
|
ctx context.Context
|
|
}
|
|
|
|
func (w *deferredResponseWriter) Write(p []byte) (n int, err error) {
|
|
switch {
|
|
case w.hasWritten:
|
|
// already written, cannot buffer
|
|
return w.unbufferedWrite(p)
|
|
|
|
case w.contentEncoding != "gzip":
|
|
// non-gzip, no need to buffer
|
|
return w.unbufferedWrite(p)
|
|
|
|
case !w.hasBuffered && len(p) > defaultGzipThresholdBytes:
|
|
// not yet buffered, first write is long enough to trigger gzip, no need to buffer
|
|
return w.unbufferedWrite(p)
|
|
|
|
case !w.hasBuffered && len(p) > firstWriteStreamingThresholdBytes:
|
|
// not yet buffered, first write is longer than expected for streaming scenarios that would require buffering, no need to buffer
|
|
return w.unbufferedWrite(p)
|
|
|
|
default:
|
|
if !w.hasBuffered {
|
|
w.hasBuffered = true
|
|
// Start at 80 bytes to avoid rapid reallocation of the buffer.
|
|
// The minimum size of a 0-item serialized list object is 80 bytes:
|
|
// {"kind":"List","apiVersion":"v1","metadata":{"resourceVersion":"1"},"items":[]}\n
|
|
w.buffer = make([]byte, 0, max(80, len(p)))
|
|
}
|
|
w.buffer = append(w.buffer, p...)
|
|
var err error
|
|
if len(w.buffer) > defaultGzipThresholdBytes {
|
|
// we've accumulated enough to trigger gzip, write and clear buffer
|
|
_, err = w.unbufferedWrite(w.buffer)
|
|
w.buffer = nil
|
|
}
|
|
return len(p), err
|
|
}
|
|
}
|
|
|
|
func (w *deferredResponseWriter) unbufferedWrite(p []byte) (n int, err error) {
|
|
ctx := w.ctx
|
|
span := tracing.SpanFromContext(ctx)
|
|
// This Step usually wraps in-memory object serialization.
|
|
span.AddEvent("About to start writing response", attribute.Int("size", len(p)))
|
|
|
|
firstWrite := !w.hasWritten
|
|
defer func() {
|
|
if err != nil {
|
|
span.AddEvent("Write call failed",
|
|
attribute.String("writer", fmt.Sprintf("%T", w.w)),
|
|
attribute.Int("size", len(p)),
|
|
attribute.Bool("firstWrite", firstWrite),
|
|
attribute.String("err", err.Error()))
|
|
} else {
|
|
span.AddEvent("Write call succeeded",
|
|
attribute.String("writer", fmt.Sprintf("%T", w.w)),
|
|
attribute.Int("size", len(p)),
|
|
attribute.Bool("firstWrite", firstWrite))
|
|
}
|
|
}()
|
|
if w.hasWritten {
|
|
return w.w.Write(p)
|
|
}
|
|
w.hasWritten = true
|
|
|
|
hw := w.hw
|
|
header := hw.Header()
|
|
switch {
|
|
case w.contentEncoding == "gzip" && len(p) > defaultGzipThresholdBytes:
|
|
header.Set("Content-Encoding", "gzip")
|
|
header.Add("Vary", "Accept-Encoding")
|
|
|
|
gw := gzipPool.Get().(*gzip.Writer)
|
|
gw.Reset(hw)
|
|
|
|
w.w = gw
|
|
default:
|
|
w.w = hw
|
|
}
|
|
|
|
header.Set("Content-Type", w.mediaType)
|
|
hw.WriteHeader(w.statusCode)
|
|
return w.w.Write(p)
|
|
}
|
|
|
|
func (w *deferredResponseWriter) Close() (err error) {
|
|
if !w.hasWritten {
|
|
if !w.hasBuffered {
|
|
return nil
|
|
}
|
|
// never reached defaultGzipThresholdBytes, no need to do the gzip writer cleanup
|
|
_, err := w.unbufferedWrite(w.buffer)
|
|
w.buffer = nil
|
|
return err
|
|
}
|
|
|
|
switch t := w.w.(type) {
|
|
case *gzip.Writer:
|
|
err = t.Close()
|
|
t.Reset(nil)
|
|
gzipPool.Put(t)
|
|
}
|
|
return err
|
|
}
|
|
|
|
// WriteObjectNegotiated renders an object in the content type negotiated by the client.
|
|
func WriteObjectNegotiated(s runtime.NegotiatedSerializer, restrictions negotiation.EndpointRestrictions, gv schema.GroupVersion, w http.ResponseWriter, req *http.Request, statusCode int, object runtime.Object, listGVKInContentType bool) {
|
|
stream, ok := object.(rest.ResourceStreamer)
|
|
if ok {
|
|
requestInfo, _ := request.RequestInfoFrom(req.Context())
|
|
metrics.RecordLongRunning(req, requestInfo, metrics.APIServerComponent, func() {
|
|
StreamObject(statusCode, gv, s, stream, w, req)
|
|
})
|
|
return
|
|
}
|
|
|
|
mediaType, serializer, err := negotiation.NegotiateOutputMediaType(req, s, restrictions)
|
|
if err != nil {
|
|
// if original statusCode was not successful we need to return the original error
|
|
// we cannot hide it behind negotiation problems
|
|
if statusCode < http.StatusOK || statusCode >= http.StatusBadRequest {
|
|
WriteRawJSON(int(statusCode), object, w)
|
|
return
|
|
}
|
|
status := ErrorToAPIStatus(err)
|
|
WriteRawJSON(int(status.Code), status, w)
|
|
return
|
|
}
|
|
|
|
audit.LogResponseObject(req.Context(), object, gv, s)
|
|
|
|
var encoder runtime.Encoder
|
|
if utilfeature.DefaultFeatureGate.Enabled(features.CBORServingAndStorage) {
|
|
encoder = s.EncoderForVersion(runtime.UseNondeterministicEncoding(serializer.Serializer), gv)
|
|
} else {
|
|
encoder = s.EncoderForVersion(serializer.Serializer, gv)
|
|
}
|
|
request.TrackSerializeResponseObjectLatency(req.Context(), func() {
|
|
if listGVKInContentType {
|
|
SerializeObject(generateMediaTypeWithGVK(serializer.MediaType, mediaType.Convert), encoder, w, req, statusCode, object)
|
|
} else {
|
|
SerializeObject(serializer.MediaType, encoder, w, req, statusCode, object)
|
|
}
|
|
})
|
|
}
|
|
|
|
func generateMediaTypeWithGVK(mediaType string, gvk *schema.GroupVersionKind) string {
|
|
if gvk == nil {
|
|
return mediaType
|
|
}
|
|
if gvk.Group != "" {
|
|
mediaType += ";g=" + gvk.Group
|
|
}
|
|
if gvk.Version != "" {
|
|
mediaType += ";v=" + gvk.Version
|
|
}
|
|
if gvk.Kind != "" {
|
|
mediaType += ";as=" + gvk.Kind
|
|
}
|
|
return mediaType
|
|
}
|
|
|
|
// ErrorNegotiated renders an error to the response. Returns the HTTP status code of the error.
|
|
// The context is optional and may be nil.
|
|
func ErrorNegotiated(err error, s runtime.NegotiatedSerializer, gv schema.GroupVersion, w http.ResponseWriter, req *http.Request) int {
|
|
status := ErrorToAPIStatus(err)
|
|
code := int(status.Code)
|
|
// when writing an error, check to see if the status indicates a retry after period
|
|
if status.Details != nil && status.Details.RetryAfterSeconds > 0 {
|
|
delay := strconv.Itoa(int(status.Details.RetryAfterSeconds))
|
|
w.Header().Set("Retry-After", delay)
|
|
}
|
|
|
|
if code == http.StatusNoContent {
|
|
w.WriteHeader(code)
|
|
return code
|
|
}
|
|
|
|
WriteObjectNegotiated(s, negotiation.DefaultEndpointRestrictions, gv, w, req, code, status, false)
|
|
return code
|
|
}
|
|
|
|
// WriteRawJSON writes a non-API object in JSON.
|
|
func WriteRawJSON(statusCode int, object interface{}, w http.ResponseWriter) {
|
|
output, err := json.MarshalIndent(object, "", " ")
|
|
if err != nil {
|
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
|
return
|
|
}
|
|
w.Header().Set("Content-Type", "application/json")
|
|
w.WriteHeader(statusCode)
|
|
w.Write(output)
|
|
}
|