mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-22 19:31:44 +00:00
Merge pull request #92842 from liggitt/deprecated-annotation
Deprecated API request audit annotation
This commit is contained in:
commit
71bfb73751
@ -142,6 +142,9 @@ type crdInfo struct {
|
||||
spec *apiextensionsv1.CustomResourceDefinitionSpec
|
||||
acceptedNames *apiextensionsv1.CustomResourceDefinitionNames
|
||||
|
||||
// Deprecated per version
|
||||
deprecated map[string]bool
|
||||
|
||||
// Warnings per version
|
||||
warnings map[string][]string
|
||||
|
||||
@ -329,10 +332,9 @@ func (r *crdHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
return
|
||||
}
|
||||
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.WarningHeaders) {
|
||||
for _, w := range crdInfo.warnings[requestInfo.APIVersion] {
|
||||
warning.AddWarning(req.Context(), "", w)
|
||||
}
|
||||
deprecated := crdInfo.deprecated[requestInfo.APIVersion]
|
||||
for _, w := range crdInfo.warnings[requestInfo.APIVersion] {
|
||||
warning.AddWarning(req.Context(), "", w)
|
||||
}
|
||||
|
||||
verb := strings.ToUpper(requestInfo.Verb)
|
||||
@ -372,7 +374,7 @@ func (r *crdHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
|
||||
}
|
||||
|
||||
if handlerFunc != nil {
|
||||
handlerFunc = metrics.InstrumentHandlerFunc(verb, requestInfo.APIGroup, requestInfo.APIVersion, resource, subresource, scope, metrics.APIServerComponent, false, "", handlerFunc)
|
||||
handlerFunc = metrics.InstrumentHandlerFunc(verb, requestInfo.APIGroup, requestInfo.APIVersion, resource, subresource, scope, metrics.APIServerComponent, deprecated, "", handlerFunc)
|
||||
handler := genericfilters.WithWaitGroup(handlerFunc, longRunningFilter, crdInfo.waitGroup)
|
||||
handler.ServeHTTP(w, req)
|
||||
return
|
||||
@ -622,6 +624,7 @@ func (r *crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (*crd
|
||||
storages := map[string]customresource.CustomResourceStorage{}
|
||||
statusScopes := map[string]*handlers.RequestScope{}
|
||||
scaleScopes := map[string]*handlers.RequestScope{}
|
||||
deprecated := map[string]bool{}
|
||||
warnings := map[string][]string{}
|
||||
|
||||
equivalentResourceRegistry := runtime.NewEquivalentResourceRegistry()
|
||||
@ -883,10 +886,13 @@ func (r *crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (*crd
|
||||
statusScopes[v.Name] = &statusScope
|
||||
|
||||
if v.Deprecated {
|
||||
if v.DeprecationWarning != nil {
|
||||
warnings[v.Name] = append(warnings[v.Name], *v.DeprecationWarning)
|
||||
} else {
|
||||
warnings[v.Name] = append(warnings[v.Name], defaultDeprecationWarning(v.Name, crd.Spec))
|
||||
deprecated[v.Name] = true
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.WarningHeaders) {
|
||||
if v.DeprecationWarning != nil {
|
||||
warnings[v.Name] = append(warnings[v.Name], *v.DeprecationWarning)
|
||||
} else {
|
||||
warnings[v.Name] = append(warnings[v.Name], defaultDeprecationWarning(v.Name, crd.Spec))
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -898,6 +904,7 @@ func (r *crdHandler) getOrCreateServingInfoFor(uid types.UID, name string) (*crd
|
||||
requestScopes: requestScopes,
|
||||
scaleRequestScopes: scaleScopes,
|
||||
statusRequestScopes: statusScopes,
|
||||
deprecated: deprecated,
|
||||
warnings: warnings,
|
||||
storageVersion: storageVersion,
|
||||
waitGroup: &utilwaitgroup.SafeWaitGroup{},
|
||||
|
@ -15,6 +15,7 @@ go_library(
|
||||
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1/validation:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/types:go_default_library",
|
||||
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/audit:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/endpoints/request:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/features:go_default_library",
|
||||
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
|
||||
|
@ -31,6 +31,7 @@ import (
|
||||
"k8s.io/apimachinery/pkg/apis/meta/v1/validation"
|
||||
"k8s.io/apimachinery/pkg/types"
|
||||
utilsets "k8s.io/apimachinery/pkg/util/sets"
|
||||
"k8s.io/apiserver/pkg/audit"
|
||||
"k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/features"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
@ -232,6 +233,16 @@ const (
|
||||
MutatingKind = "mutating"
|
||||
)
|
||||
|
||||
const (
|
||||
// deprecatedAnnotationKey is a key for an audit annotation set to
|
||||
// "true" on requests made to deprecated API versions
|
||||
deprecatedAnnotationKey = "k8s.io/deprecated"
|
||||
// removedReleaseAnnotationKey is a key for an audit annotation set to
|
||||
// the target removal release, in "<major>.<minor>" format,
|
||||
// on requests made to deprecated API versions with a target removal release
|
||||
removedReleaseAnnotationKey = "k8s.io/removed-release"
|
||||
)
|
||||
|
||||
var registerMetrics sync.Once
|
||||
|
||||
// Register all metrics.
|
||||
@ -315,6 +326,10 @@ func MonitorRequest(req *http.Request, verb, group, version, resource, subresour
|
||||
requestCounter.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component, cleanContentType, codeToString(httpCode)).Inc()
|
||||
if deprecated {
|
||||
deprecatedRequestGauge.WithLabelValues(group, version, resource, subresource, removedRelease).Set(1)
|
||||
audit.AddAuditAnnotation(req.Context(), deprecatedAnnotationKey, "true")
|
||||
if len(removedRelease) > 0 {
|
||||
audit.AddAuditAnnotation(req.Context(), removedReleaseAnnotationKey, removedRelease)
|
||||
}
|
||||
}
|
||||
requestLatencies.WithLabelValues(reportedVerb, dryRun, group, version, resource, subresource, scope, component).Observe(elapsedSeconds)
|
||||
// We are only interested in response sizes of read requests.
|
||||
|
Loading…
Reference in New Issue
Block a user