Compare commits

..

129 Commits

Author SHA1 Message Date
Kubernetes Publisher
cfaba55ee5 Update dependencies to v0.18.0-alpha.2 tag 2020-01-21 19:34:23 +00:00
Kubernetes Publisher
a432bd9ba7 Merge pull request #87081 from dims/updating-protobuf-and-grpc
Updating protobuf (v1.3.1) and grpc (v1.26.0)

Kubernetes-commit: f4b6b751cdf2d46940355359443b263cb883d006
2020-01-18 23:39:46 +00:00
Davanum Srinivas
b71b6102bf Updating dependency google.golang.org/genproto to version v0.0.0-20190819201941-24fa4b261c55
Kubernetes-commit: 2f78a9480f2f4eabb7698984371df25543312db4
2020-01-13 17:40:24 -05:00
Davanum Srinivas
94ec48afe9 Updating dependency google.golang.org/grpc to version v1.26.0
Kubernetes-commit: 3b29bcf52d3f6a73af9830cf55159893899c2b1b
2020-01-13 17:38:18 -05:00
Davanum Srinivas
81f50f67b6 Updating dependency github.com/gogo/protobuf to version v1.3.1
Kubernetes-commit: 9c78f05d06cb43dce4363cad03ff79f579c22eee
2020-01-13 17:36:07 -05:00
Kubernetes Publisher
1aa326d730 Merge pull request #87158 from dims/pick-closest-tags-for-a-few-packages
Pick closest tags for a few packages and avoid random SHA

Kubernetes-commit: 5d1c3016103d83df4ae91664639ba7e0a103c7ec
2020-01-16 03:40:04 +00:00
Davanum Srinivas
52a0e61d78 Updating dependency github.com/elazarl/goproxy to version 947c36d
Kubernetes-commit: a6d72ab71323b01846b37fe896bae3e0886a86ba
2020-01-13 12:33:25 -05:00
Kubernetes Publisher
ded4aaa1cc Merge pull request #86774 from MikeSpreitzer/more-informer-updates
Cleanup comments and names in client-go/tools/cache

Kubernetes-commit: 083f58a1e4684d207a7a4858e9a25c2e120bbc20
2020-01-15 03:39:18 +00:00
Kubernetes Publisher
7ec8a74ae9 Merge pull request #76496 from danielqsj/metrics-2
Clean deprecated metrics

Kubernetes-commit: f4db8212be53c69a27d893d6a4111422fbce8008
2020-01-14 07:39:02 +00:00
Kubernetes Publisher
bcaa73156d Merge pull request #87107 from dims/updating-googleapis/gnostic-to-v0.1.0
updating googleapis/gnostic to v0.1.0

Kubernetes-commit: d5145ffc10c7429f555134f44d5bf95cd7eda270
2020-01-13 23:38:57 +00:00
Davanum Srinivas
c5db9bb2f8 updating googleapis/gnostic to v0.1.0
per https://github.com/googleapis/gnostic/releases/tag/v0.1.0, the
v0.1.0 was made specifically for use by k8s, but we still seem to be
using a random SHA. Let's try to switch to a tagged version.

Kubernetes-commit: 420d5d10c4baad0aced31de382801fd999f2c94b
2020-01-11 22:38:36 -05:00
Kubernetes Publisher
ea0a6e1183 Merge pull request #85458 from cjcullen/yaml
Update gopkg.in/yaml.v2 to v2.2.7

Kubernetes-commit: 7f2128757b1aa2e83320d1f635fe8b2e7028542a
2020-01-11 15:38:38 +00:00
Mike Spreitzer
d01661091c Further tweaking up the wording
Hopfully improving, based on wojtek's review.

Kubernetes-commit: 59807be5abe6a96aad715823b7bab9fbd5d837bd
2020-01-10 16:05:41 -05:00
Kubernetes Publisher
8ead54f5cf Merge pull request #84453 from matte21/revise-shared-informer-doc
Revise SharedInformer godoc comments

Kubernetes-commit: cd770fa79226b716879aa5c6e7390ea315d6889a
2020-01-07 23:45:21 +00:00
Kubernetes Publisher
926e1ee119 Merge pull request #86727 from mattjmcnaughton/mattjmcnaughton/remove-recorder-PastEventf
Remove `recorder.PastEventf` method

Kubernetes-commit: f3df7a2fdb16dd7b00a9d357e337ed48a6f70d45
2020-01-07 15:38:46 +00:00
Mike Spreitzer
4aedce0891 gofmt reflector.go
Kubernetes-commit: 729337ec7e4251708b75f45ad40b7fa55ad14dd5
2020-01-07 08:56:31 -05:00
Mike Spreitzer
a1b3b98c4b Clarified comment on DeltaFIFO::Replace
Kubernetes-commit: ae53a008cb372f7301e302ee982269630e964b12
2020-01-07 02:40:01 -05:00
Mike Spreitzer
c68732b808 finished pass over comments on Controller, and commented sharedIndexInformer
Kubernetes-commit: f2a8e2d9c9cadc8a969efa1d4edef833ff701e2f
2020-01-07 02:23:29 -05:00
Mike Spreitzer
edca648925 A little more comment tweaking for cache.Controller
Kubernetes-commit: 7d82e23e6cd61af212e73f6fb77c2f74c1628a84
2020-01-06 16:11:26 -05:00
Mike Spreitzer
db5618cb1f began turning attention to cache.Controller
Kubernetes-commit: 72fa714d636dc2f614b251c78cd8297f7754b333
2020-01-06 15:59:11 -05:00
Mike Spreitzer
261b8a00e4 Reworded comment on requestedResyncPeriod
Tried to make it clearer.

Kubernetes-commit: 2ea338b63f2191d859ac68fbba74c93c1d7bc998
2020-01-06 13:10:39 -05:00
Mike Spreitzer
8454aaf1be Noted divergence between requestedResyncPeriod and resyncPeriod
Kubernetes-commit: eef49c965f471d575aef8de5f071ffc6fd31c44d
2020-01-06 01:56:52 -05:00
Mike Spreitzer
1f6e3b32af Started commenting processors
Kubernetes-commit: 5546d9f12f266a082805ad3a2293fe04e0029c78
2020-01-06 01:49:29 -05:00
Kubernetes Publisher
787fa2adce Merge pull request #86660 from qianlei90/fix_test
remove unnecessary code in client-go test

Kubernetes-commit: 65ef5dcc513ccfd60436bf4d04652224c9b6036f
2020-01-03 11:38:29 +00:00
Mike Spreitzer
2f9f325a3b Fix tests and improve comment on NewDeltaFIFO
Kubernetes-commit: 0eca8ae9cdbbbe0e5bf56f9931acdaa97cea91af
2020-01-03 01:01:05 -08:00
Mike Spreitzer
bad9a45b33 Fixed assignment statements
Kubernetes-commit: 1d65f1b5c3977362fb5a32b9cfe5b9930fabf16a
2020-01-03 00:47:19 -08:00
Mike Spreitzer
0421cde51b Revised comments about f.knownObjects and added tests for Replace
Kubernetes-commit: 89c615f9c448503b674a0d61bfa8e413cefa4104
2020-01-03 00:44:02 -08:00
Kubernetes Publisher
d726e8a89b Merge pull request #86790 from wojtek-t/dumb_listwatch
Don't paginate in listwatch

Kubernetes-commit: 1780792d3c3e952e62c872dd2c0dc7a3c2375e64
2020-01-03 03:38:29 +00:00
wojtekt
f229b70415 Don't paginate in listwatch
Kubernetes-commit: 51eb4b50a3a607ba15a215fdcaa50baea5777afb
2020-01-02 20:09:19 +01:00
Mike Spreitzer
c26559b124 Updated comments on internal abstractions in client-go/tools/cache
The comments on Store and Queue and the FIFOs ceased being accurate
long ago.

Kubernetes-commit: 7a7ccb797e0c977c8049c1490f5a1f92f0bfbbb2
2020-01-02 01:53:17 -08:00
matte21
7d44382a3c Reword modifications for clarity
Kubernetes-commit: 21f59c99232afeae05dcdb4f2d1d156cda6a8a77
2019-12-31 09:48:28 +01:00
mattjmcnaughton
3ada5c0eb8 Remove recorder.PastEventf method
The `recorder.PastEventf` method wasn't actually working as advertised.
It was supposed to accept a timestamp, which would be used when
generating the event. However, as the
[source code](https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/client-go/tools/record/event.go#L316)
shows, this `timestamp` was never actually used.

In other words, `PastEventf` is identical to `Eventf`.

We have two options: one would be to fix `PastEventf` so that it works
as advertised. The other would be to delete `PastEventf` and only
support `Eventf`.

Ultimately, I could only find one use of `PastEventf` in the code base,
so I propose we just delete `PastEventf` and convert all uses to
`Eventf`.

Kubernetes-commit: 92940fa80d67593c7a2333267da4424c8b45ac88
2019-12-30 11:55:47 -05:00
Qian Lei
a28f39cdb5 clean useless code in client-go test
Kubernetes-commit: f5a3c93649cb90fc5082752f68ad9ca2489a4abe
2019-12-27 15:49:29 +08:00
Kubernetes Publisher
526b2fff52 Merge pull request #85123 from danielqsj/apierrs
Unify aliases for "k8s.io/apimachinery/pkg/api/errors"

Kubernetes-commit: 4158e7c1de2541d9a3272950f6e608e35470abb7
2019-12-26 17:59:38 -08:00
CJ Cullen
bdbda539e1 update gopkg.in/yaml.v2 to v2.2.7
Kubernetes-commit: aa278345fa55ee9f3e097da1b590fcabd85270f7
2019-11-19 09:39:27 -08:00
danielqsj
f67770132d unify alias of api errors under pkg and staging
Kubernetes-commit: 5bc0e26c1902e7e28abfc828de19a2dbb3e492c2
2019-11-12 16:26:59 +08:00
Kubernetes Publisher
1b1a35e41a Merge pull request #86346 from SataQiu/bump-utils-20191217
Bump k8s.io/utils version

Kubernetes-commit: 2d310b13215110a9dcaabcebef65d62a1b3f0bdd
2019-12-22 11:37:38 +00:00
SataQiu
572a228b29 bump k8s.io/utils version
Kubernetes-commit: 2497a1209bf96472bceabbc465b2370f1b66a4a7
2019-12-17 23:12:53 +08:00
Kubernetes Publisher
31f4619a27 Merge pull request #86013 from carlosedp/ginkgo_bump
Bump Ginkgo to support building on riscv64 arch

Kubernetes-commit: 4ff692861908697c530b6b8ba48a5eb442bd7ed7
2019-12-20 23:37:52 +00:00
Carlos de Paula
12aee9c4f0 Bump Ginkgo module to release version
Kubernetes-commit: c71dd7e4ee6b6f8f624ffc12fc38d1c6dedc5739
2019-12-19 19:30:42 -03:00
Carlos de Paula
f1b1e474f4 Bump Ginkgo to support building on riscv64 arch
Kubernetes-commit: ecfd30d2517c52f158b099abcc303cce307c324d
2019-12-06 15:23:15 -05:00
Kubernetes Publisher
d16537844a Merge pull request #86412 from weinong/issue-86410
fix incompatible AAD token

Kubernetes-commit: 3577447764103cc3204b66307d651ac2be0ec83f
2019-12-20 03:50:04 +00:00
Kubernetes Publisher
0b8da74160 Merge pull request #86395 from yutedz/nil-map-conversion
Allocate map when out parameter points to nil map

Kubernetes-commit: 8b7cf0fcdf89ec19cb17ba16efa556edc3db3838
2019-12-19 15:03:34 +00:00
Weinong Wang
b6e5d4b890 It fixes a bug where AAD token obtained by kubectl is incompatible with on-behalf-of flow and oidc.
Kubernetes-commit: d1480ab49d603d0a95e509b627252ee7af8559ae
2019-12-18 20:21:21 -08:00
Ted Yu
efe42e9182 Allocate map when out points to nil map
Kubernetes-commit: 53080bda9c95db33227b02b5b7df7e7737a2904e
2019-12-18 14:17:48 -08:00
Kubernetes Publisher
a32a6f7a30 Merge pull request #86269 from odinuge/go-mod-version
Update go version in go.mod to 1.13

Kubernetes-commit: b96642aeaeefee838b5f0938e5d04765dd27d39b
2019-12-14 19:00:45 +00:00
Odin Ugedal
f1dfb4fe82 Update go version in go.mod
We now use go 1.13 and not 1.12

Kubernetes-commit: 4769cbedd5bdaf61e329b4e9687ec97a6c53b61a
2019-12-14 12:43:14 +01:00
Kubernetes Publisher
16bcffe0e4 Merge pull request #86020 from enj/enj/i/oidc_cache/79546
kubectl oidc auth-provider: include cluster address in cache key

Kubernetes-commit: 9caece8bd9fab55c3300b4a4373c49afcc5f13f8
2019-12-12 07:04:25 +00:00
Kubernetes Publisher
d528d16a5d Merge pull request #86168 from liggitt/discovery-burst
Increase Burst limit for discovery client

Kubernetes-commit: 0d58709016f3358f34a52c12087d707a64cc6cb0
2019-12-11 15:38:32 -08:00
Jordan Liggitt
d4e85bc08a Increase Burst limit for discovery client
Kubernetes-commit: 711dc0b5b5e0d6d792e43ae1edd4a5dd1c5bdf2f
2019-12-11 11:36:51 -05:00
Kubernetes Publisher
a1d3d648d0 Merge pull request #85995 from nikhita/semver-tags-instructions
client-go: update INSTALL.md to include semver tags

Kubernetes-commit: 4f52ccaf39edcb1549920732368ce6298d281b94
2019-12-11 19:07:44 +00:00
Kubernetes Prow Robot
ba02bb8cc0 Merge pull request #721 from nikhita/readme-release-17-update
Update README for release 1.17
2019-12-11 06:56:06 -08:00
Nikhita Raghunath
1132e72f6c Update README for release 1.17 2019-12-11 19:54:19 +05:30
Kubernetes Publisher
b9197b961a Merge pull request #80649 from RobertKrawitz/report-throttling-v3
Report api request throttling at v=3

Kubernetes-commit: bbd48e99b2c19d999dfa25320f055a20deabbc38
2019-12-10 23:03:25 +00:00
Kubernetes Publisher
3922ef2909 Merge pull request #85899 from gongguan/slim_down_lister
slim down some lister expansions

Kubernetes-commit: fcc35b046860ab03851b53ff34a10f6ee0cdecf9
2019-12-09 16:15:27 +00:00
Kubernetes Publisher
238f979bb4 Merge pull request #85874 from sambdavidson/ttlFunc
Kubelet cert TTL via GaugeFunc

Kubernetes-commit: 398e2bcc734f04686ff89fdd9f5b47cf12cd525b
2019-12-09 16:15:26 +00:00
Monis Khan
98b61416aa kubectl oidc auth-provider: include cluster address in cache key
This change includes the cluster address in the cache key so that
using the same issuer and client ID with different tokens across
multiple clusters does not result in the wrong token being used for
authentication.

Signed-off-by: Monis Khan <mok@vmware.com>

Kubernetes-commit: 96fe76a9ed4fde16f449995cc698dca3719ed546
2019-12-06 20:26:25 -05:00
Nikhita Raghunath
7624422635 client-go: update INSTALL.md to include semver tags
Kubernetes-commit: ca36822f1e7ae718853e2dcd4013cc4e5ab27774
2019-12-06 15:53:00 +05:30
Kubernetes Publisher
bc9b51d240 Merge pull request #84614 from rphillips/fixes/add_cert_rotation_failure_metric
kubelet: add certificate rotation error metric

Kubernetes-commit: 205570eb75b52bc0888309c71757314bd099b3d7
2019-12-04 08:25:20 +00:00
Kubernetes Publisher
e9644b2e3e Merge pull request #85350 from liggitt/mutation-detection
Enable mutation detection in test-cmd/test-integration/test-e2e-node, improve memory impact

Kubernetes-commit: ea385aa5e9ceb823363a1592cbbaffe677f76443
2019-12-04 08:25:19 +00:00
Samuel Davidson
41735bf478 Changed Kubelet client and serving cert TTL/Expiry certs to use gaugefunc for calculating time remaining.
Kubernetes-commit: aba0b315269dab469694af7fca879438a7f87e41
2019-12-03 16:01:56 -08:00
louisgong
318a83db09 slim down some lister expansions
Kubernetes-commit: 7f5076d8ee29fbd82baace9426b3e4f9c1cdede1
2019-12-03 15:00:34 +08:00
Jordan Liggitt
f8772cd39b Retain objects for a limited lifetime in the mutation cache detector by default
Kubernetes-commit: 81d05e91b5b5e653e20cc6ab620de08abfd0cbc2
2019-11-15 13:59:58 -05:00
coryrc
8c19b9f4a6 Clarify client-go issue location (#85464)
* Clarify client-go issue location

While pull requests should be in kubernetes/kubernetes, it seems issues are
tracked in client-go repo.

* All Issues along with PRs (except README.md) should be opened in kubernetes/kubernetes

Kubernetes-commit: bc53b97ceb25338570a853845c4cdd295468ed61
2019-12-04 08:25:17 +00:00
Kubernetes Prow Robot
6894652660 Merge pull request #719 from nikhita/fix-contributingmd-to-remove-conflict
Fix CONTRIBUTING.md to avoid conflicts while publishing
2019-12-03 23:56:56 -08:00
Nikhita Raghunath
0e1c000cb7 Fix CONTRIBUTING.md to avoid conflicts while publishing
Comparing the history of:

- the CONTRIBUTING.md file in k/client-go: https://github.com/kubernetes/client-go/commits/master/CONTRIBUTING.md and
- the CONTRIBUTING.md file in staging: https://github.com/kubernetes/kubernetes/commits/master/staging/src/k8s.io/client-go/CONTRIBUTING.md

We see that the one in staging diverged from the one being published,
_even though commits were being published the bot_. The divergence occurs
because the one in staging lacks the following commit:
12a6e5ed0a (diff-6a3371457528722a734f3c51d9238c13).

This occurred because we merged a PR to k/client-go directly
(https://github.com/kubernetes/client-go/pull/421) long ago, which
instead should have been routed through staging.

The commits that were created through staging after the above PR was
merged were still being published by the bot because they didn't
introduce conflicts (and we never found out about it since no conflicts
were detected).

Recently, a PR (https://github.com/kubernetes/kubernetes/pull/85464)
introduced changes that touched the line changed by the
offending/divergent commit. When these changes were cherry-picked to the
master branch to be published, the bot complained with conflicts.

This PR brings the CONTRIBUTING.md file to a state
(36065c6dd7/staging/src/k8s.io/client-go/CONTRIBUTING.md)
before the new PR (https://github.com/kubernetes/kubernetes/pull/85464),
so that cherry-picking the changes in this PR to the master branch won't
introduce conflicts anymore.
2019-12-04 13:06:05 +05:30
Kubernetes Publisher
8d0e6f1b7b Merge pull request #75368 from mfojtik/retry-on-errors
rest: retry on connection refused and apiserver shutdown

Kubernetes-commit: 6666177f8242170d004664a6298bdd9587456602
2019-11-23 05:58:20 +00:00
Kubernetes Publisher
c4788cee6e Merge pull request #85401 from liggitt/config-quote
Test writing configurations with numeric names

Kubernetes-commit: 060d58ca8c8ebe786073f8b45c0dbd8d652d9969
2019-11-23 01:59:43 +00:00
Samuel Davidson
775f4ddf38 Added rest client metrics for client TTL and rot. (#84382)
* Added rest client metrics for client TTL and rot.

* Fixed foo bar comment, added nil checks

* Moved rotation observation inside of old cert nil check block

* Fixed rotation age logic.

* fixed BUILD for exec plugin package

* fixed null pointer dereference in exec.go

* Updated metric name, bucket, used oldest cert.

Kubernetes-commit: 9dcb3bfcff2024e4690d70262cad14668b1f2507
2019-11-22 17:29:30 -08:00
Kubernetes Publisher
571c0ef670 Merge pull request #85223 from sttts/sttts-crd-items-types
apiextensions: fix items+type logic in API due to broken go-openapi validation

Kubernetes-commit: 976712556e4bd22d5312a0af36b18127c709d54a
2019-11-21 01:58:35 +00:00
Michal Fojtik
7c85ddb6ae client-go: add connection refused to list of transient errors
Kubernetes-commit: 9aa68a5cf4b4195e5dfa9749380bc8d29be03522
2019-11-20 17:30:05 +01:00
Jordan Liggitt
a2a1463427 Test writing configurations with numeric names
Kubernetes-commit: 1f2feb2e7ec307fafa615e001ccb9bbac7d273db
2019-11-17 14:36:52 -05:00
Dr. Stefan Schimanski
145c0413a4 hack/pin-dependency.sh github.com/go-openapi/validate v0.19.5
Kubernetes-commit: ef88c43c0296e6004d0e3407a1336074897b309d
2019-11-15 13:48:59 +01:00
Kubernetes Publisher
0a8a1d7b7f Merge pull request #85305 from codenrhoden/remove-mount-pkg
Remove pkg/util/mount (moved out of tree)

Kubernetes-commit: 45e0080fd5883e3355233c9c22fa5bf242d525dd
2019-11-15 21:58:02 +00:00
Kubernetes Publisher
debe729c79 Merge pull request #85284 from yutedz/svr-check-close-ret
Check error return from closing connection

Kubernetes-commit: e3eeb7e2f000b3d51e856a1862a4fef249b6708c
2019-11-15 21:58:01 +00:00
Kubernetes Publisher
050872ffe7 Merge pull request #85272 from mm4tt/pager_fix
pager.go: don't set ResourceVersion on subsequent List calls

Kubernetes-commit: 452c8c9ad303933123ad1f0b208bc935315e8a67
2019-11-15 13:58:07 +00:00
Kubernetes Publisher
6f03b71b98 Merge pull request #85175 from liggitt/golang-org-comments
Add comments to explain golang.org replace directives

Kubernetes-commit: 24334444b46371e26594e1f6e594195a761b53d3
2019-11-14 22:01:10 +00:00
Travis Rhoden
af446e4f13 Remove pkg/util/mount (moved out of tree)
This patch removes pkg/util/mount completely, and replaces it with the
mount package now located at k8s.io/utils/mount. The code found at
k8s.io/utils/mount was moved there from pkg/util/mount, so the code is
identical, just no longer in-tree to k/k.

Kubernetes-commit: 0c5c3d8bb97d18a2a25977e92b3f7a49074c2ecb
2019-11-14 13:30:00 -07:00
Ted Yu
a4893d5271 Check error return from closing connection
Kubernetes-commit: 7bafa7d8f54326b69d41c92793eaa641d3a5b31b
2019-11-14 07:36:30 -08:00
Mateusz Matejczyk
d7b4c23325 pager.go: Don't set ResourveVersion on subsequent List calls
Ref. https://github.com/kubernetes/kubernetes/issues/85221#issuecomment-553748143

Kubernetes-commit: 977ca43d640d2a85e199a8a282e2df8ebd88055a
2019-11-14 11:34:59 +01:00
Kubernetes Publisher
1924198484 Merge pull request #84390 from robscott/endpointslice-beta
Promoting EndpointSlices to beta

Kubernetes-commit: 64f4be5b328a4df8a709b95604743086013a70e4
2019-11-14 10:07:05 +00:00
Kubernetes Publisher
1f4f5fa64a Merge pull request #85004 from deads2k/dynamic-agg-cert
dynamic reload cluster authentication info for aggregated API servers

Kubernetes-commit: 02af1dd62c4842e20e2ee7337edf032327b1c8ed
2019-11-14 10:07:03 +00:00
Kubernetes Publisher
74d7a2e0eb Merge pull request #85134 from LukeShu/lukeshu/event-docs-non-api
client-go/tools: Docs: Clarify what's "old" core/v1 and what's "new" events/v1beta1

Kubernetes-commit: 760af28f69a7cf7090abeca59e1e0703d161ace8
2019-11-14 10:07:00 +00:00
Kubernetes Publisher
5971a24b40 Merge pull request #84970 from atlassian/pdzwart/kubernetes/kubernetes/84959
- Delete backing string set from a threadSafeMap index when the string set length reaches 0.

Kubernetes-commit: 41be6d65d88728f443966da83b62d545684576ab
2019-11-14 10:06:59 +00:00
Jordan Liggitt
d3ab799453 Add comments to explain golang.org replace directives
Kubernetes-commit: 9f40e19d7ac9e2203c23814701468a26eee1964f
2019-11-12 23:54:26 -05:00
Luke Shumaker
f5d68cde58 client-go/tools: Docs: Clarify what's "old" core/v1 and what's "new" events/v1beta1
Kubernetes-commit: 2c4bb0fa4db88462a61995d9179fad801b00d69d
2019-11-12 08:30:24 -05:00
Kubernetes Publisher
dac3b9c76a Merge pull request #80284 from danielqsj/exec
Fix a racing issue in client-go UpdateTransportConfig

Kubernetes-commit: 48ddf3be87789c92e6824c9ce536c76d008f5c19
2019-11-12 10:08:11 +00:00
Kubernetes Publisher
a56922bade Merge pull request #84692 from smarterclayton/protocol_errors
Fix watch negotiation when using a non-default mime type in the client

Kubernetes-commit: c28921f248a8e6c923096154c6e87efcc188b9f0
2019-11-11 06:10:43 +00:00
Clayton Coleman
9bbcc2938d Always negotiate a decoder using ClientNegotiator
This commit performs two refactors and fixes a bug.

Refactor 1 changes the signature of Request to take a RESTClient, which
removes the extra copy of everything on RESTClient from Request. A pair
of optional constructors are added for testing. The major functional
change is that Request no longer has the shim HTTPClient interface and
so some test cases change slightly because we are now going through
http.Client code paths instead of direct to our test stubs.

Refactor 2 changes the signature of RESTClient to take a
ClientContentConfig instead of ContentConfig - the primary difference
being that ClientContentConfig uses ClientNegotiator instead of
NegotiatedSerializer and the old Serializers type. We also collapse
some redundancies (like the rate limiter can be created outside the
constructor).

The bug fix is to negotiate the streaming content type on a Watch()
like we do for requests. We stop caching the decoder and simply
resolve it on the request. We also clean up the dynamic client
and remove the extra WatchSpecificVersions() method by providing
a properly wrapped dynamic client.

Kubernetes-commit: 3b780c64b89606f4e6b21f48fb9c305d5998b9e5
2019-11-10 16:52:08 -05:00
Pete de Zwart
ab63be7642 - Delete backing string set from a threadSafeMap index when the string set length reaches 0.
- Added thread_safe_store_test exercising new index backing string set delete at 0 functionality.

- TestThreadSafeStoreDeleteRemovesEmptySetsFromIndex logic nesting inverted.

- Added test case for usage of an index where post element delete there is non-zero count of elements and expect the set to still exist.

- Fixed date.

- Fixed awprice nits.

- Fix bazel.

Kubernetes-commit: 29a051388a719e0359969b8431de8e38e955e2a6
2019-11-08 16:57:06 +11:00
Ryan Phillips
52589237eb kubelet: add certificate rotation error metric
Kubernetes-commit: 8e50c55e6bf715d9067376a9e7f136ffacb0a3ee
2019-11-05 16:51:40 -06:00
David Eads
7a5b91a7ca dynamic reload cluster authentication info for aggregated API servers
Kubernetes-commit: 3aede35b3b042e8a626e8fb9e1e181e73cd29d0a
2019-11-04 13:46:28 -05:00
David Eads
4bda71482c create utilities inspecting server TLS certs
Kubernetes-commit: e44352f31a8d506d77d2757dbb354fd539826c92
2019-11-12 10:10:26 -05:00
Clayton Coleman
881cd219a8 dynamic: The dynamic client no longer needs a special cased watch
By correctly handling content type negotiation, we can avoid the
need for a special version of watch and use the same code path as
typed clients.

Kubernetes-commit: 3f94f80b0a79293e54d7080aaf7a64d7df8b1d4a
2019-11-03 15:10:12 -05:00
matte21
ce6197e865 Fix error in periodic resyncs description
Make it clear that periodic resyncs fire update notifications, not
create notifications as the old comments incorrectly stated.

Kubernetes-commit: 3ae8c864de24a2ad42321c9cbd71099a2b6dcef3
2019-10-28 14:23:37 +01:00
matte21
85843e6e02 Clarify that OnUpdate can mask delete and recreate
Kubernetes-commit: ff543ddfc09adf3d0abdf42f9d9fbd57c3ab4b43
2019-10-28 14:12:22 +01:00
Rob Scott
370c449f1e Promoting EndpointSlices to beta
Kubernetes-commit: a7e589a8c689d1a6c0c21d47c5e6c97267822875
2019-10-25 14:59:10 -07:00
Robert Krawitz
c02e303b36 Report api request throttling at v=3
Kubernetes-commit: e7cc2c2d280f319b78462a37d32c5c7f1e6e5567
2019-07-26 12:59:34 -04:00
danielqsj
0dd469e42b Fix data race in client-go UpdateTransportConfig
Kubernetes-commit: 7518a44b18d8b225a9572f1e0c902776eb4a6eb0
2019-07-18 12:46:03 +08:00
danielqsj
51f3d77844 clean SinceInMicroseconds, convert to SinceInSeconds
Kubernetes-commit: ab182552b485ceed96c3b05d284ae9480377daf8
2019-04-15 16:18:01 +08:00
Clayton Coleman
4b146a95cd Remove deprecated-dynamic client
It is now unused.

Kubernetes-commit: c416ee584c178bb89c6cd11c93b504f2098fac0f
2019-02-12 00:31:54 -05:00
Kubernetes Publisher
3c0d1af94b Merge pull request #83840 from liggitt/json-iter
bump json-iterator dependency

Kubernetes-commit: 3387d6cfc73235fd554e5039b85abb7700eaf126
2019-11-09 10:22:09 +00:00
Kubernetes Publisher
f8f007fd45 Merge pull request #84911 from yue9944882/chore/bump-kube-openapi
Pin kube-openapi vendor to 30be4d16710a

Kubernetes-commit: dd6faa5da791c06fa23ff668e4463c3ad2b23340
2019-11-08 07:01:06 +00:00
Kubernetes Publisher
e55a71a3e0 Merge pull request #82705 from deads2k/agg-authn-publish
use controller to publish cluster authentication info

Kubernetes-commit: a5fe905be420d518892e8e8b682902deef82d1c6
2019-11-07 19:01:07 +00:00
yue9944882
656c97889d update k8s.io/kube-openapi to 30be4d16710a
Kubernetes-commit: 8e7606f32898b294fc25152ff8bd34f62d6221d3
2019-11-07 18:39:08 +08:00
Kubernetes Publisher
a537b3b527 Merge pull request #83520 from jpbetz/reflector-relist-rv
Avoid going back in time in Reflector relist (revived)

Kubernetes-commit: 8ed2f4775a0d2b13c4be790cdfc1f34bc8b6522b
2019-11-07 03:03:46 +00:00
Kubernetes Publisher
6f1579c35d Merge pull request #82809 from liggitt/go-1.13-no-modules
update to use go1.13.4

Kubernetes-commit: 695c3061dd92a6b6950f8adf0341ceb4a8dd44d7
2019-11-07 03:03:44 +00:00
Jordan Liggitt
d4d115c905 hack/update-vendor.sh
Kubernetes-commit: 297570e06a88db23e16dbdbf6ce3173fe0ae376c
2019-11-05 14:11:10 -05:00
Kubernetes Publisher
a57d0056db Merge pull request #84807 from clarklee92/ModifyTheStatusCode
Modify the status code number to HTTP status semantics

Kubernetes-commit: 43b102a83cc1d2b97a6a59f1c14967a840df2c35
2019-11-06 23:00:57 +00:00
Kubernetes Publisher
d7ea50d263 Merge pull request #84801 from mikedanese/lebug
Fix panic on configmap and lease lock implementations

Kubernetes-commit: 17d99dfbbee90b1889427874589423e4836d7108
2019-11-06 07:00:52 +00:00
Kubernetes Publisher
d063930b33 Merge pull request #84139 from sshukun/fix-typo
Fix typo in k8s.io/client-go/tools/cache/index.go

Kubernetes-commit: d297780ff6e95308bbf8b0db5ab415825014859f
2019-11-06 07:00:50 +00:00
clarklee92
d3a5e5f798 Modify the status code number to HTTP status semantics
Signed-off-by: clarklee92 <clarklee1992@hotmail.com>

Kubernetes-commit: f86f5ee14ef3c8adf9855ce16dcc57beca949719
2019-11-06 00:45:35 +08:00
Kubernetes Publisher
52092c3c67 Merge pull request #83474 from msau42/topology-ga
CSI Topology ga

Kubernetes-commit: 1d1385af915098abd8bd23ab397ee0aeaa244f1e
2019-11-05 03:03:21 +00:00
Kubernetes Publisher
a7c4a955b2 Merge pull request #84534 from sambdavidson/serverRotMetric
Add a kubelet serving cert age metric

Kubernetes-commit: 0ed66351739608660fef27de55d8e0dff6570f28
2019-11-04 19:01:07 +00:00
Mike Danese
d46fe40533 also fix nil panic in lease and add tests for #84729
Kubernetes-commit: 7907b29551c7ef87bbe398ac02836b4c87246d3d
2019-11-04 10:40:48 -08:00
Ted Yu
93a8bb4af0 Prevent panic due to Annotations being nil map
Kubernetes-commit: c5792784e1ae689cb4c949b9c556ee1e4896064a
2019-11-04 10:04:31 -08:00
Kubernetes Publisher
890ae18798 Merge pull request #83671 from yue9944882/flow-control-api-model
Apiserver flowcontrol api models

Kubernetes-commit: 510fb38f275bdfbd61b2ceba5162209e88cf9634
2019-11-02 07:00:40 +00:00
Kubernetes Publisher
e9766ae820 Merge pull request #84604 from codenrhoden/update-utils-dep
Update k8s.io/utils dependency to latest

Kubernetes-commit: 97e28edb6620568d985f3b03b495a0a373aa8750
2019-11-01 23:00:44 +00:00
Kubernetes Publisher
940f075619 Merge pull request #84503 from wojtek-t/remove_conversion_funcs_2
Cleanup clientcmd api conversions

Kubernetes-commit: 07023f2a7f050fb6df5a552289bf3e7165eba94c
2019-11-01 19:03:46 +00:00
Travis Rhoden
ecaa2792f4 Update k8s.io/utils dependency to latest
Kubernetes-commit: 81f66ecbb5ff359ac765c7f332289dd8c1737c39
2019-10-31 08:35:01 -06:00
Samuel Davidson
7bd7ed8621 Added rotation metric to certificate manager
Kubernetes-commit: 7adb18120079016ed8aea1bd40e5cde161827a1d
2019-10-28 14:09:40 -07:00
yue9944882
808ced1183 [generated] ./hack/update-all.sh
generated

generated

generated

rule

generated

generated

Kubernetes-commit: 6db3edff108c568a20688e575be4164768836cd7
2019-10-23 15:17:55 +08:00
sshukun
cd92d91e0f Fix typo in k8s.io/client-go/tools/cache/index.go
Kubernetes-commit: a0d3e6750ecbc67d017c2c67d0ff6f12e1b0c1f1
2019-10-21 13:30:45 +09:00
Michelle Au
69cd73bcf4 generated files
Kubernetes-commit: 9268d4053928488ea58829484bd59537b89da205
2019-10-18 18:09:02 -07:00
Jordan Liggitt
5c806db031 bump github.com/json-iterator/go v1.1.8
Kubernetes-commit: e323279ab94e2434fa610a476ad6d7630228be0e
2019-10-12 10:10:03 -04:00
Joe Betz
a3f022a93c Add HTTP 410 (Gone) status code checks to reflector and relist with RV=''
Kubernetes-commit: e2fe126d485af243d45f06bafd2ca83931881429
2019-10-09 16:45:32 -07:00
Joe Betz
54033229aa Handle expired errors with RV>0 in pager, don't full list if 1st page is expired
Kubernetes-commit: 1f3dc14eea231c90819cbba06f25cb4221236b3f
2019-10-04 17:08:22 -07:00
David Eads
5aa4fef661 publish cluster authentication trust via controller
Kubernetes-commit: 7351c8686031b320f61c70fe065d3c039dda0a99
2019-09-09 10:17:00 -04:00
wojtekt
7d13a606b3 Avoid going back in time in reflector framework
Kubernetes-commit: b2b285a766540278a768dc9e6bd07a3a676ae543
2018-08-29 11:40:25 +02:00
48 changed files with 1058 additions and 678 deletions

View File

@@ -1,8 +1,6 @@
# Contributing guidelines
Do not open pull requests directly against this repository. They will be ignored. Instead, please open pull requests against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/).
The exception is changes to the `README.md` itself.
Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes.
Do not open pull requests directly against kubernetes/client-go repository (except for README.md); they will be ignored. Instead, please open pull requests and issues against [kubernetes/kubernetes](https://git.k8s.io/kubernetes/). Please follow the same [contributing guide](https://git.k8s.io/kubernetes/CONTRIBUTING.md) you would follow for any other pull request made to kubernetes/kubernetes.
This repository is published from [kubernetes/kubernetes/staging/src/k8s.io/client-go](https://git.k8s.io/kubernetes/staging/src/k8s.io/client-go) by the [kubernetes publishing-bot](https://git.k8s.io/publishing-bot).

18
Godeps/Godeps.json generated
View File

@@ -68,7 +68,7 @@
},
{
"ImportPath": "github.com/elazarl/goproxy",
"Rev": "c4fc26588b6e"
"Rev": "947c36da3153"
},
{
"ImportPath": "github.com/emicklei/go-restful",
@@ -108,7 +108,7 @@
},
{
"ImportPath": "github.com/gogo/protobuf",
"Rev": "65acae22fc9d"
"Rev": "v1.3.1"
},
{
"ImportPath": "github.com/golang/glog",
@@ -156,7 +156,7 @@
},
{
"ImportPath": "github.com/googleapis/gnostic",
"Rev": "0c5108395e2d"
"Rev": "v0.1.0"
},
{
"ImportPath": "github.com/gophercloud/gophercloud",
@@ -228,7 +228,7 @@
},
{
"ImportPath": "github.com/onsi/ginkgo",
"Rev": "v1.10.1"
"Rev": "v1.11.0"
},
{
"ImportPath": "github.com/onsi/gomega",
@@ -256,7 +256,7 @@
},
{
"ImportPath": "github.com/stretchr/testify",
"Rev": "v1.3.0"
"Rev": "v1.4.0"
},
{
"ImportPath": "go.opencensus.io",
@@ -340,7 +340,7 @@
},
{
"ImportPath": "gopkg.in/yaml.v2",
"Rev": "v2.2.4"
"Rev": "v2.2.7"
},
{
"ImportPath": "honnef.co/go/tools",
@@ -348,11 +348,11 @@
},
{
"ImportPath": "k8s.io/api",
"Rev": "457dff596cdb"
"Rev": "v0.18.0-alpha.2"
},
{
"ImportPath": "k8s.io/apimachinery",
"Rev": "62c7b2358269"
"Rev": "v0.18.0-alpha.2"
},
{
"ImportPath": "k8s.io/gengo",
@@ -368,7 +368,7 @@
},
{
"ImportPath": "k8s.io/utils",
"Rev": "e782cd3c129f"
"Rev": "9e5e9d854fcc"
},
{
"ImportPath": "sigs.k8s.io/structured-merge-diff",

View File

@@ -52,14 +52,30 @@ go mod init
### Add client-go as a dependency
Indicate which version of `client-go` your project requires (replace `kubernetes-1.15.0` with the desired version):
Indicate which version of `client-go` your project requires:
- If you are using Kubernetes versions >= `v1.17.0`, use a corresponding
`v0.x.y` tag. For example, `k8s.io/client-go@v0.17.0` corresponds to Kubernetes `v1.17.0`:
```sh
go get k8s.io/client-go@kubernetes-1.15.0
go get k8s.io/client-go@v0.17.0
```
You can also use a non-semver `kubernetes-1.x.y` tag to refer to a version
of `client-go` corresponding to a given Kubernetes release. Prior to Kubernetes
`v1.17.0` these were the only tags available for use with go modules.
For example, `kubernetes-1.16.3` corresponds to Kubernetes `v1.16.3`.
However, it is recommended to use semver-like `v0.x.y` tags over non-semver
`kubernetes-1.x.y` tags to have a seamless experience with go modules.
- If you are using Kubernetes versions < `v1.17.0` (replace `kubernetes-1.16.3` with the desired version):
```sh
go get k8s.io/client-go@kubernetes-1.16.3
```
You can now import and use the `k8s.io/client-go` APIs in your project.
The next time you `go build`, `go test`, or `go run` your project,
`k8s.io/client-go` and its dependencies will be downloaded (if needed),
and detailed dependency version info will be added to your `go.mod` file
(or you can also run `go mod tidy` to do this directly).
(or you can also run `go mod tidy` to do this directly).

105
README.md
View File

@@ -2,7 +2,8 @@
Go clients for talking to a [kubernetes](http://kubernetes.io/) cluster.
We recommend using the `kubernetes-1.x.y` tag matching the current Kubernetes release (`kubernetes-1.15.3` at the time this was written).
We recommend using the `v0.x.y` tags for Kubernetes releases >= `v1.17.0` and
`kubernetes-1.x.y` tags for Kubernetes releases < `v1.17.0`.
See [INSTALL.md](/INSTALL.md) for detailed installation instructions.
`go get k8s.io/client-go@master` works, but will fetch `master`, which may be less stable than a tagged release.
@@ -44,42 +45,31 @@ See [INSTALL.md](/INSTALL.md) for detailed installation instructions.
### Versioning
`client-go` follows [semver](http://semver.org/). We will not make
backwards-incompatible changes without incrementing the major version number. A
change is backwards-incompatible either if it *i)* changes the public interfaces
of `client-go`, or *ii)* makes `client-go` incompatible with otherwise supported
versions of Kubernetes clusters.
- For each `v1.x.y` Kubernetes release, the major version (first digit)
would remain `0`.
Changes that add features in a backwards-compatible way will result in bumping
the minor version (second digit) number.
Bugfixes will result in the patch version (third digit) changing. PRs that are
- Bugfixes will result in the patch version (third digit) changing. PRs that are
cherry-picked into an older Kubernetes release branch will result in an update
to the corresponding branch in `client-go`, with a corresponding new tag
changing the patch version.
A consequence of this is that `client-go` version numbers will be unrelated to
Kubernetes version numbers.
#### Branches and tags.
We will create a new branch and tag for each increment in the major version number or
minor version number. We will create only a new tag for each increment in the patch
We will create a new branch and tag for each increment in the minor version
number. We will create only a new tag for each increment in the patch
version number. See [semver](http://semver.org/) for definitions of major,
minor, and patch.
The master branch will track HEAD in the main Kubernetes repo and
accumulate changes. Consider HEAD to have the version `x.(y+1).0-alpha` or
`(x+1).0.0-alpha` (depending on whether it has accumulated a breaking change or
not), where `x` and `y` are the current major and minor versions.
The HEAD of the master branch in client-go will track the HEAD of the master
branch in the main Kubernetes repo.
#### Compatibility: your code <-> client-go
`client-go` follows [semver](http://semver.org/), so until the major version of
client-go gets increased, your code will compile and will continue to work with
explicitly supported versions of Kubernetes clusters. You must use a dependency
management system and pin a specific major version of `client-go` to get this
benefit, as HEAD follows the upstream Kubernetes repo.
The `v0.x.y` tags indicate that go APIs may change in incompatible ways in
different versions.
See [INSTALL.md](INSTALL.md) for guidelines on requiring a specific
version of client-go.
#### Compatibility: client-go <-> Kubernetes clusters
@@ -92,16 +82,12 @@ We will backport bugfixes--but not new features--into older versions of
#### Compatibility matrix
| | Kubernetes 1.9 | Kubernetes 1.10 | Kubernetes 1.11 | Kubernetes 1.12 | Kubernetes 1.13 | Kubernetes 1.14 | Kubernetes 1.15 |
|---------------------|----------------|-----------------|-----------------|-----------------|-----------------|-----------------|-----------------|
| client-go 6.0 | ✓ | +- | +- | +- | +- | +- | +- |
| client-go 7.0 | +- | ✓ | +- | +- | +- | +- | +- |
| client-go 8.0 | +- | +- | ✓ | +- | +- | +- | +- |
| client-go 9.0 | +- | +- | +- | ✓ | +- | +- | +- |
| client-go 10.0 | +- | +- | +- | +- | ✓ | +- | +- |
| client-go 11.0 | +- | +- | +- | +- | +- | ✓ | +- |
| client-go 12.0 | +- | +- | +- | +- | +- | +- | ✓ |
| client-go HEAD | +- | +- | +- | +- | +- | +- | +- |
| | Kubernetes 1.15 | Kubernetes 1.16 | Kubernetes 1.17 |
|-------------------------------|-----------------|-----------------|-----------------|
| `kubernetes-1.15.0` | ✓ | +- | +- |
| `kubernetes-1.16.0` | +- | ✓ | +- |
| `kubernetes-1.17.0`/`v0.17.0` | +- | +- | ✓ |
| `HEAD` | +- | +- | +- |
Key:
@@ -122,19 +108,21 @@ between client-go versions.
| Branch | Canonical source code location | Maintenance status |
|----------------|--------------------------------------|-------------------------------|
| client-go 1.4 | Kubernetes main repo, 1.4 branch | = - |
| client-go 1.5 | Kubernetes main repo, 1.5 branch | = - |
| client-go 2.0 | Kubernetes main repo, 1.5 branch | = - |
| client-go 3.0 | Kubernetes main repo, 1.6 branch | = - |
| client-go 4.0 | Kubernetes main repo, 1.7 branch | = - |
| client-go 5.0 | Kubernetes main repo, 1.8 branch | = - |
| client-go 6.0 | Kubernetes main repo, 1.9 branch | = - |
| client-go 7.0 | Kubernetes main repo, 1.10 branch | = - |
| client-go 8.0 | Kubernetes main repo, 1.11 branch | =- |
| client-go 9.0 | Kubernetes main repo, 1.12 branch | =- |
| client-go 10.0 | Kubernetes main repo, 1.13 branch | |
| client-go 11.0 | Kubernetes main repo, 1.14 branch | ✓ |
| client-go 12.0 | Kubernetes main repo, 1.15 branch | ✓ |
| `release-1.4` | Kubernetes main repo, 1.4 branch | = - |
| `release-1.5` | Kubernetes main repo, 1.5 branch | = - |
| `release-2.0` | Kubernetes main repo, 1.5 branch | = - |
| `release-3.0` | Kubernetes main repo, 1.6 branch | = - |
| `release-4.0` | Kubernetes main repo, 1.7 branch | = - |
| `release-5.0` | Kubernetes main repo, 1.8 branch | = - |
| `release-6.0` | Kubernetes main repo, 1.9 branch | = - |
| `release-7.0` | Kubernetes main repo, 1.10 branch | = - |
| `release-8.0` | Kubernetes main repo, 1.11 branch | =- |
| `release-9.0` | Kubernetes main repo, 1.12 branch | =- |
| `release-10.0` | Kubernetes main repo, 1.13 branch | =- |
| `release-11.0` | Kubernetes main repo, 1.14 branch | ✓ |
| `release-12.0` | Kubernetes main repo, 1.15 branch | ✓ |
| `release-13.0` | Kubernetes main repo, 1.16 branch | ✓ |
| `release-14.0` | Kubernetes main repo, 1.17 branch | ✓ |
| client-go HEAD | Kubernetes main repo, master branch | ✓ |
Key:
@@ -161,14 +149,19 @@ existing users won't be broken.
This repository is still a mirror of
[k8s.io/kubernetes/staging/src/client-go](https://github.com/kubernetes/kubernetes/tree/master/staging/src/k8s.io/client-go),
the code development is still done in the staging area. Since Kubernetes 1.8
release, when syncing the code from the staging area, we also sync the Kubernetes
version tags to client-go, prefixed with "kubernetes-". For example, if you check
out the `kubernetes-1.15.3` tag in client-go, the code you get is exactly the
same as if you check out the `v1.15.3` tag in Kubernetes, and change directory to
`staging/src/k8s.io/client-go`. The purpose is to let users quickly find matching
commits among published repos, like
[sample-apiserver](https://github.com/kubernetes/sample-apiserver),
the code development is still done in the staging area.
Since Kubernetes `v1.8.0`, when syncing the code from the staging area,
we also sync the Kubernetes version tags to client-go, prefixed with
`kubernetes-`. From Kubernetes `v1.17.0`, we also create matching semver
`v0.x.y` tags for each `v1.x.y` Kubernetes release.
For example, if you check out the `kubernetes-1.17.0` or the `v0.17.0` tag in
client-go, the code you get is exactly the same as if you check out the `v1.17.0`
tag in Kubernetes, and change directory to `staging/src/k8s.io/client-go`.
The purpose is to let users quickly find matching commits among published repos,
like [sample-apiserver](https://github.com/kubernetes/sample-apiserver),
[apiextension-apiserver](https://github.com/kubernetes/apiextensions-apiserver),
etc. The Kubernetes version tag does NOT claim any backwards compatibility
guarantees for client-go. Please check the [semantic versions](#versioning) if
@@ -179,7 +172,7 @@ you care about backwards compatibility.
Use go1.11+ and fetch the desired version using the `go get` command. For example:
```
go get k8s.io/client-go@kubernetes-1.15.3
go get k8s.io/client-go@v0.17.0
```
See [INSTALL.md](/INSTALL.md) for detailed instructions.

View File

@@ -463,6 +463,13 @@ func setDiscoveryDefaults(config *restclient.Config) error {
if config.Timeout == 0 {
config.Timeout = defaultTimeout
}
if config.Burst == 0 && config.QPS < 100 {
// discovery is expected to be bursty, increase the default burst
// to accommodate looking up resource info for many API groups.
// matches burst set by ConfigFlags#ToDiscoveryClient().
// see https://issue.k8s.io/86149
config.Burst = 100
}
codec := runtime.NoopEncoder{Decoder: scheme.Codecs.UniversalDecoder()}
config.NegotiatedSerializer = serializer.NegotiatedSerializerWrapper(runtime.SerializerInfo{Serializer: codec})
if len(config.UserAgent) == 0 {

View File

@@ -24,6 +24,7 @@ import (
"net/http/httptest"
"reflect"
"testing"
"time"
"github.com/gogo/protobuf/proto"
"github.com/googleapis/gnostic/OpenAPIv2"
@@ -198,6 +199,26 @@ func TestGetServerResources(t *testing.T) {
{Name: "jobs", Namespaced: true, Kind: "Job"},
},
}
extensionsbeta3 := metav1.APIResourceList{GroupVersion: "extensions/v1beta3", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta4 := metav1.APIResourceList{GroupVersion: "extensions/v1beta4", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta5 := metav1.APIResourceList{GroupVersion: "extensions/v1beta5", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta6 := metav1.APIResourceList{GroupVersion: "extensions/v1beta6", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta7 := metav1.APIResourceList{GroupVersion: "extensions/v1beta7", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta8 := metav1.APIResourceList{GroupVersion: "extensions/v1beta8", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta9 := metav1.APIResourceList{GroupVersion: "extensions/v1beta9", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
extensionsbeta10 := metav1.APIResourceList{GroupVersion: "extensions/v1beta10", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta1 := metav1.APIResourceList{GroupVersion: "apps/v1beta1", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta2 := metav1.APIResourceList{GroupVersion: "apps/v1beta2", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta3 := metav1.APIResourceList{GroupVersion: "apps/v1beta3", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta4 := metav1.APIResourceList{GroupVersion: "apps/v1beta4", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta5 := metav1.APIResourceList{GroupVersion: "apps/v1beta5", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta6 := metav1.APIResourceList{GroupVersion: "apps/v1beta6", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta7 := metav1.APIResourceList{GroupVersion: "apps/v1beta7", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta8 := metav1.APIResourceList{GroupVersion: "apps/v1beta8", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta9 := metav1.APIResourceList{GroupVersion: "apps/v1beta9", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
appsbeta10 := metav1.APIResourceList{GroupVersion: "apps/v1beta10", APIResources: []metav1.APIResource{{Name: "deployments", Namespaced: true, Kind: "Deployment"}}}
tests := []struct {
resourcesList *metav1.APIResourceList
path string
@@ -232,6 +253,42 @@ func TestGetServerResources(t *testing.T) {
list = &beta
case "/apis/extensions/v1beta2":
list = &beta2
case "/apis/extensions/v1beta3":
list = &extensionsbeta3
case "/apis/extensions/v1beta4":
list = &extensionsbeta4
case "/apis/extensions/v1beta5":
list = &extensionsbeta5
case "/apis/extensions/v1beta6":
list = &extensionsbeta6
case "/apis/extensions/v1beta7":
list = &extensionsbeta7
case "/apis/extensions/v1beta8":
list = &extensionsbeta8
case "/apis/extensions/v1beta9":
list = &extensionsbeta9
case "/apis/extensions/v1beta10":
list = &extensionsbeta10
case "/apis/apps/v1beta1":
list = &appsbeta1
case "/apis/apps/v1beta2":
list = &appsbeta2
case "/apis/apps/v1beta3":
list = &appsbeta3
case "/apis/apps/v1beta4":
list = &appsbeta4
case "/apis/apps/v1beta5":
list = &appsbeta5
case "/apis/apps/v1beta6":
list = &appsbeta6
case "/apis/apps/v1beta7":
list = &appsbeta7
case "/apis/apps/v1beta8":
list = &appsbeta8
case "/apis/apps/v1beta9":
list = &appsbeta9
case "/apis/apps/v1beta10":
list = &appsbeta10
case "/api":
list = &metav1.APIVersions{
Versions: []string{
@@ -241,11 +298,34 @@ func TestGetServerResources(t *testing.T) {
case "/apis":
list = &metav1.APIGroupList{
Groups: []metav1.APIGroup{
{
Name: "apps",
Versions: []metav1.GroupVersionForDiscovery{
{GroupVersion: "apps/v1beta1", Version: "v1beta1"},
{GroupVersion: "apps/v1beta2", Version: "v1beta2"},
{GroupVersion: "apps/v1beta3", Version: "v1beta3"},
{GroupVersion: "apps/v1beta4", Version: "v1beta4"},
{GroupVersion: "apps/v1beta5", Version: "v1beta5"},
{GroupVersion: "apps/v1beta6", Version: "v1beta6"},
{GroupVersion: "apps/v1beta7", Version: "v1beta7"},
{GroupVersion: "apps/v1beta8", Version: "v1beta8"},
{GroupVersion: "apps/v1beta9", Version: "v1beta9"},
{GroupVersion: "apps/v1beta10", Version: "v1beta10"},
},
},
{
Name: "extensions",
Versions: []metav1.GroupVersionForDiscovery{
{GroupVersion: "extensions/v1beta1", Version: "v1beta1"},
{GroupVersion: "extensions/v1beta2", Version: "v1beta2"},
{GroupVersion: "extensions/v1beta3", Version: "v1beta3"},
{GroupVersion: "extensions/v1beta4", Version: "v1beta4"},
{GroupVersion: "extensions/v1beta5", Version: "v1beta5"},
{GroupVersion: "extensions/v1beta6", Version: "v1beta6"},
{GroupVersion: "extensions/v1beta7", Version: "v1beta7"},
{GroupVersion: "extensions/v1beta8", Version: "v1beta8"},
{GroupVersion: "extensions/v1beta9", Version: "v1beta9"},
{GroupVersion: "extensions/v1beta10", Version: "v1beta10"},
},
},
},
@@ -265,8 +345,8 @@ func TestGetServerResources(t *testing.T) {
w.Write(output)
}))
defer server.Close()
client := NewDiscoveryClientForConfigOrDie(&restclient.Config{Host: server.URL})
for _, test := range tests {
client := NewDiscoveryClientForConfigOrDie(&restclient.Config{Host: server.URL})
got, err := client.ServerResourcesForGroupVersion(test.request)
if test.expectErr {
if err == nil {
@@ -283,12 +363,40 @@ func TestGetServerResources(t *testing.T) {
}
}
client := NewDiscoveryClientForConfigOrDie(&restclient.Config{Host: server.URL})
start := time.Now()
serverResources, err := client.ServerResources()
if err != nil {
t.Errorf("unexpected error: %v", err)
}
end := time.Now()
if d := end.Sub(start); d > time.Second {
t.Errorf("took too long to perform discovery: %s", d)
}
serverGroupVersions := groupVersions(serverResources)
expectedGroupVersions := []string{"v1", "extensions/v1beta1", "extensions/v1beta2"}
expectedGroupVersions := []string{
"v1",
"apps/v1beta1",
"apps/v1beta2",
"apps/v1beta3",
"apps/v1beta4",
"apps/v1beta5",
"apps/v1beta6",
"apps/v1beta7",
"apps/v1beta8",
"apps/v1beta9",
"apps/v1beta10",
"extensions/v1beta1",
"extensions/v1beta2",
"extensions/v1beta3",
"extensions/v1beta4",
"extensions/v1beta5",
"extensions/v1beta6",
"extensions/v1beta7",
"extensions/v1beta8",
"extensions/v1beta9",
"extensions/v1beta10",
}
if !reflect.DeepEqual(expectedGroupVersions, serverGroupVersions) {
t.Errorf("unexpected group versions: %v", diff.ObjectReflectDiff(expectedGroupVersions, serverGroupVersions))
}

View File

@@ -26,13 +26,12 @@ import (
"strings"
"testing"
"k8s.io/api/core/v1"
v1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/apimachinery/pkg/util/sets"
"k8s.io/client-go/discovery"
"k8s.io/client-go/kubernetes/scheme"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/rest/fake"
)
@@ -82,23 +81,16 @@ func TestServerSupportsVersion(t *testing.T) {
}
for _, test := range tests {
fakeClient := &fake.RESTClient{
NegotiatedSerializer: scheme.Codecs,
Resp: &http.Response{
StatusCode: test.statusCode,
Body: objBody(&metav1.APIVersions{Versions: test.serverVersions}),
},
Client: fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) {
if test.sendErr != nil {
return nil, test.sendErr
}
header := http.Header{}
header.Set("Content-Type", runtime.ContentTypeJSON)
return &http.Response{StatusCode: test.statusCode, Header: header, Body: objBody(&metav1.APIVersions{Versions: test.serverVersions})}, nil
}),
}
fakeClient := fake.CreateHTTPClient(func(req *http.Request) (*http.Response, error) {
if test.sendErr != nil {
return nil, test.sendErr
}
header := http.Header{}
header.Set("Content-Type", runtime.ContentTypeJSON)
return &http.Response{StatusCode: test.statusCode, Header: header, Body: objBody(&metav1.APIVersions{Versions: test.serverVersions})}, nil
})
c := discovery.NewDiscoveryClientForConfigOrDie(&restclient.Config{})
c.RESTClient().(*restclient.RESTClient).Client = fakeClient.Client
c.RESTClient().(*restclient.RESTClient).Client = fakeClient
err := discovery.ServerSupportsVersion(c, test.requiredVersion)
if err == nil && test.expectErr != nil {
t.Errorf("expected error, got nil for [%s].", test.name)

18
go.mod
View File

@@ -2,7 +2,7 @@
module k8s.io/client-go
go 1.12
go 1.13
require (
cloud.google.com/go v0.38.0 // indirect
@@ -10,34 +10,34 @@ require (
github.com/Azure/go-autorest/autorest/adal v0.5.0
github.com/davecgh/go-spew v1.1.1
github.com/evanphx/json-patch v4.2.0+incompatible
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d
github.com/gogo/protobuf v1.3.1
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903
github.com/golang/protobuf v1.3.2
github.com/google/btree v1.0.0 // indirect
github.com/google/gofuzz v1.0.0
github.com/google/uuid v1.1.1
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d
github.com/googleapis/gnostic v0.1.0
github.com/gophercloud/gophercloud v0.1.0
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7
github.com/imdario/mergo v0.3.5
github.com/peterbourgon/diskv v2.0.1+incompatible
github.com/spf13/pflag v1.0.5
github.com/stretchr/testify v1.3.0
github.com/stretchr/testify v1.4.0
golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586
golang.org/x/net v0.0.0-20191004110552-13f9640d40b9
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45
golang.org/x/time v0.0.0-20190308202827-9d24e82272b4
google.golang.org/appengine v1.5.0 // indirect
k8s.io/api v0.0.0-20191118180058-457dff596cdb
k8s.io/apimachinery v0.0.0-20191117110801-62c7b2358269
k8s.io/api v0.18.0-alpha.2
k8s.io/apimachinery v0.18.0-alpha.2
k8s.io/klog v1.0.0
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f
k8s.io/utils v0.0.0-20191217005138-9e5e9d854fcc
sigs.k8s.io/yaml v1.1.0
)
replace (
golang.org/x/sys => golang.org/x/sys v0.0.0-20190813064441-fde4db37ae7a // pinned to release-branch.go1.13
golang.org/x/tools => golang.org/x/tools v0.0.0-20190821162956-65e3620a7ae7 // pinned to release-branch.go1.13
k8s.io/api => k8s.io/api v0.0.0-20191118180058-457dff596cdb
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20191117110801-62c7b2358269
k8s.io/api => k8s.io/api v0.18.0-alpha.2
k8s.io/apimachinery => k8s.io/apimachinery v0.18.0-alpha.2
)

28
go.sum
View File

@@ -29,8 +29,8 @@ github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumC
github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96 h1:cenwrSVm+Z7QLSV/BsnenAOcDXdX4cMv4wP0B/5QbPg=
github.com/docker/spdystream v0.0.0-20160310174837-449fdfce4d96/go.mod h1:Qh8CwZgvJUkLughtfhJv5dyTYa91l1fOUCrgjqmcifM=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e h1:p1yVGRW3nmb85p1Sh1ZJSDm4A4iKLS5QNbvUHMgGu/M=
github.com/elazarl/goproxy v0.0.0-20170405201442-c4fc26588b6e/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153 h1:yUdfgN0XgIJw7foRItutHYUIhlcKzcSf5vDpdhQAKTc=
github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
github.com/evanphx/json-patch v4.2.0+incompatible h1:fUDGZCv/7iAN7u0puUVhvKCcsR6vRfwrJatElLBEf0I=
github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -42,8 +42,8 @@ github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+
github.com/go-openapi/jsonreference v0.0.0-20160704190145-13c6e3589ad9/go.mod h1:W3Z9FmVs9qj+KR4zFKmDPGiLdk1D9Rlm7cyMvf57TTg=
github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc=
github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d h1:3PaI8p3seN09VjbTYC/QWlUZdZ1qS1zGjy7LH2Wt07I=
github.com/gogo/protobuf v1.2.2-0.20190723190241-65acae22fc9d/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/gogo/protobuf v1.3.1 h1:DqDEcV5aeaTmdFBePNpYsp3FlcVH/2ISVVM9Qf8PSls=
github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903 h1:LbsanbbD6LieFkXbj9YNNBupiGHJgFeLpO0j0Fza1h8=
github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -70,6 +70,8 @@ github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+
github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d h1:7XGaL1e6bYS1yIonGp9761ExpPPV1ui0SAC59Yube9k=
github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/googleapis/gnostic v0.1.0 h1:rVsPeBmXbYv4If/cumu1AzZPwV58q433hvONV1UEZoI=
github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY=
github.com/gophercloud/gophercloud v0.1.0 h1:P/nh25+rzXouhytV2pUHBb65fnds26Ghl8/391+sT5o=
github.com/gophercloud/gophercloud v0.1.0/go.mod h1:vxM41WHh5uqHVBMZHzuwNOHh8XEoIEcSTewFxm1c5g8=
github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7 h1:pdN6V1QBWetyv/0+wjACpqVH+eVULgEjkurDLq3goeM=
@@ -106,8 +108,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+
github.com/onsi/ginkgo v0.0.0-20170829012221-11459a886d9c/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.6.0 h1:Ix8l273rp3QzYgXSR+c8d1fTG7UPgYkOSELPhiY/YGw=
github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.10.1 h1:q/mM8GF/n0shIN8SaAZ0V+jnLPzen6WIVZdiwrRlMlo=
github.com/onsi/ginkgo v1.10.1/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/ginkgo v1.11.0 h1:JAKSXpt1YjtLA7YpPiqO9ss6sNXEsPfSGdwN0UHqzrw=
github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA=
github.com/onsi/gomega v1.7.0 h1:XPnZz8VVBHjVsy1vzJmRwIcSwiUO+JFfrv/xGiigmME=
github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
@@ -124,6 +126,8 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
github.com/stretchr/testify v0.0.0-20151208002404-e3a8ff8ce365/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
golang.org/x/crypto v0.0.0-20190211182817-74369b46fc67/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -187,12 +191,12 @@ gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4 h1:/eiJrUcujPVeJ3xlSWaiNi3uSVmDGBK1pDHUHAnao1I=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.7 h1:VUgggvou5XRW9mHwD/yXxIYSMtY0zoKQf/v226p2nyo=
gopkg.in/yaml.v2 v2.2.7/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
k8s.io/api v0.0.0-20191118180058-457dff596cdb/go.mod h1:4g8ukA5bUH6aEoZJmpKbV9zNLu6ZVoGCQ8Q6WF2JO+M=
k8s.io/apimachinery v0.0.0-20191117110801-62c7b2358269/go.mod h1:dXFS2zaQR8fyzuvRdJDHw2Aerij/yVGJSre0bZQSVJA=
k8s.io/api v0.18.0-alpha.2/go.mod h1:jmDzGjASmjc+X3sojto6zy8iHsZEpgdnqHz0aWfRTEg=
k8s.io/apimachinery v0.18.0-alpha.2/go.mod h1:j05cPXobKCShrrgR2gz+Wsw3flBA+nvUoLQLo1PdydY=
k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0=
k8s.io/klog v0.0.0-20181102134211-b9b56d5dfc92/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
k8s.io/klog v0.3.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk=
@@ -200,8 +204,8 @@ k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8=
k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a h1:UcxjrRMyNx/i/y8G7kPvLyy7rfbeuf1PYyBf973pgyU=
k8s.io/kube-openapi v0.0.0-20191107075043-30be4d16710a/go.mod h1:1TqjTSzOxsLGIKfj0lK8EeCP7K1iUG65v09OM0/WG5E=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f h1:GiPwtSzdP43eI1hpPCbROQCCIgCuiMMNF8YUVLF3vJo=
k8s.io/utils v0.0.0-20191114184206-e782cd3c129f/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
k8s.io/utils v0.0.0-20191217005138-9e5e9d854fcc h1:MUttqhwRgupMiA5ps5F3d2/NLkU8EZSECTGxrQxqM54=
k8s.io/utils v0.0.0-20191217005138-9e5e9d854fcc/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew=
sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=

View File

@@ -1,70 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"fmt"
apps "k8s.io/api/apps/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface {
GetDeploymentsForReplicaSet(rs *apps.ReplicaSet) ([]*apps.Deployment, error)
}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}
// GetDeploymentsForReplicaSet returns a list of Deployments that potentially
// match a ReplicaSet. Only the one specified in the ReplicaSet's ControllerRef
// will actually manage it.
// Returns an error only if no matching Deployments are found.
func (s *deploymentLister) GetDeploymentsForReplicaSet(rs *apps.ReplicaSet) ([]*apps.Deployment, error) {
if len(rs.Labels) == 0 {
return nil, fmt.Errorf("no deployments found for ReplicaSet %v because it has no labels", rs.Name)
}
// TODO: MODIFY THIS METHOD so that it checks for the podTemplateSpecHash label
dList, err := s.Deployments(rs.Namespace).List(labels.Everything())
if err != nil {
return nil, err
}
var deployments []*apps.Deployment
for _, d := range dList {
selector, err := metav1.LabelSelectorAsSelector(d.Spec.Selector)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a deployment with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(rs.Labels)) {
continue
}
deployments = append(deployments, d)
}
if len(deployments) == 0 {
return nil, fmt.Errorf("could not find deployments set for ReplicaSet %s in namespace %s with labels: %v", rs.Name, rs.Namespace, rs.Labels)
}
return deployments, nil
}

View File

@@ -25,3 +25,11 @@ type ControllerRevisionListerExpansion interface{}
// ControllerRevisionNamespaceListerExpansion allows custom methods to be added to
// ControllerRevisionNamespaceLister.
type ControllerRevisionNamespaceListerExpansion interface{}
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface{}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}

View File

@@ -1,70 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta2
import (
"fmt"
apps "k8s.io/api/apps/v1beta2"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface {
GetDeploymentsForReplicaSet(rs *apps.ReplicaSet) ([]*apps.Deployment, error)
}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}
// GetDeploymentsForReplicaSet returns a list of Deployments that potentially
// match a ReplicaSet. Only the one specified in the ReplicaSet's ControllerRef
// will actually manage it.
// Returns an error only if no matching Deployments are found.
func (s *deploymentLister) GetDeploymentsForReplicaSet(rs *apps.ReplicaSet) ([]*apps.Deployment, error) {
if len(rs.Labels) == 0 {
return nil, fmt.Errorf("no deployments found for ReplicaSet %v because it has no labels", rs.Name)
}
// TODO: MODIFY THIS METHOD so that it checks for the podTemplateSpecHash label
dList, err := s.Deployments(rs.Namespace).List(labels.Everything())
if err != nil {
return nil, err
}
var deployments []*apps.Deployment
for _, d := range dList {
selector, err := metav1.LabelSelectorAsSelector(d.Spec.Selector)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a deployment with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(rs.Labels)) {
continue
}
deployments = append(deployments, d)
}
if len(deployments) == 0 {
return nil, fmt.Errorf("could not find deployments set for ReplicaSet %s in namespace %s with labels: %v", rs.Name, rs.Namespace, rs.Labels)
}
return deployments, nil
}

View File

@@ -25,3 +25,11 @@ type ControllerRevisionListerExpansion interface{}
// ControllerRevisionNamespaceListerExpansion allows custom methods to be added to
// ControllerRevisionNamespaceLister.
type ControllerRevisionNamespaceListerExpansion interface{}
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface{}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}

View File

@@ -58,6 +58,10 @@ type LimitRangeNamespaceListerExpansion interface{}
// NamespaceLister.
type NamespaceListerExpansion interface{}
// NodeListerExpansion allows custom methods to be added to
// NodeLister.
type NodeListerExpansion interface{}
// PersistentVolumeListerExpansion allows custom methods to be added to
// PersistentVolumeLister.
type PersistentVolumeListerExpansion interface{}
@@ -102,6 +106,14 @@ type SecretListerExpansion interface{}
// SecretNamespaceLister.
type SecretNamespaceListerExpansion interface{}
// ServiceListerExpansion allows custom methods to be added to
// ServiceLister.
type ServiceListerExpansion interface{}
// ServiceNamespaceListerExpansion allows custom methods to be added to
// ServiceNamespaceLister.
type ServiceNamespaceListerExpansion interface{}
// ServiceAccountListerExpansion allows custom methods to be added to
// ServiceAccountLister.
type ServiceAccountListerExpansion interface{}

View File

@@ -1,48 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/labels"
)
// NodeConditionPredicate is a function that indicates whether the given node's conditions meet
// some set of criteria defined by the function.
type NodeConditionPredicate func(node *v1.Node) bool
// NodeListerExpansion allows custom methods to be added to
// NodeLister.
type NodeListerExpansion interface {
ListWithPredicate(predicate NodeConditionPredicate) ([]*v1.Node, error)
}
func (l *nodeLister) ListWithPredicate(predicate NodeConditionPredicate) ([]*v1.Node, error) {
nodes, err := l.List(labels.Everything())
if err != nil {
return nil, err
}
var filtered []*v1.Node
for i := range nodes {
if predicate(nodes[i]) {
filtered = append(filtered, nodes[i])
}
}
return filtered, nil
}

View File

@@ -1,56 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/labels"
)
// ServiceListerExpansion allows custom methods to be added to
// ServiceLister.
type ServiceListerExpansion interface {
GetPodServices(pod *v1.Pod) ([]*v1.Service, error)
}
// ServiceNamespaceListerExpansion allows custom methods to be added to
// ServiceNamespaceLister.
type ServiceNamespaceListerExpansion interface{}
// TODO: Move this back to scheduler as a helper function that takes a Store,
// rather than a method of ServiceLister.
func (s *serviceLister) GetPodServices(pod *v1.Pod) ([]*v1.Service, error) {
allServices, err := s.Services(pod.Namespace).List(labels.Everything())
if err != nil {
return nil, err
}
var services []*v1.Service
for i := range allServices {
service := allServices[i]
if service.Spec.Selector == nil {
// services with nil selectors match nothing, not everything.
continue
}
selector := labels.Set(service.Spec.Selector).AsSelectorPreValidated()
if selector.Matches(labels.Set(pod.Labels)) {
services = append(services, service)
}
}
return services, nil
}

View File

@@ -1,70 +0,0 @@
/*
Copyright 2017 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
"fmt"
extensions "k8s.io/api/extensions/v1beta1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/labels"
)
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface {
GetDeploymentsForReplicaSet(rs *extensions.ReplicaSet) ([]*extensions.Deployment, error)
}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}
// GetDeploymentsForReplicaSet returns a list of Deployments that potentially
// match a ReplicaSet. Only the one specified in the ReplicaSet's ControllerRef
// will actually manage it.
// Returns an error only if no matching Deployments are found.
func (s *deploymentLister) GetDeploymentsForReplicaSet(rs *extensions.ReplicaSet) ([]*extensions.Deployment, error) {
if len(rs.Labels) == 0 {
return nil, fmt.Errorf("no deployments found for ReplicaSet %v because it has no labels", rs.Name)
}
// TODO: MODIFY THIS METHOD so that it checks for the podTemplateSpecHash label
dList, err := s.Deployments(rs.Namespace).List(labels.Everything())
if err != nil {
return nil, err
}
var deployments []*extensions.Deployment
for _, d := range dList {
selector, err := metav1.LabelSelectorAsSelector(d.Spec.Selector)
if err != nil {
return nil, fmt.Errorf("invalid label selector: %v", err)
}
// If a deployment with a nil or empty selector creeps in, it should match nothing, not everything.
if selector.Empty() || !selector.Matches(labels.Set(rs.Labels)) {
continue
}
deployments = append(deployments, d)
}
if len(deployments) == 0 {
return nil, fmt.Errorf("could not find deployments set for ReplicaSet %s in namespace %s with labels: %v", rs.Name, rs.Namespace, rs.Labels)
}
return deployments, nil
}

View File

@@ -18,6 +18,14 @@ limitations under the License.
package v1beta1
// DeploymentListerExpansion allows custom methods to be added to
// DeploymentLister.
type DeploymentListerExpansion interface{}
// DeploymentNamespaceListerExpansion allows custom methods to be added to
// DeploymentNamespaceLister.
type DeploymentNamespaceListerExpansion interface{}
// IngressListerExpansion allows custom methods to be added to
// IngressLister.
type IngressListerExpansion interface{}

View File

@@ -287,7 +287,7 @@ func (ts *azureTokenSource) refreshToken(token *azureToken) (*azureToken, error)
return nil, err
}
oauthConfig, err := adal.NewOAuthConfig(env.ActiveDirectoryEndpoint, token.tenantID)
oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(env.ActiveDirectoryEndpoint, token.tenantID, nil)
if err != nil {
return nil, fmt.Errorf("building the OAuth configuration for token refresh: %v", err)
}
@@ -344,7 +344,7 @@ func newAzureTokenSourceDeviceCode(environment azure.Environment, clientID strin
}
func (ts *azureTokenSourceDeviceCode) Token() (*azureToken, error) {
oauthConfig, err := adal.NewOAuthConfig(ts.environment.ActiveDirectoryEndpoint, ts.tenantID)
oauthConfig, err := adal.NewOAuthConfigWithAPIVersion(ts.environment.ActiveDirectoryEndpoint, ts.tenantID, nil)
if err != nil {
return nil, fmt.Errorf("building the OAuth configuration for device code authentication: %v", err)
}

View File

@@ -20,6 +20,7 @@ import (
"bytes"
"context"
"crypto/tls"
"crypto/x509"
"errors"
"fmt"
"io"
@@ -42,6 +43,7 @@ import (
"k8s.io/client-go/pkg/apis/clientauthentication/v1alpha1"
"k8s.io/client-go/pkg/apis/clientauthentication/v1beta1"
"k8s.io/client-go/tools/clientcmd/api"
"k8s.io/client-go/tools/metrics"
"k8s.io/client-go/transport"
"k8s.io/client-go/util/connrotation"
"k8s.io/klog"
@@ -260,6 +262,7 @@ func (a *Authenticator) cert() (*tls.Certificate, error) {
func (a *Authenticator) getCreds() (*credentials, error) {
a.mu.Lock()
defer a.mu.Unlock()
if a.cachedCreds != nil && !a.credsExpired() {
return a.cachedCreds, nil
}
@@ -267,6 +270,7 @@ func (a *Authenticator) getCreds() (*credentials, error) {
if err := a.refreshCredsLocked(nil); err != nil {
return nil, err
}
return a.cachedCreds, nil
}
@@ -355,6 +359,17 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
if err != nil {
return fmt.Errorf("failed parsing client key/certificate: %v", err)
}
// Leaf is initialized to be nil:
// https://golang.org/pkg/crypto/tls/#X509KeyPair
// Leaf certificate is the first certificate:
// https://golang.org/pkg/crypto/tls/#Certificate
// Populating leaf is useful for quickly accessing the underlying x509
// certificate values.
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return fmt.Errorf("failed parsing client leaf certificate: %v", err)
}
newCreds.cert = &cert
}
@@ -362,10 +377,20 @@ func (a *Authenticator) refreshCredsLocked(r *clientauthentication.Response) err
a.cachedCreds = newCreds
// Only close all connections when TLS cert rotates. Token rotation doesn't
// need the extra noise.
if len(a.onRotateList) > 0 && oldCreds != nil && !reflect.DeepEqual(oldCreds.cert, a.cachedCreds.cert) {
if oldCreds != nil && !reflect.DeepEqual(oldCreds.cert, a.cachedCreds.cert) {
// Can be nil if the exec auth plugin only returned token auth.
if oldCreds.cert != nil && oldCreds.cert.Leaf != nil {
metrics.ClientCertRotationAge.Observe(time.Now().Sub(oldCreds.cert.Leaf.NotBefore))
}
for _, onRotate := range a.onRotateList {
onRotate()
}
}
expiry := time.Time{}
if a.cachedCreds.cert != nil && a.cachedCreds.cert.Leaf != nil {
expiry = a.cachedCreds.cert.Leaf.NotAfter
}
expirationMetrics.set(a, expiry)
return nil
}

View File

@@ -97,6 +97,10 @@ func init() {
if err != nil {
panic(err)
}
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
panic(err)
}
validCert = &cert
}
@@ -760,7 +764,7 @@ func TestConcurrentUpdateTransportConfig(t *testing.T) {
}
// genClientCert generates an x509 certificate for testing. Certificate and key
// are returned in PEM encoding.
// are returned in PEM encoding. The generated cert expires in 24 hours.
func genClientCert(t *testing.T) ([]byte, []byte) {
key, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {

View File

@@ -0,0 +1,60 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package exec
import (
"sync"
"time"
"k8s.io/client-go/tools/metrics"
)
type certificateExpirationTracker struct {
mu sync.RWMutex
m map[*Authenticator]time.Time
metricSet func(*time.Time)
}
var expirationMetrics = &certificateExpirationTracker{
m: map[*Authenticator]time.Time{},
metricSet: func(e *time.Time) {
metrics.ClientCertExpiry.Set(e)
},
}
// set stores the given expiration time and updates the updates the certificate
// expiry metric to the earliest expiration time.
func (c *certificateExpirationTracker) set(a *Authenticator, t time.Time) {
c.mu.Lock()
defer c.mu.Unlock()
c.m[a] = t
earliest := time.Time{}
for _, t := range c.m {
if t.IsZero() {
continue
}
if earliest.IsZero() || earliest.After(t) {
earliest = t
}
}
if earliest.IsZero() {
c.metricSet(nil)
} else {
c.metricSet(&earliest)
}
}

View File

@@ -0,0 +1,96 @@
/*
Copyright 2018 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package exec
import (
"testing"
"time"
)
type mockExpiryGauge struct {
v *time.Time
}
func (m *mockExpiryGauge) Set(t *time.Time) {
m.v = t
}
func ptr(t time.Time) *time.Time {
return &t
}
func TestCertificateExpirationTracker(t *testing.T) {
now := time.Now()
mockMetric := &mockExpiryGauge{}
tracker := &certificateExpirationTracker{
m: map[*Authenticator]time.Time{},
metricSet: mockMetric.Set,
}
firstAuthenticator := &Authenticator{}
secondAuthenticator := &Authenticator{}
for _, tc := range []struct {
desc string
auth *Authenticator
time time.Time
want *time.Time
}{
{
desc: "ttl for one authenticator",
auth: firstAuthenticator,
time: now.Add(time.Minute * 10),
want: ptr(now.Add(time.Minute * 10)),
},
{
desc: "second authenticator shorter ttl",
auth: secondAuthenticator,
time: now.Add(time.Minute * 5),
want: ptr(now.Add(time.Minute * 5)),
},
{
desc: "update shorter to be longer",
auth: secondAuthenticator,
time: now.Add(time.Minute * 15),
want: ptr(now.Add(time.Minute * 10)),
},
{
desc: "update shorter to be zero time",
auth: firstAuthenticator,
time: time.Time{},
want: ptr(now.Add(time.Minute * 15)),
},
{
desc: "update last to be zero time records nil",
auth: secondAuthenticator,
time: time.Time{},
want: nil,
},
} {
// Must run in series as the tests build off each other.
t.Run(tc.desc, func(t *testing.T) {
tracker.set(tc.auth, tc.time)
if mockMetric.v != nil && tc.want != nil {
if !mockMetric.v.Equal(*tc.want) {
t.Errorf("got: %s; want: %s", mockMetric.v, tc.want)
}
} else if mockMetric.v != tc.want {
t.Errorf("got: %s; want: %s", mockMetric.v, tc.want)
}
})
}
}

View File

@@ -76,24 +76,25 @@ func newClientCache() *clientCache {
}
type cacheKey struct {
clusterAddress string
// Canonical issuer URL string of the provider.
issuerURL string
clientID string
}
func (c *clientCache) getClient(issuer, clientID string) (*oidcAuthProvider, bool) {
func (c *clientCache) getClient(clusterAddress, issuer, clientID string) (*oidcAuthProvider, bool) {
c.mu.RLock()
defer c.mu.RUnlock()
client, ok := c.cache[cacheKey{issuer, clientID}]
client, ok := c.cache[cacheKey{clusterAddress: clusterAddress, issuerURL: issuer, clientID: clientID}]
return client, ok
}
// setClient attempts to put the client in the cache but may return any clients
// with the same keys set before. This is so there's only ever one client for a provider.
func (c *clientCache) setClient(issuer, clientID string, client *oidcAuthProvider) *oidcAuthProvider {
func (c *clientCache) setClient(clusterAddress, issuer, clientID string, client *oidcAuthProvider) *oidcAuthProvider {
c.mu.Lock()
defer c.mu.Unlock()
key := cacheKey{issuer, clientID}
key := cacheKey{clusterAddress: clusterAddress, issuerURL: issuer, clientID: clientID}
// If another client has already initialized a client for the given provider we want
// to use that client instead of the one we're trying to set. This is so all transports
@@ -107,7 +108,7 @@ func (c *clientCache) setClient(issuer, clientID string, client *oidcAuthProvide
return client
}
func newOIDCAuthProvider(_ string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
func newOIDCAuthProvider(clusterAddress string, cfg map[string]string, persister restclient.AuthProviderConfigPersister) (restclient.AuthProvider, error) {
issuer := cfg[cfgIssuerUrl]
if issuer == "" {
return nil, fmt.Errorf("Must provide %s", cfgIssuerUrl)
@@ -119,7 +120,7 @@ func newOIDCAuthProvider(_ string, cfg map[string]string, persister restclient.A
}
// Check cache for existing provider.
if provider, ok := cache.getClient(issuer, clientID); ok {
if provider, ok := cache.getClient(clusterAddress, issuer, clientID); ok {
return provider, nil
}
@@ -157,7 +158,7 @@ func newOIDCAuthProvider(_ string, cfg map[string]string, persister restclient.A
persister: persister,
}
return cache.setClient(issuer, clientID, provider), nil
return cache.setClient(clusterAddress, issuer, clientID, provider), nil
}
type oidcAuthProvider struct {

View File

@@ -119,20 +119,40 @@ func TestExpired(t *testing.T) {
func TestClientCache(t *testing.T) {
cache := newClientCache()
if _, ok := cache.getClient("issuer1", "id1"); ok {
if _, ok := cache.getClient("cluster1", "issuer1", "id1"); ok {
t.Fatalf("got client before putting one in the cache")
}
assertCacheLen(t, cache, 0)
cli1 := new(oidcAuthProvider)
cli2 := new(oidcAuthProvider)
cli3 := new(oidcAuthProvider)
gotcli := cache.setClient("issuer1", "id1", cli1)
gotcli := cache.setClient("cluster1", "issuer1", "id1", cli1)
if cli1 != gotcli {
t.Fatalf("set first client and got a different one")
}
assertCacheLen(t, cache, 1)
gotcli = cache.setClient("issuer1", "id1", cli2)
gotcli = cache.setClient("cluster1", "issuer1", "id1", cli2)
if cli1 != gotcli {
t.Fatalf("set a second client and didn't get the first")
}
assertCacheLen(t, cache, 1)
gotcli = cache.setClient("cluster2", "issuer1", "id1", cli3)
if cli1 == gotcli {
t.Fatalf("set a third client and got the first")
}
if cli3 != gotcli {
t.Fatalf("set third client and got a different one")
}
assertCacheLen(t, cache, 2)
}
func assertCacheLen(t *testing.T, cache *clientCache, length int) {
t.Helper()
if len(cache.cache) != length {
t.Errorf("expected cache length %d got %d", length, len(cache.cache))
}
}

View File

@@ -562,7 +562,7 @@ func (r *Request) tryThrottle() error {
}
if latency := time.Since(now); latency > longThrottleLatency {
klog.V(4).Infof("Throttling request took %v, request: %s:%s", latency, r.verb, r.URL().String())
klog.V(3).Infof("Throttling request took %v, request: %s:%s", latency, r.verb, r.URL().String())
}
return err
@@ -806,19 +806,24 @@ func (r *Request) request(fn func(*http.Request, *http.Response)) error {
r.backoff.UpdateBackoff(r.URL(), err, resp.StatusCode)
}
if err != nil {
// "Connection reset by peer" is usually a transient error.
// "Connection reset by peer", "Connection refused" or "apiserver is shutting down" are usually a transient errors.
// Thus in case of "GET" operations, we simply retry it.
// We are not automatically retrying "write" operations, as
// they are not idempotent.
if !net.IsConnectionReset(err) || r.verb != "GET" {
if r.verb != "GET" {
return err
}
// For the purpose of retry, we set the artificial "retry-after" response.
// TODO: Should we clean the original response if it exists?
resp = &http.Response{
StatusCode: http.StatusInternalServerError,
Header: http.Header{"Retry-After": []string{"1"}},
Body: ioutil.NopCloser(bytes.NewReader([]byte{})),
// For connection errors and apiserver shutdown errors retry.
if net.IsConnectionReset(err) || net.IsConnectionRefused(err) {
// For the purpose of retry, we set the artificial "retry-after" response.
// TODO: Should we clean the original response if it exists?
resp = &http.Response{
StatusCode: http.StatusInternalServerError,
Header: http.Header{"Retry-After": []string{"1"}},
Body: ioutil.NopCloser(bytes.NewReader([]byte{})),
}
} else {
return err
}
}

View File

@@ -26,7 +26,16 @@ import (
"k8s.io/apimachinery/pkg/util/wait"
)
// Config contains all the settings for a Controller.
// This file implements a low-level controller that is used in
// sharedIndexInformer, which is an implementation of
// SharedIndexInformer. Such informers, in turn, are key components
// in the high level controllers that form the backbone of the
// Kubernetes control plane. Look at those for examples, or the
// example in
// https://github.com/kubernetes/client-go/tree/master/examples/workqueue
// .
// Config contains all the settings for one of these low-level controllers.
type Config struct {
// The queue for your objects - has to be a DeltaFIFO due to
// assumptions in the implementation. Your Process() function
@@ -36,30 +45,29 @@ type Config struct {
// Something that can list and watch your objects.
ListerWatcher
// Something that can process your objects.
// Something that can process a popped Deltas.
Process ProcessFunc
// The type of your objects.
// ObjectType is an example object of the type this controller is
// expected to handle. Only the type needs to be right, except
// that when that is `unstructured.Unstructured` the object's
// `"apiVersion"` and `"kind"` must also be right.
ObjectType runtime.Object
// Reprocess everything at least this often.
// Note that if it takes longer for you to clear the queue than this
// period, you will end up processing items in the order determined
// by FIFO.Replace(). Currently, this is random. If this is a
// problem, we can change that replacement policy to append new
// things to the end of the queue instead of replacing the entire
// queue.
// FullResyncPeriod is the period at which ShouldResync is considered.
FullResyncPeriod time.Duration
// ShouldResync, if specified, is invoked when the controller's reflector determines the next
// periodic sync should occur. If this returns true, it means the reflector should proceed with
// the resync.
// ShouldResync is periodically used by the reflector to determine
// whether to Resync the Queue. If ShouldResync is `nil` or
// returns true, it means the reflector should proceed with the
// resync.
ShouldResync ShouldResyncFunc
// If true, when Process() returns an error, re-enqueue the object.
// TODO: add interface to let you inject a delay/backoff or drop
// the object completely if desired. Pass the object in
// question to this interface as a parameter.
// question to this interface as a parameter. This is probably moot
// now that this functionality appears at a higher level.
RetryOnError bool
}
@@ -71,7 +79,7 @@ type ShouldResyncFunc func() bool
// ProcessFunc processes a single object.
type ProcessFunc func(obj interface{}) error
// Controller is a generic controller framework.
// `*controller` implements Controller
type controller struct {
config Config
reflector *Reflector
@@ -79,10 +87,22 @@ type controller struct {
clock clock.Clock
}
// Controller is a generic controller framework.
// Controller is a low-level controller that is parameterized by a
// Config and used in sharedIndexInformer.
type Controller interface {
// Run does two things. One is to construct and run a Reflector
// to pump objects/notifications from the Config's ListerWatcher
// to the Config's Queue and possibly invoke the occasional Resync
// on that Queue. The other is to repeatedly Pop from the Queue
// and process with the Config's ProcessFunc. Both of these
// continue until `stopCh` is closed.
Run(stopCh <-chan struct{})
// HasSynced delegates to the Config's Queue
HasSynced() bool
// LastSyncResourceVersion delegates to the Reflector when there
// is one, otherwise returns the empty string
LastSyncResourceVersion() string
}
@@ -95,7 +115,7 @@ func New(c *Config) Controller {
return ctlr
}
// Run begins processing items, and will continue until a value is sent down stopCh.
// Run begins processing items, and will continue until a value is sent down stopCh or it is closed.
// It's an error to call Run more than once.
// Run blocks; call via go.
func (c *controller) Run(stopCh <-chan struct{}) {

View File

@@ -26,15 +26,15 @@ import (
"k8s.io/klog"
)
// NewDeltaFIFO returns a Store which can be used process changes to items.
// NewDeltaFIFO returns a Queue which can be used to process changes to items.
//
// keyFunc is used to figure out what key an object should have. (It's
// keyFunc is used to figure out what key an object should have. (It is
// exposed in the returned DeltaFIFO's KeyOf() method, with bonus features.)
//
// 'keyLister' is expected to return a list of keys that the consumer of
// this queue "knows about". It is used to decide which items are missing
// when Replace() is called; 'Deleted' deltas are produced for these items.
// It may be nil if you don't need to detect all deletions.
// 'knownObjects' may be supplied to modify the behavior of Delete,
// Replace, and Resync. It may be nil if you do not need those
// modifications.
//
// TODO: consider merging keyLister with this object, tracking a list of
// "known" keys when Pop() is called. Have to think about how that
// affects error retrying.
@@ -67,7 +67,18 @@ func NewDeltaFIFO(keyFunc KeyFunc, knownObjects KeyListerGetter) *DeltaFIFO {
return f
}
// DeltaFIFO is like FIFO, but allows you to process deletes.
// DeltaFIFO is like FIFO, but differs in two ways. One is that the
// accumulator associated with a given object's key is not that object
// but rather a Deltas, which is a slice of Delta values for that
// object. Applying an object to a Deltas means to append a Delta
// except when the potentially appended Delta is a Deleted and the
// Deltas already ends with a Deleted. In that case the Deltas does
// not grow, although the terminal Deleted will be replaced by the new
// Deleted if the older Deleted's object is a
// DeletedFinalStateUnknown.
//
// The other difference is that DeltaFIFO has an additional way that
// an object can be applied to an accumulator, called Sync.
//
// DeltaFIFO is a producer-consumer queue, where a Reflector is
// intended to be the producer, and the consumer is whatever calls
@@ -77,22 +88,22 @@ func NewDeltaFIFO(keyFunc KeyFunc, knownObjects KeyListerGetter) *DeltaFIFO {
// * You want to process every object change (delta) at most once.
// * When you process an object, you want to see everything
// that's happened to it since you last processed it.
// * You want to process the deletion of objects.
// * You want to process the deletion of some of the objects.
// * You might want to periodically reprocess objects.
//
// DeltaFIFO's Pop(), Get(), and GetByKey() methods return
// interface{} to satisfy the Store/Queue interfaces, but it
// interface{} to satisfy the Store/Queue interfaces, but they
// will always return an object of type Deltas.
//
// A DeltaFIFO's knownObjects KeyListerGetter provides the abilities
// to list Store keys and to get objects by Store key. The objects in
// question are called "known objects" and this set of objects
// modifies the behavior of the Delete, Replace, and Resync methods
// (each in a different way).
//
// A note on threading: If you call Pop() in parallel from multiple
// threads, you could end up with multiple threads processing slightly
// different versions of the same object.
//
// A note on the KeyLister used by the DeltaFIFO: It's main purpose is
// to list keys that are "known", for the purpose of figuring out which
// items have been deleted when Replace() or Delete() are called. The deleted
// object will be included in the DeleteFinalStateUnknown markers. These objects
// could be stale.
type DeltaFIFO struct {
// lock/cond protects access to 'items' and 'queue'.
lock sync.RWMutex
@@ -114,9 +125,8 @@ type DeltaFIFO struct {
// insertion and retrieval, and should be deterministic.
keyFunc KeyFunc
// knownObjects list keys that are "known", for the
// purpose of figuring out which items have been deleted
// when Replace() or Delete() is called.
// knownObjects list keys that are "known" --- affecting Delete(),
// Replace(), and Resync()
knownObjects KeyListerGetter
// Indication the queue is closed.
@@ -185,9 +195,11 @@ func (f *DeltaFIFO) Update(obj interface{}) error {
return f.queueActionLocked(Updated, obj)
}
// Delete is just like Add, but makes an Deleted Delta. If the item does not
// already exist, it will be ignored. (It may have already been deleted by a
// Replace (re-list), for example.
// Delete is just like Add, but makes a Deleted Delta. If the given
// object does not already exist, it will be ignored. (It may have
// already been deleted by a Replace (re-list), for example.) In this
// method `f.knownObjects`, if not nil, provides (via GetByKey)
// _additional_ objects that are considered to already exist.
func (f *DeltaFIFO) Delete(obj interface{}) error {
id, err := f.KeyOf(obj)
if err != nil {
@@ -313,6 +325,9 @@ func (f *DeltaFIFO) queueActionLocked(actionType DeltaType, obj interface{}) err
f.items[id] = newDeltas
f.cond.Broadcast()
} else {
// This never happens, because dedupDeltas never returns an empty list
// when given a non-empty list (as it is here).
// But if somehow it ever does return an empty list, then
// We need to remove this from our map (extra items in the queue are
// ignored if they are not in the map).
delete(f.items, id)
@@ -430,10 +445,16 @@ func (f *DeltaFIFO) Pop(process PopProcessFunc) (interface{}, error) {
}
}
// Replace will delete the contents of 'f', using instead the given map.
// 'f' takes ownership of the map, you should not reference the map again
// after calling this function. f's queue is reset, too; upon return, it
// will contain the items in the map, in no particular order.
// Replace atomically does two things: (1) it adds the given objects
// using the Sync type of Delta and then (2) it does some deletions.
// In particular: for every pre-existing key K that is not the key of
// an object in `list` there is the effect of
// `Delete(DeletedFinalStateUnknown{K, O})` where O is current object
// of K. If `f.knownObjects == nil` then the pre-existing keys are
// those in `f.items` and the current object of K is the `.Newest()`
// of the Deltas associated with K. Otherwise the pre-existing keys
// are those listed by `f.knownObjects` and the current object of K is
// what `f.knownObjects.GetByKey(K)` returns.
func (f *DeltaFIFO) Replace(list []interface{}, resourceVersion string) error {
f.lock.Lock()
defer f.lock.Unlock()
@@ -507,7 +528,9 @@ func (f *DeltaFIFO) Replace(list []interface{}, resourceVersion string) error {
return nil
}
// Resync will send a sync event for each item
// Resync adds, with a Sync type of Delta, every object listed by
// `f.knownObjects` whose key is not already queued for processing.
// If `f.knownObjects` is `nil` then Resync does nothing.
func (f *DeltaFIFO) Resync() error {
f.lock.Lock()
defer f.lock.Unlock()

View File

@@ -28,11 +28,15 @@ func testPop(f *DeltaFIFO) testFifoObject {
return Pop(f).(Deltas).Newest().Object.(testFifoObject)
}
// keyLookupFunc adapts a raw function to be a KeyLookup.
type keyLookupFunc func() []testFifoObject
// literalListerGetter is a KeyListerGetter that is based on a
// function that returns a slice of objects to list and get.
// The function must list the same objects every time.
type literalListerGetter func() []testFifoObject
var _ KeyListerGetter = literalListerGetter(nil)
// ListKeys just calls kl.
func (kl keyLookupFunc) ListKeys() []string {
func (kl literalListerGetter) ListKeys() []string {
result := []string{}
for _, fifoObj := range kl() {
result = append(result, fifoObj.name)
@@ -41,7 +45,7 @@ func (kl keyLookupFunc) ListKeys() []string {
}
// GetByKey returns the key if it exists in the list returned by kl.
func (kl keyLookupFunc) GetByKey(key string) (interface{}, bool, error) {
func (kl literalListerGetter) GetByKey(key string) (interface{}, bool, error) {
for _, v := range kl() {
if v.name == key {
return v, true, nil
@@ -95,7 +99,7 @@ func TestDeltaFIFO_replaceWithDeleteDeltaIn(t *testing.T) {
oldObj := mkFifoObj("foo", 1)
newObj := mkFifoObj("foo", 2)
f := NewDeltaFIFO(testFifoObjectKeyFunc, keyLookupFunc(func() []testFifoObject {
f := NewDeltaFIFO(testFifoObjectKeyFunc, literalListerGetter(func() []testFifoObject {
return []testFifoObject{oldObj}
}))
@@ -218,7 +222,7 @@ func TestDeltaFIFO_enqueueingNoLister(t *testing.T) {
func TestDeltaFIFO_enqueueingWithLister(t *testing.T) {
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5), mkFifoObj("bar", 6), mkFifoObj("baz", 7)}
}),
)
@@ -268,7 +272,7 @@ func TestDeltaFIFO_addReplace(t *testing.T) {
func TestDeltaFIFO_ResyncNonExisting(t *testing.T) {
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5)}
}),
)
@@ -287,7 +291,7 @@ func TestDeltaFIFO_ResyncNonExisting(t *testing.T) {
func TestDeltaFIFO_DeleteExistingNonPropagated(t *testing.T) {
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{}
}),
)
@@ -304,9 +308,13 @@ func TestDeltaFIFO_DeleteExistingNonPropagated(t *testing.T) {
}
func TestDeltaFIFO_ReplaceMakesDeletions(t *testing.T) {
// We test with only one pre-existing object because there is no
// promise about how their deletes are ordered.
// Try it with a pre-existing Delete
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5), mkFifoObj("bar", 6), mkFifoObj("baz", 7)}
}),
)
@@ -327,12 +335,59 @@ func TestDeltaFIFO_ReplaceMakesDeletions(t *testing.T) {
t.Errorf("Expected %#v, got %#v", e, a)
}
}
// Now try starting with an Add instead of a Delete
f = NewDeltaFIFO(
testFifoObjectKeyFunc,
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5), mkFifoObj("bar", 6), mkFifoObj("baz", 7)}
}),
)
f.Add(mkFifoObj("baz", 10))
f.Replace([]interface{}{mkFifoObj("foo", 5)}, "0")
expectedList = []Deltas{
{{Added, mkFifoObj("baz", 10)},
{Deleted, DeletedFinalStateUnknown{Key: "baz", Obj: mkFifoObj("baz", 7)}}},
{{Sync, mkFifoObj("foo", 5)}},
// Since "bar" didn't have a delete event and wasn't in the Replace list
// it should get a tombstone key with the right Obj.
{{Deleted, DeletedFinalStateUnknown{Key: "bar", Obj: mkFifoObj("bar", 6)}}},
}
for _, expected := range expectedList {
cur := Pop(f).(Deltas)
if e, a := expected, cur; !reflect.DeepEqual(e, a) {
t.Errorf("Expected %#v, got %#v", e, a)
}
}
// Now try starting without an explicit KeyListerGetter
f = NewDeltaFIFO(
testFifoObjectKeyFunc,
nil,
)
f.Add(mkFifoObj("baz", 10))
f.Replace([]interface{}{mkFifoObj("foo", 5)}, "0")
expectedList = []Deltas{
{{Added, mkFifoObj("baz", 10)},
{Deleted, DeletedFinalStateUnknown{Key: "baz", Obj: mkFifoObj("baz", 10)}}},
{{Sync, mkFifoObj("foo", 5)}},
}
for _, expected := range expectedList {
cur := Pop(f).(Deltas)
if e, a := expected, cur; !reflect.DeepEqual(e, a) {
t.Errorf("Expected %#v, got %#v", e, a)
}
}
}
func TestDeltaFIFO_UpdateResyncRace(t *testing.T) {
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5)}
}),
)
@@ -354,7 +409,7 @@ func TestDeltaFIFO_UpdateResyncRace(t *testing.T) {
func TestDeltaFIFO_HasSyncedCorrectOnDeletion(t *testing.T) {
f := NewDeltaFIFO(
testFifoObjectKeyFunc,
keyLookupFunc(func() []testFifoObject {
literalListerGetter(func() []testFifoObject {
return []testFifoObject{mkFifoObj("foo", 5), mkFifoObj("bar", 6), mkFifoObj("baz", 7)}
}),
)

View File

@@ -194,9 +194,9 @@ func (c *ExpirationCache) Replace(list []interface{}, resourceVersion string) er
return nil
}
// Resync will touch all objects to put them into the processing queue
// Resync is a no-op for one of these
func (c *ExpirationCache) Resync() error {
return c.cacheStorage.Resync()
return nil
}
// NewTTLStore creates and returns a ExpirationCache with a TTLPolicy

56
tools/cache/fifo.go vendored
View File

@@ -24,7 +24,7 @@ import (
)
// PopProcessFunc is passed to Pop() method of Queue interface.
// It is supposed to process the element popped from the queue.
// It is supposed to process the accumulator popped from the queue.
type PopProcessFunc func(interface{}) error
// ErrRequeue may be returned by a PopProcessFunc to safely requeue
@@ -44,26 +44,38 @@ func (e ErrRequeue) Error() string {
return e.Err.Error()
}
// Queue is exactly like a Store, but has a Pop() method too.
// Queue extends Store with a collection of Store keys to "process".
// Every Add, Update, or Delete may put the object's key in that collection.
// A Queue has a way to derive the corresponding key given an accumulator.
// A Queue can be accessed concurrently from multiple goroutines.
// A Queue can be "closed", after which Pop operations return an error.
type Queue interface {
Store
// Pop blocks until it has something to process.
// It returns the object that was process and the result of processing.
// The PopProcessFunc may return an ErrRequeue{...} to indicate the item
// should be requeued before releasing the lock on the queue.
// Pop blocks until there is at least one key to process or the
// Queue is closed. In the latter case Pop returns with an error.
// In the former case Pop atomically picks one key to process,
// removes that (key, accumulator) association from the Store, and
// processes the accumulator. Pop returns the accumulator that
// was processed and the result of processing. The PopProcessFunc
// may return an ErrRequeue{inner} and in this case Pop will (a)
// return that (key, accumulator) association to the Queue as part
// of the atomic processing and (b) return the inner error from
// Pop.
Pop(PopProcessFunc) (interface{}, error)
// AddIfNotPresent adds a value previously
// returned by Pop back into the queue as long
// as nothing else (presumably more recent)
// has since been added.
// AddIfNotPresent puts the given accumulator into the Queue (in
// association with the accumulator's key) if and only if that key
// is not already associated with a non-empty accumulator.
AddIfNotPresent(interface{}) error
// HasSynced returns true if the first batch of items has been popped
// HasSynced returns true if the first batch of keys have all been
// popped. The first batch of keys are those of the first Replace
// operation if that happened before any Add, Update, or Delete;
// otherwise the first batch is empty.
HasSynced() bool
// Close queue
// Close the queue
Close()
}
@@ -79,11 +91,16 @@ func Pop(queue Queue) interface{} {
return result
}
// FIFO receives adds and updates from a Reflector, and puts them in a queue for
// FIFO order processing. If multiple adds/updates of a single item happen while
// an item is in the queue before it has been processed, it will only be
// processed once, and when it is processed, the most recent version will be
// processed. This can't be done with a channel.
// FIFO is a Queue in which (a) each accumulator is simply the most
// recently provided object and (b) the collection of keys to process
// is a FIFO. The accumulators all start out empty, and deleting an
// object from its accumulator empties the accumulator. The Resync
// operation is a no-op.
//
// Thus: if multiple adds/updates of a single object happen while that
// object's key is in the queue before it has been processed then it
// will only be processed once, and when it is processed the most
// recent version will be processed. This can't be done with a channel
//
// FIFO solves this use case:
// * You want to process every object (exactly) once.
@@ -94,7 +111,7 @@ func Pop(queue Queue) interface{} {
type FIFO struct {
lock sync.RWMutex
cond sync.Cond
// We depend on the property that items in the set are in the queue and vice versa.
// We depend on the property that every key in `items` is also in `queue`
items map[string]interface{}
queue []string
@@ -326,7 +343,8 @@ func (f *FIFO) Replace(list []interface{}, resourceVersion string) error {
return nil
}
// Resync will touch all objects to put them into the processing queue
// Resync will ensure that every object in the Store has its key in the queue.
// This should be a no-op, because that property is maintained by all operations.
func (f *FIFO) Resync() error {
f.lock.Lock()
defer f.lock.Unlock()

15
tools/cache/index.go vendored
View File

@@ -23,12 +23,15 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
)
// Indexer is a storage interface that lets you list objects using multiple indexing functions.
// There are three kinds of strings here.
// One is a storage key, as defined in the Store interface.
// Another kind is a name of an index.
// The third kind of string is an "indexed value", which is produced by an
// IndexFunc and can be a field value or any other string computed from the object.
// Indexer extends Store with multiple indices and restricts each
// accumulator to simply hold the current object (and be empty after
// Delete).
//
// There are three kinds of strings here:
// 1. a storage key, as defined in the Store interface,
// 2. a name of an index, and
// 3. an "indexed value", which is produced by an IndexFunc and
// can be a field value or any other string computed from the object.
type Indexer interface {
Store
// Index returns the stored objects whose set of indexed values

View File

@@ -17,14 +17,11 @@ limitations under the License.
package cache
import (
"context"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/fields"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/watch"
restclient "k8s.io/client-go/rest"
"k8s.io/client-go/tools/pager"
)
// Lister is any object that knows how to perform an initial list.
@@ -102,9 +99,8 @@ func NewFilteredListWatchFromClient(c Getter, resource string, namespace string,
// List a set of apiserver resources
func (lw *ListWatch) List(options metav1.ListOptions) (runtime.Object, error) {
if !lw.DisableChunking {
return pager.New(pager.SimplePageFunc(lw.ListFunc)).List(context.TODO(), options)
}
// ListWatch is used in Reflector, which already supports pagination.
// Don't paginate here to avoid duplication.
return lw.ListFunc(options)
}

View File

@@ -36,9 +36,12 @@ func init() {
mutationDetectionEnabled, _ = strconv.ParseBool(os.Getenv("KUBE_CACHE_MUTATION_DETECTOR"))
}
// MutationDetector is able to monitor if the object be modified outside.
// MutationDetector is able to monitor objects for mutation within a limited window of time
type MutationDetector interface {
// AddObject adds the given object to the set being monitored for a while from now
AddObject(obj interface{})
// Run starts the monitoring and does not return until the monitoring is stopped.
Run(stopCh <-chan struct{})
}
@@ -48,7 +51,7 @@ func NewCacheMutationDetector(name string) MutationDetector {
return dummyMutationDetector{}
}
klog.Warningln("Mutation detector is enabled, this will result in memory leakage.")
return &defaultCacheMutationDetector{name: name, period: 1 * time.Second}
return &defaultCacheMutationDetector{name: name, period: 1 * time.Second, retainDuration: 2 * time.Minute}
}
type dummyMutationDetector struct{}
@@ -68,6 +71,10 @@ type defaultCacheMutationDetector struct {
lock sync.Mutex
cachedObjs []cacheObj
retainDuration time.Duration
lastRotated time.Time
retainedCachedObjs []cacheObj
// failureFunc is injectable for unit testing. If you don't have it, the process will panic.
// This panic is intentional, since turning on this detection indicates you want a strong
// failure signal. This failure is effectively a p0 bug and you can't trust process results
@@ -84,6 +91,14 @@ type cacheObj struct {
func (d *defaultCacheMutationDetector) Run(stopCh <-chan struct{}) {
// we DON'T want protection from panics. If we're running this code, we want to die
for {
if d.lastRotated.IsZero() {
d.lastRotated = time.Now()
} else if time.Now().Sub(d.lastRotated) > d.retainDuration {
d.retainedCachedObjs = d.cachedObjs
d.cachedObjs = nil
d.lastRotated = time.Now()
}
d.CompareObjects()
select {
@@ -120,6 +135,12 @@ func (d *defaultCacheMutationDetector) CompareObjects() {
altered = true
}
}
for i, obj := range d.retainedCachedObjs {
if !reflect.DeepEqual(obj.cached, obj.copied) {
fmt.Printf("CACHE %s[%d] ALTERED!\n%v\n", d.name, i, diff.ObjectGoPrintSideBySide(obj.cached, obj.copied))
altered = true
}
}
if altered {
msg := fmt.Sprintf("cache %s modified", d.name)

View File

@@ -26,7 +26,7 @@ import (
"sync"
"time"
apierrs "k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/api/meta"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
@@ -55,7 +55,10 @@ type Reflector struct {
// stringification of expectedType otherwise. It is for display
// only, and should not be used for parsing or comparison.
expectedTypeName string
// The type of object we expect to place in the store.
// An example object of the type we expect to place in the store.
// Only the type needs to be right, except that when that is
// `unstructured.Unstructured` the object's `"apiVersion"` and
// `"kind"` must also be right.
expectedType reflect.Type
// The GVK of the object we expect to place in the store if unstructured.
expectedGVK *schema.GroupVersionKind
@@ -63,10 +66,12 @@ type Reflector struct {
store Store
// listerWatcher is used to perform lists and watches.
listerWatcher ListerWatcher
// period controls timing between one watch ending and
// the beginning of the next one.
period time.Duration
// period controls timing between an unsuccessful watch ending and
// the beginning of the next list.
period time.Duration
// The period at which ShouldResync is invoked
resyncPeriod time.Duration
// ShouldResync is invoked periodically and whenever it returns `true` the Store's Resync operation is invoked
ShouldResync func() bool
// clock allows tests to manipulate time
clock clock.Clock
@@ -98,12 +103,16 @@ func NewNamespaceKeyedIndexerAndReflector(lw ListerWatcher, expectedType interfa
return indexer, reflector
}
// NewReflector creates a new Reflector object which will keep the given store up to
// date with the server's contents for the given resource. Reflector promises to
// only put things in the store that have the type of expectedType, unless expectedType
// is nil. If resyncPeriod is non-zero, then lists will be executed after every
// resyncPeriod, so that you can use reflectors to periodically process everything as
// well as incrementally processing the things that change.
// NewReflector creates a new Reflector object which will keep the
// given store up to date with the server's contents for the given
// resource. Reflector promises to only put things in the store that
// have the type of expectedType, unless expectedType is nil. If
// resyncPeriod is non-zero, then the reflector will periodically
// consult its ShouldResync function to determine whether to invoke
// the Store's Resync operation; `ShouldResync==nil` means always
// "yes". This enables you to use reflectors to periodically process
// everything as well as incrementally processing the things that
// change.
func NewReflector(lw ListerWatcher, expectedType interface{}, store Store, resyncPeriod time.Duration) *Reflector {
return NewNamedReflector(naming.GetNameFromCallsite(internalPackages...), lw, expectedType, store, resyncPeriod)
}
@@ -147,7 +156,8 @@ func (r *Reflector) setExpectedType(expectedType interface{}) {
// call chains to NewReflector, so they'd be low entropy names for reflectors
var internalPackages = []string{"client-go/tools/cache/"}
// Run starts a watch and handles watch events. Will restart the watch if it is closed.
// Run repeatedly uses the reflector's ListAndWatch to fetch all the
// objects and subsequent deltas.
// Run will exit when stopCh is closed.
func (r *Reflector) Run(stopCh <-chan struct{}) {
klog.V(3).Infof("Starting reflector %v (%s) from %s", r.expectedTypeName, r.resyncPeriod, r.name)
@@ -375,7 +385,7 @@ loop:
break loop
}
if event.Type == watch.Error {
return apierrs.FromObject(event.Object)
return apierrors.FromObject(event.Object)
}
if r.expectedType != nil {
if e, a := r.expectedType, reflect.TypeOf(event.Object); e != a {
@@ -479,9 +489,9 @@ func (r *Reflector) setIsLastSyncResourceVersionExpired(isExpired bool) {
}
func isExpiredError(err error) bool {
// In Kubernetes 1.17 and earlier, the api server returns both apierrs.StatusReasonExpired and
// apierrs.StatusReasonGone for HTTP 410 (Gone) status code responses. In 1.18 the kube server is more consistent
// and always returns apierrs.StatusReasonExpired. For backward compatibility we can only remove the apierrs.IsGone
// In Kubernetes 1.17 and earlier, the api server returns both apierrors.StatusReasonExpired and
// apierrors.StatusReasonGone for HTTP 410 (Gone) status code responses. In 1.18 the kube server is more consistent
// and always returns apierrors.StatusReasonExpired. For backward compatibility we can only remove the apierrors.IsGone
// check when we fully drop support for Kubernetes 1.17 servers from reflectors.
return apierrs.IsResourceExpired(err) || apierrs.IsGone(err)
return apierrors.IsResourceExpired(err) || apierrors.IsGone(err)
}

View File

@@ -26,7 +26,7 @@ import (
"time"
"k8s.io/api/core/v1"
apierrs "k8s.io/apimachinery/pkg/api/errors"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/runtime"
@@ -520,7 +520,7 @@ func TestReflectorExpiredExactResourceVersion(t *testing.T) {
return &v1.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "10"}, Items: pods[0:4]}, nil
case "10":
// When watch cache is disabled, if the exact ResourceVersion requested is not available, a "Expired" error is returned.
return nil, apierrs.NewResourceExpired("The resourceVersion for the provided watch is too old.")
return nil, apierrors.NewResourceExpired("The resourceVersion for the provided watch is too old.")
case "":
return &v1.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "11"}, Items: pods[0:8]}, nil
default:
@@ -584,7 +584,7 @@ func TestReflectorFullListIfExpired(t *testing.T) {
return &v1.PodList{ListMeta: metav1.ListMeta{Continue: "C1", ResourceVersion: "11"}, Items: pods[0:4]}, nil
// second page of the above list
case rvContinueLimit("", "C1", 4):
return nil, apierrs.NewResourceExpired("The resourceVersion for the provided watch is too old.")
return nil, apierrors.NewResourceExpired("The resourceVersion for the provided watch is too old.")
// rv=10 unlimited list
case rvContinueLimit("10", "", 0):
return &v1.PodList{ListMeta: metav1.ListMeta{ResourceVersion: "11"}, Items: pods[0:8]}, nil

View File

@@ -70,7 +70,7 @@ import (
// The local cache starts out empty, and gets populated and updated
// during `Run()`.
//
// As a simple example, if a collection of objects is henceforeth
// As a simple example, if a collection of objects is henceforth
// unchanging, a SharedInformer is created that links to that
// collection, and that SharedInformer is `Run()` then that
// SharedInformer's cache eventually holds an exact copy of that
@@ -106,7 +106,16 @@ import (
// and index updates happen before such a prescribed notification.
// For a given SharedInformer and client, the notifications are
// delivered sequentially. For a given SharedInformer, client, and
// object ID, the notifications are delivered in order.
// object ID, the notifications are delivered in order. Because
// `ObjectMeta.UID` has no role in identifying objects, it is possible
// that when (1) object O1 with ID (e.g. namespace and name) X and
// `ObjectMeta.UID` U1 in the SharedInformer's local cache is deleted
// and later (2) another object O2 with ID X and ObjectMeta.UID U2 is
// created the informer's clients are not notified of (1) and (2) but
// rather are notified only of an update from O1 to O2. Clients that
// need to detect such cases might do so by comparing the `ObjectMeta.UID`
// field of the old and the new object in the code that handles update
// notifications (i.e. `OnUpdate` method of ResourceEventHandler).
//
// A client must process each notification promptly; a SharedInformer
// is not engineered to deal well with a large backlog of
@@ -129,13 +138,13 @@ type SharedInformer interface {
AddEventHandler(handler ResourceEventHandler)
// AddEventHandlerWithResyncPeriod adds an event handler to the
// shared informer using the specified resync period. The resync
// operation consists of delivering to the handler a create
// operation consists of delivering to the handler an update
// notification for every object in the informer's local cache; it
// does not add any interactions with the authoritative storage.
AddEventHandlerWithResyncPeriod(handler ResourceEventHandler, resyncPeriod time.Duration)
// GetStore returns the informer's local cache as a Store.
GetStore() Store
// GetController gives back a synthetic interface that "votes" to start the informer
// GetController is deprecated, it does nothing useful
GetController() Controller
// Run starts and runs the shared informer, returning after it stops.
// The informer will be stopped when stopCh is closed.
@@ -159,21 +168,21 @@ type SharedIndexInformer interface {
}
// NewSharedInformer creates a new instance for the listwatcher.
func NewSharedInformer(lw ListerWatcher, objType runtime.Object, resyncPeriod time.Duration) SharedInformer {
return NewSharedIndexInformer(lw, objType, resyncPeriod, Indexers{})
func NewSharedInformer(lw ListerWatcher, exampleObject runtime.Object, resyncPeriod time.Duration) SharedInformer {
return NewSharedIndexInformer(lw, exampleObject, resyncPeriod, Indexers{})
}
// NewSharedIndexInformer creates a new instance for the listwatcher.
func NewSharedIndexInformer(lw ListerWatcher, objType runtime.Object, defaultEventHandlerResyncPeriod time.Duration, indexers Indexers) SharedIndexInformer {
func NewSharedIndexInformer(lw ListerWatcher, exampleObject runtime.Object, defaultEventHandlerResyncPeriod time.Duration, indexers Indexers) SharedIndexInformer {
realClock := &clock.RealClock{}
sharedIndexInformer := &sharedIndexInformer{
processor: &sharedProcessor{clock: realClock},
indexer: NewIndexer(DeletionHandlingMetaNamespaceKeyFunc, indexers),
listerWatcher: lw,
objectType: objType,
objectType: exampleObject,
resyncCheckPeriod: defaultEventHandlerResyncPeriod,
defaultEventHandlerResyncPeriod: defaultEventHandlerResyncPeriod,
cacheMutationDetector: NewCacheMutationDetector(fmt.Sprintf("%T", objType)),
cacheMutationDetector: NewCacheMutationDetector(fmt.Sprintf("%T", exampleObject)),
clock: realClock,
}
return sharedIndexInformer
@@ -228,6 +237,19 @@ func WaitForCacheSync(stopCh <-chan struct{}, cacheSyncs ...InformerSynced) bool
return true
}
// `*sharedIndexInformer` implements SharedIndexInformer and has three
// main components. One is an indexed local cache, `indexer Indexer`.
// The second main component is a Controller that pulls
// objects/notifications using the ListerWatcher and pushes them into
// a DeltaFIFO --- whose knownObjects is the informer's local cache
// --- while concurrently Popping Deltas values from that fifo and
// processing them with `sharedIndexInformer::HandleDeltas`. Each
// invocation of HandleDeltas, which is done with the fifo's lock
// held, processes each Delta in turn. For each Delta this both
// updates the local cache and stuffs the relevant notification into
// the sharedProcessor. The third main component is that
// sharedProcessor, which is responsible for relaying those
// notifications to each of the informer's clients.
type sharedIndexInformer struct {
indexer Indexer
controller Controller
@@ -235,9 +257,13 @@ type sharedIndexInformer struct {
processor *sharedProcessor
cacheMutationDetector MutationDetector
// This block is tracked to handle late initialization of the controller
listerWatcher ListerWatcher
objectType runtime.Object
// objectType is an example object of the type this informer is
// expected to handle. Only the type needs to be right, except
// that when that is `unstructured.Unstructured` the object's
// `"apiVersion"` and `"kind"` must also be right.
objectType runtime.Object
// resyncCheckPeriod is how often we want the reflector's resync timer to fire so it can call
// shouldResync to check if any of our listeners need a resync.
@@ -476,6 +502,12 @@ func (s *sharedIndexInformer) HandleDeltas(obj interface{}) error {
return nil
}
// sharedProcessor has a collection of processorListener and can
// distribute a notification object to its listeners. There are two
// kinds of distribute operations. The sync distributions go to a
// subset of the listeners that (a) is recomputed in the occasional
// calls to shouldResync and (b) every listener is initially put in.
// The non-sync distributions go to every listener.
type sharedProcessor struct {
listenersStarted bool
listenersLock sync.RWMutex
@@ -567,6 +599,17 @@ func (p *sharedProcessor) resyncCheckPeriodChanged(resyncCheckPeriod time.Durati
}
}
// processorListener relays notifications from a sharedProcessor to
// one ResourceEventHandler --- using two goroutines, two unbuffered
// channels, and an unbounded ring buffer. The `add(notification)`
// function sends the given notification to `addCh`. One goroutine
// runs `pop()`, which pumps notifications from `addCh` to `nextCh`
// using storage in the ring buffer while `nextCh` is not keeping up.
// Another goroutine runs `run()`, which receives notifications from
// `nextCh` and synchronously invokes the appropriate handler method.
//
// processorListener also keeps track of the adjusted requested resync
// period of the listener.
type processorListener struct {
nextCh chan interface{}
addCh chan interface{}
@@ -580,11 +623,22 @@ type processorListener struct {
// we should try to do something better.
pendingNotifications buffer.RingGrowing
// requestedResyncPeriod is how frequently the listener wants a full resync from the shared informer
// requestedResyncPeriod is how frequently the listener wants a
// full resync from the shared informer, but modified by two
// adjustments. One is imposing a lower bound,
// `minimumResyncPeriod`. The other is another lower bound, the
// sharedProcessor's `resyncCheckPeriod`, that is imposed (a) only
// in AddEventHandlerWithResyncPeriod invocations made after the
// sharedProcessor starts and (b) only if the informer does
// resyncs at all.
requestedResyncPeriod time.Duration
// resyncPeriod is how frequently the listener wants a full resync from the shared informer. This
// value may differ from requestedResyncPeriod if the shared informer adjusts it to align with the
// informer's overall resync check period.
// resyncPeriod is the threshold that will be used in the logic
// for this listener. This value differs from
// requestedResyncPeriod only when the sharedIndexInformer does
// not do resyncs, in which case the value here is zero. The
// actual time between resyncs depends on when the
// sharedProcessor's `shouldResync` function is invoked and when
// the sharedIndexInformer processes `Sync` type Delta objects.
resyncPeriod time.Duration
// nextResync is the earliest time the listener should get a full resync
nextResync time.Time
@@ -643,7 +697,7 @@ func (p *processorListener) pop() {
func (p *processorListener) run() {
// this call blocks until the channel is closed. When a panic happens during the notification
// we will catch it, **the offending item will be skipped!**, and after a short delay (one second)
// we will catch it, **the offending item will be skipped!**, and after a short delay (one minute)
// the next notification will be attempted. This is usually better than the alternative of never
// delivering again.
stopCh := make(chan struct{})

46
tools/cache/store.go vendored
View File

@@ -23,27 +23,50 @@ import (
"k8s.io/apimachinery/pkg/api/meta"
)
// Store is a generic object storage interface. Reflector knows how to watch a server
// and update a store. A generic store is provided, which allows Reflector to be used
// as a local caching system, and an LRU store, which allows Reflector to work like a
// queue of items yet to be processed.
// Store is a generic object storage and processing interface. A
// Store holds a map from string keys to accumulators, and has
// operations to add, update, and delete a given object to/from the
// accumulator currently associated with a given key. A Store also
// knows how to extract the key from a given object, so many operations
// are given only the object.
//
// Store makes no assumptions about stored object identity; it is the responsibility
// of a Store implementation to provide a mechanism to correctly key objects and to
// define the contract for obtaining objects by some arbitrary key type.
// In the simplest Store implementations each accumulator is simply
// the last given object, or empty after Delete, and thus the Store's
// behavior is simple storage.
//
// Reflector knows how to watch a server and update a Store. This
// package provides a variety of implementations of Store.
type Store interface {
// Add adds the given object to the accumulator associated with the given object's key
Add(obj interface{}) error
// Update updates the given object in the accumulator associated with the given object's key
Update(obj interface{}) error
// Delete deletes the given object from the accumulator associated with the given object's key
Delete(obj interface{}) error
// List returns a list of all the currently non-empty accumulators
List() []interface{}
// ListKeys returns a list of all the keys currently associated with non-empty accumulators
ListKeys() []string
// Get returns the accumulator associated with the given object's key
Get(obj interface{}) (item interface{}, exists bool, err error)
// GetByKey returns the accumulator associated with the given key
GetByKey(key string) (item interface{}, exists bool, err error)
// Replace will delete the contents of the store, using instead the
// given list. Store takes ownership of the list, you should not reference
// it after calling this function.
Replace([]interface{}, string) error
// Resync is meaningless in the terms appearing here but has
// meaning in some implementations that have non-trivial
// additional behavior (e.g., DeltaFIFO).
Resync() error
}
@@ -106,9 +129,8 @@ func SplitMetaNamespaceKey(key string) (namespace, name string, err error) {
return "", "", fmt.Errorf("unexpected key format: %q", key)
}
// cache responsibilities are limited to:
// 1. Computing keys for objects via keyFunc
// 2. Invoking methods of a ThreadSafeStorage interface
// `*cache` implements Indexer in terms of a ThreadSafeStore and an
// associated KeyFunc.
type cache struct {
// cacheStorage bears the burden of thread safety for the cache
cacheStorage ThreadSafeStore
@@ -222,9 +244,9 @@ func (c *cache) Replace(list []interface{}, resourceVersion string) error {
return nil
}
// Resync touches all items in the store to force processing
// Resync is meaningless for one of these
func (c *cache) Resync() error {
return c.cacheStorage.Resync()
return nil
}
// NewStore returns a Store implemented simply with a map and a lock.

View File

@@ -23,7 +23,11 @@ import (
"k8s.io/apimachinery/pkg/util/sets"
)
// ThreadSafeStore is an interface that allows concurrent access to a storage backend.
// ThreadSafeStore is an interface that allows concurrent indexed
// access to a storage backend. It is like Indexer but does not
// (necessarily) know how to extract the Store key from a given
// object.
//
// TL;DR caveats: you must not modify anything returned by Get or List as it will break
// the indexing feature in addition to not being thread safe.
//
@@ -51,6 +55,7 @@ type ThreadSafeStore interface {
// AddIndexers adds more indexers to this store. If you call this after you already have data
// in the store, the results are undefined.
AddIndexers(newIndexers Indexers) error
// Resync is a no-op and is deprecated
Resync() error
}
@@ -131,8 +136,8 @@ func (c *threadSafeMap) Replace(items map[string]interface{}, resourceVersion st
}
}
// Index returns a list of items that match on the index function
// Index is thread-safe so long as you treat all items as immutable
// Index returns a list of items that match the given object on the index function.
// Index is thread-safe so long as you treat all items as immutable.
func (c *threadSafeMap) Index(indexName string, obj interface{}) ([]interface{}, error) {
c.lock.RLock()
defer c.lock.RUnlock()
@@ -142,37 +147,37 @@ func (c *threadSafeMap) Index(indexName string, obj interface{}) ([]interface{},
return nil, fmt.Errorf("Index with name %s does not exist", indexName)
}
indexKeys, err := indexFunc(obj)
indexedValues, err := indexFunc(obj)
if err != nil {
return nil, err
}
index := c.indices[indexName]
var returnKeySet sets.String
if len(indexKeys) == 1 {
var storeKeySet sets.String
if len(indexedValues) == 1 {
// In majority of cases, there is exactly one value matching.
// Optimize the most common path - deduping is not needed here.
returnKeySet = index[indexKeys[0]]
storeKeySet = index[indexedValues[0]]
} else {
// Need to de-dupe the return list.
// Since multiple keys are allowed, this can happen.
returnKeySet = sets.String{}
for _, indexKey := range indexKeys {
for key := range index[indexKey] {
returnKeySet.Insert(key)
storeKeySet = sets.String{}
for _, indexedValue := range indexedValues {
for key := range index[indexedValue] {
storeKeySet.Insert(key)
}
}
}
list := make([]interface{}, 0, returnKeySet.Len())
for absoluteKey := range returnKeySet {
list = append(list, c.items[absoluteKey])
list := make([]interface{}, 0, storeKeySet.Len())
for storeKey := range storeKeySet {
list = append(list, c.items[storeKey])
}
return list, nil
}
// ByIndex returns a list of items that match an exact value on the index function
func (c *threadSafeMap) ByIndex(indexName, indexKey string) ([]interface{}, error) {
// ByIndex returns a list of the items whose indexed values in the given index include the given indexed value
func (c *threadSafeMap) ByIndex(indexName, indexedValue string) ([]interface{}, error) {
c.lock.RLock()
defer c.lock.RUnlock()
@@ -183,7 +188,7 @@ func (c *threadSafeMap) ByIndex(indexName, indexKey string) ([]interface{}, erro
index := c.indices[indexName]
set := index[indexKey]
set := index[indexedValue]
list := make([]interface{}, 0, set.Len())
for key := range set {
list = append(list, c.items[key])
@@ -192,9 +197,9 @@ func (c *threadSafeMap) ByIndex(indexName, indexKey string) ([]interface{}, erro
return list, nil
}
// IndexKeys returns a list of keys that match on the index function.
// IndexKeys returns a list of the Store keys of the objects whose indexed values in the given index include the given indexed value.
// IndexKeys is thread-safe so long as you treat all items as immutable.
func (c *threadSafeMap) IndexKeys(indexName, indexKey string) ([]string, error) {
func (c *threadSafeMap) IndexKeys(indexName, indexedValue string) ([]string, error) {
c.lock.RLock()
defer c.lock.RUnlock()
@@ -205,7 +210,7 @@ func (c *threadSafeMap) IndexKeys(indexName, indexKey string) ([]string, error)
index := c.indices[indexName]
set := index[indexKey]
set := index[indexedValue]
return set.List(), nil
}

View File

@@ -31,6 +31,9 @@ func Convert_Slice_v1_NamedCluster_To_Map_string_To_Pointer_api_Cluster(in *[]Na
if err := Convert_v1_Cluster_To_api_Cluster(&curr.Cluster, newCluster, s); err != nil {
return err
}
if *out == nil {
*out = make(map[string]*api.Cluster)
}
if (*out)[curr.Name] == nil {
(*out)[curr.Name] = newCluster
} else {
@@ -65,6 +68,9 @@ func Convert_Slice_v1_NamedAuthInfo_To_Map_string_To_Pointer_api_AuthInfo(in *[]
if err := Convert_v1_AuthInfo_To_api_AuthInfo(&curr.AuthInfo, newAuthInfo, s); err != nil {
return err
}
if *out == nil {
*out = make(map[string]*api.AuthInfo)
}
if (*out)[curr.Name] == nil {
(*out)[curr.Name] = newAuthInfo
} else {
@@ -99,6 +105,9 @@ func Convert_Slice_v1_NamedContext_To_Map_string_To_Pointer_api_Context(in *[]Na
if err := Convert_v1_Context_To_api_Context(&curr.Context, newContext, s); err != nil {
return err
}
if *out == nil {
*out = make(map[string]*api.Context)
}
if (*out)[curr.Name] == nil {
(*out)[curr.Name] = newContext
} else {
@@ -133,6 +142,9 @@ func Convert_Slice_v1_NamedExtension_To_Map_string_To_runtime_Object(in *[]Named
if err := runtime.Convert_runtime_RawExtension_To_runtime_Object(&curr.Extension, &newExtension, s); err != nil {
return err
}
if *out == nil {
*out = make(map[string]runtime.Object)
}
if (*out)[curr.Name] == nil {
(*out)[curr.Name] = newExtension
} else {

View File

@@ -17,6 +17,7 @@ limitations under the License.
package clientcmd
import (
"bytes"
"fmt"
"io/ioutil"
"os"
@@ -29,6 +30,7 @@ import (
"sigs.k8s.io/yaml"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/diff"
clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
clientcmdlatest "k8s.io/client-go/tools/clientcmd/api/latest"
)
@@ -78,6 +80,32 @@ var (
}
)
func TestNilOutMap(t *testing.T) {
var fakeKubeconfigData = `apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority-data: UEhPTlkK
server: https://1.1.1.1
name: production
contexts:
- context:
cluster: production
user: production
name: production
current-context: production
users:
- name: production
user:
auth-provider:
name: gcp`
_, _, err := clientcmdlatest.Codec.Decode([]byte(fakeKubeconfigData), nil, nil)
if err != nil {
t.Fatalf("unexpected error: %v", err)
}
}
func TestNonExistentCommandLineFile(t *testing.T) {
loadingRules := ClientConfigLoadingRules{
ExplicitPath: "bogus_file",
@@ -175,6 +203,56 @@ func TestConflictingCurrentContext(t *testing.T) {
}
}
func TestEncodeYAML(t *testing.T) {
config := clientcmdapi.Config{
CurrentContext: "any-context-value",
Contexts: map[string]*clientcmdapi.Context{
"433e40": {
Cluster: "433e40",
},
},
Clusters: map[string]*clientcmdapi.Cluster{
"0": {
Server: "https://localhost:1234",
},
"1": {
Server: "https://localhost:1234",
},
"433e40": {
Server: "https://localhost:1234",
},
},
}
data, err := Write(config)
if err != nil {
t.Fatal(err)
}
expected := []byte(`apiVersion: v1
clusters:
- cluster:
server: https://localhost:1234
name: "0"
- cluster:
server: https://localhost:1234
name: "1"
- cluster:
server: https://localhost:1234
name: "433e40"
contexts:
- context:
cluster: "433e40"
user: ""
name: "433e40"
current-context: any-context-value
kind: Config
preferences: {}
users: null
`)
if !bytes.Equal(expected, data) {
t.Error(diff.ObjectReflectDiff(string(expected), string(data)))
}
}
func TestLoadingEmptyMaps(t *testing.T) {
configFile, _ := ioutil.TempFile("", "")
defer os.Remove(configFile.Name())

View File

@@ -26,6 +26,16 @@ import (
var registerMetrics sync.Once
// DurationMetric is a measurement of some amount of time.
type DurationMetric interface {
Observe(duration time.Duration)
}
// ExpiryMetric sets some time of expiry. If nil, assume not relevant.
type ExpiryMetric interface {
Set(expiry *time.Time)
}
// LatencyMetric observes client latency partitioned by verb and url.
type LatencyMetric interface {
Observe(verb string, u url.URL, latency time.Duration)
@@ -37,21 +47,51 @@ type ResultMetric interface {
}
var (
// ClientCertExpiry is the expiry time of a client certificate
ClientCertExpiry ExpiryMetric = noopExpiry{}
// ClientCertRotationAge is the age of a certificate that has just been rotated.
ClientCertRotationAge DurationMetric = noopDuration{}
// RequestLatency is the latency metric that rest clients will update.
RequestLatency LatencyMetric = noopLatency{}
// RequestResult is the result metric that rest clients will update.
RequestResult ResultMetric = noopResult{}
)
// RegisterOpts contains all the metrics to register. Metrics may be nil.
type RegisterOpts struct {
ClientCertExpiry ExpiryMetric
ClientCertRotationAge DurationMetric
RequestLatency LatencyMetric
RequestResult ResultMetric
}
// Register registers metrics for the rest client to use. This can
// only be called once.
func Register(lm LatencyMetric, rm ResultMetric) {
func Register(opts RegisterOpts) {
registerMetrics.Do(func() {
RequestLatency = lm
RequestResult = rm
if opts.ClientCertExpiry != nil {
ClientCertExpiry = opts.ClientCertExpiry
}
if opts.ClientCertRotationAge != nil {
ClientCertRotationAge = opts.ClientCertRotationAge
}
if opts.RequestLatency != nil {
RequestLatency = opts.RequestLatency
}
if opts.RequestResult != nil {
RequestResult = opts.RequestResult
}
})
}
type noopDuration struct{}
func (noopDuration) Observe(time.Duration) {}
type noopExpiry struct{}
func (noopExpiry) Set(*time.Time) {}
type noopLatency struct{}
func (noopLatency) Observe(string, url.URL, time.Duration) {}

View File

@@ -102,9 +102,6 @@ type EventRecorder interface {
// Eventf is just like Event, but with Sprintf for the message field.
Eventf(object runtime.Object, eventtype, reason, messageFmt string, args ...interface{})
// PastEventf is just like Eventf, but with an option to specify the event's 'timestamp' field.
PastEventf(object runtime.Object, timestamp metav1.Time, eventtype, reason, messageFmt string, args ...interface{})
// AnnotatedEventf is just like eventf, but with annotations attached
AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{})
}
@@ -343,10 +340,6 @@ func (recorder *recorderImpl) Eventf(object runtime.Object, eventtype, reason, m
recorder.Event(object, eventtype, reason, fmt.Sprintf(messageFmt, args...))
}
func (recorder *recorderImpl) PastEventf(object runtime.Object, timestamp metav1.Time, eventtype, reason, messageFmt string, args ...interface{}) {
recorder.generateEvent(object, nil, timestamp, eventtype, reason, fmt.Sprintf(messageFmt, args...))
}
func (recorder *recorderImpl) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) {
recorder.generateEvent(object, annotations, metav1.Now(), eventtype, reason, fmt.Sprintf(messageFmt, args...))
}

View File

@@ -19,7 +19,6 @@ package record
import (
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
)
@@ -42,9 +41,6 @@ func (f *FakeRecorder) Eventf(object runtime.Object, eventtype, reason, messageF
}
}
func (f *FakeRecorder) PastEventf(object runtime.Object, timestamp metav1.Time, eventtype, reason, messageFmt string, args ...interface{}) {
}
func (f *FakeRecorder) AnnotatedEventf(object runtime.Object, annotations map[string]string, eventtype, reason, messageFmt string, args ...interface{}) {
f.Eventf(object, eventtype, reason, messageFmt, args)
}

View File

@@ -112,18 +112,15 @@ type Config struct {
// initialized using a generic, multi-use cert/key pair which will be
// quickly replaced with a unique cert/key pair.
BootstrapKeyPEM []byte
// CertificateExpiration will record a metric that shows the remaining
// lifetime of the certificate. This metric is a gauge because only the
// current cert expiry time is really useful. Reading this metric at any
// time simply gives the next expiration date, no need to keep some
// history (histogram) of all previous expiry dates.
CertificateExpiration Gauge
// CertificateRotation will record a metric showing the time in seconds
// that certificates lived before being rotated. This metric is a histogram
// because there is value in keeping a history of rotation cadences. It
// allows one to setup monitoring and alerting of unexpected rotation
// behavior and track trends in rotation frequency.
CertificateRotation Histogram
// CertifcateRenewFailure will record a metric that keeps track of
// certificate renewal failures.
CertificateRenewFailure Counter
}
// Store is responsible for getting and updating the current certificate.
@@ -154,6 +151,11 @@ type Histogram interface {
Observe(float64)
}
// Counter will wrap a counter with labels
type Counter interface {
Inc()
}
// NoCertKeyError indicates there is no cert/key currently available.
type NoCertKeyError string
@@ -177,8 +179,8 @@ type manager struct {
certStore Store
certificateExpiration Gauge
certificateRotation Histogram
certificateRotation Histogram
certificateRenewFailure Counter
// the following variables must only be accessed under certAccessLock
certAccessLock sync.RWMutex
@@ -213,17 +215,17 @@ func NewManager(config *Config) (Manager, error) {
}
m := manager{
stopCh: make(chan struct{}),
clientFn: config.ClientFn,
getTemplate: getTemplate,
dynamicTemplate: config.GetTemplate != nil,
usages: config.Usages,
certStore: config.CertificateStore,
cert: cert,
forceRotation: forceRotation,
certificateExpiration: config.CertificateExpiration,
certificateRotation: config.CertificateRotation,
now: time.Now,
stopCh: make(chan struct{}),
clientFn: config.ClientFn,
getTemplate: getTemplate,
dynamicTemplate: config.GetTemplate != nil,
usages: config.Usages,
certStore: config.CertificateStore,
cert: cert,
forceRotation: forceRotation,
certificateRotation: config.CertificateRotation,
certificateRenewFailure: config.CertificateRenewFailure,
now: time.Now,
}
return &m, nil
@@ -404,6 +406,9 @@ func (m *manager) rotateCerts() (bool, error) {
template, csrPEM, keyPEM, privateKey, err := m.generateCSR()
if err != nil {
utilruntime.HandleError(fmt.Errorf("Unable to generate a certificate signing request: %v", err))
if m.certificateRenewFailure != nil {
m.certificateRenewFailure.Inc()
}
return false, nil
}
@@ -411,6 +416,9 @@ func (m *manager) rotateCerts() (bool, error) {
client, err := m.getClient()
if err != nil {
utilruntime.HandleError(fmt.Errorf("Unable to load a client to request certificates: %v", err))
if m.certificateRenewFailure != nil {
m.certificateRenewFailure.Inc()
}
return false, nil
}
@@ -419,6 +427,9 @@ func (m *manager) rotateCerts() (bool, error) {
req, err := csr.RequestCertificate(client, csrPEM, "", m.usages, privateKey)
if err != nil {
utilruntime.HandleError(fmt.Errorf("Failed while requesting a signed certificate from the master: %v", err))
if m.certificateRenewFailure != nil {
m.certificateRenewFailure.Inc()
}
return false, m.updateServerError(err)
}
@@ -433,12 +444,18 @@ func (m *manager) rotateCerts() (bool, error) {
crtPEM, err := csr.WaitForCertificate(ctx, client, req)
if err != nil {
utilruntime.HandleError(fmt.Errorf("certificate request was not signed: %v", err))
if m.certificateRenewFailure != nil {
m.certificateRenewFailure.Inc()
}
return false, nil
}
cert, err := m.certStore.Update(crtPEM, keyPEM)
if err != nil {
utilruntime.HandleError(fmt.Errorf("Unable to store the new cert/key pair: %v", err))
if m.certificateRenewFailure != nil {
m.certificateRenewFailure.Inc()
}
return false, nil
}
@@ -529,9 +546,6 @@ func (m *manager) nextRotationDeadline() time.Time {
deadline := m.cert.Leaf.NotBefore.Add(jitteryDuration(totalDuration))
klog.V(2).Infof("Certificate expiration is %v, rotation deadline is %v", notAfter, deadline)
if m.certificateExpiration != nil {
m.certificateExpiration.Set(float64(notAfter.Unix()))
}
return deadline
}

View File

@@ -200,7 +200,6 @@ func TestSetRotationDeadline(t *testing.T) {
for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
g := metricMock{}
m := manager{
cert: &tls.Certificate{
Leaf: &x509.Certificate{
@@ -208,10 +207,9 @@ func TestSetRotationDeadline(t *testing.T) {
NotAfter: tc.notAfter,
},
},
getTemplate: func() *x509.CertificateRequest { return &x509.CertificateRequest{} },
usages: []certificates.KeyUsage{},
certificateExpiration: &g,
now: func() time.Time { return now },
getTemplate: func() *x509.CertificateRequest { return &x509.CertificateRequest{} },
usages: []certificates.KeyUsage{},
now: func() time.Time { return now },
}
jitteryDuration = func(float64) time.Duration { return time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.7) }
lowerBound := tc.notBefore.Add(time.Duration(float64(tc.notAfter.Sub(tc.notBefore)) * 0.7))
@@ -225,12 +223,6 @@ func TestSetRotationDeadline(t *testing.T) {
deadline,
lowerBound)
}
if g.calls != 1 {
t.Errorf("%d metrics were recorded, wanted %d", g.calls, 1)
}
if g.lastValue != float64(tc.notAfter.Unix()) {
t.Errorf("%f value for metric was recorded, wanted %d", g.lastValue, tc.notAfter.Unix())
}
})
}
}

View File

@@ -131,16 +131,14 @@ func (m *defaultQueueMetrics) updateUnfinishedWork() {
var total float64
var oldest float64
for _, t := range m.processingStartTimes {
age := m.sinceInMicroseconds(t)
age := m.sinceInSeconds(t)
total += age
if age > oldest {
oldest = age
}
}
// Convert to seconds; microseconds is unhelpfully granular for this.
total /= 1000000
m.unfinishedWorkSeconds.Set(total)
m.longestRunningProcessor.Set(oldest / 1000000)
m.longestRunningProcessor.Set(oldest)
}
type noMetrics struct{}
@@ -150,11 +148,6 @@ func (noMetrics) get(item t) {}
func (noMetrics) done(item t) {}
func (noMetrics) updateUnfinishedWork() {}
// Gets the time since the specified start in microseconds.
func (m *defaultQueueMetrics) sinceInMicroseconds(start time.Time) float64 {
return float64(m.clock.Since(start).Nanoseconds() / time.Microsecond.Nanoseconds())
}
// Gets the time since the specified start in seconds.
func (m *defaultQueueMetrics) sinceInSeconds(start time.Time) float64 {
return m.clock.Since(start).Seconds()

View File

@@ -167,22 +167,6 @@ func (m *testMetricsProvider) NewRetriesMetric(name string) CounterMetric {
return &m.retries
}
func TestSinceInMicroseconds(t *testing.T) {
mp := testMetricsProvider{}
c := clock.NewFakeClock(time.Now())
mf := queueMetricsFactory{metricsProvider: &mp}
m := mf.newQueueMetrics("test", c)
dqm := m.(*defaultQueueMetrics)
for _, i := range []int{1, 50, 100, 500, 1000, 10000, 100000, 1000000} {
n := c.Now()
c.Step(time.Duration(i) * time.Microsecond)
if e, a := float64(i), dqm.sinceInMicroseconds(n); e != a {
t.Errorf("Expected %v, got %v", e, a)
}
}
}
func TestMetrics(t *testing.T) {
mp := testMetricsProvider{}
t0 := time.Unix(0, 0)