kubernetes
/
apiserver
mirror of https://github.com/kubernetes/apiserver.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Library for writing a Kubernetes-style API server.
5,023 Commits 30 Branches 1,482 Tags 31 MiB
Go 99.8%
Shell 0.2%
Go to file
Ben Luddy 681941e62b Don't bypass ResponseWriter wrappers for apiserver healthz errors. 
The effective layering of ResponseWriters is today, from outside to
inside, httplog(timeout(audit(metrics(original)))). From
6e3fd91e1aa3259d7bd67e0a65693e346ade347d, calls to http.Error in the
apiserver's root healthz handler use an unwrapped ResponseWriter --
effectively timeout(audit(metrics(original))) -- to avoid logging
stack traces for those requests.

From 0d50c969c587c8a6c16e0962118305ac652c5a6b, the same call to
http.Error receives a completely-unwrapped ResponseWriter. This has
the effect of bypassing not only the httplog wrapper, but also
timeout, audit, and metrics. The timeout wrapper defends against
the (disallowed) use of underyling ResponseWriter after the completion
of its request's ServeHTTP call. Since that defensive behavior is
being bypassed, it's possible for the root healthz handler to panic
when health probes time out.

Instead of continuing to use a wrapper-aware means of disabling stack
traces, this commit adds a new function to httplog that allows
customization of the stack trace logging predicate on a per-request
basis.

Kubernetes-commit: ff849fe8b688606d5173d5ee0213a96cffae23c0
 		2021-12-14 16:23:36 -05:00
.github delete all duplicate empty blanks 2019-02-22 09:43:51 +08:00
pkg Don't bypass ResponseWriter wrappers for apiserver healthz errors. 2021-12-14 16:23:36 -05:00
plugin/pkg Check in OWNERS modified by update-yamlfmt.sh 2021-12-09 21:31:26 -05:00
.import-restrictions convert .import-restrictions to yaml 2020-04-22 15:41:00 -07:00
CONTRIBUTING.md Update deprecated links 2019-02-04 13:28:31 -05:00
LICENSE Add README and LICENSE to staging repos 2017-10-23 16:39:02 +05:30
OWNERS Cleanup OWNERS files (No Activity in the last year) 2021-12-10 15:18:50 -05:00
README.md staging: add dummy commit to trigger gomod update (#106794) 2021-12-03 09:33:42 +00:00
SECURITY_CONTACTS update security contacts for apimachinery repos 2020-07-02 16:00:53 -04:00
code-of-conduct.md Add code-of-conduct.md to staging repos 2017-12-20 15:21:56 -05:00
doc.go Make package paths referenced by import boss valid 2021-09-28 13:06:39 -04:00
go.mod Merge pull request #106725 from wojtek-t/pf_update_default_rules 2022-01-06 17:26:16 +00:00
go.sum Merge pull request #106725 from wojtek-t/pf_update_default_rules 2022-01-06 17:26:16 +00:00

README.md

apiserver

Generic library for building a Kubernetes aggregated API server.

Purpose

This library contains code to create Kubernetes aggregation server complete with delegated authentication and authorization, kubectl compatible discovery information, optional admission chain, and versioned types. It's first consumers are k8s.io/kubernetes, k8s.io/kube-aggregator, and github.com/kubernetes-incubator/service-catalog.

Compatibility

There are NO compatibility guarantees for this repository, yet. It is in direct support of Kubernetes, so branches will track Kubernetes and be compatible with that repo. As we more cleanly separate the layers, we will review the compatibility guarantee. We have a goal to make this easier to use in the future.

Where does it come from?

apiserver is synced from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver. Code changes are made in that location, merged into k8s.io/kubernetes and later synced here.

Things you should NOT do

  1. Directly modify any files under pkg in this repo. Those are driven from k8s.io/kubernetes/staging/src/k8s.io/apiserver.
  2. Expect compatibility. This repo is changing quickly in direct support of Kubernetes and the API isn't yet stable enough for API guarantees.