github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-21 02:41:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #99125 from tkashem/apf-response-header-fix

Browse Source 
apf: set response headers for rejected requests
This commit is contained in:
Kubernetes Prow Robot 2021-02-22 12:42:03 -08:00 committed by GitHub
commit 7ab447fd4d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
staging/src/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go
View File

@ -122,12 +122,7 @@ func WithPriorityAndFairness(
served = true served = true
innerCtx := context.WithValue(ctx, priorityAndFairnessKey, classification) innerCtx := context.WithValue(ctx, priorityAndFairnessKey, classification)
innerReq := r.Clone(innerCtx) innerReq := r.Clone(innerCtx)
setResponseHeaders(classification, w)
// We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that
// the names that cluster-admins choose for categorization and priority levels are not exposed, also
// the names might make it obvious to the users that they are rejected due to classification with low priority.
w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID))
w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID))
handler.ServeHTTP(w, innerReq) handler.ServeHTTP(w, innerReq)
} }
@ -140,6 +135,8 @@ func WithPriorityAndFairness(
} }
}, execute) }, execute)
if !served { if !served {
setResponseHeaders(classification, w)
if isMutatingRequest { if isMutatingRequest {
epmetrics.DroppedRequests.WithContext(ctx).WithLabelValues(epmetrics.MutatingKind).Inc() epmetrics.DroppedRequests.WithContext(ctx).WithLabelValues(epmetrics.MutatingKind).Inc()
} else { } else {
@ -158,3 +155,15 @@ func StartPriorityAndFairnessWatermarkMaintenance(stopCh <-chan struct{}) {
startWatermarkMaintenance(watermark, stopCh) startWatermarkMaintenance(watermark, stopCh)
startWatermarkMaintenance(waitingMark, stopCh) startWatermarkMaintenance(waitingMark, stopCh)
} }
func setResponseHeaders(classification *PriorityAndFairnessClassification, w http.ResponseWriter) {
if classification == nil {
return
}
// We intentionally set the UID of the flow-schema and priority-level instead of name. This is so that
// the names that cluster-admins choose for categorization and priority levels are not exposed, also
// the names might make it obvious to the users that they are rejected due to classification with low priority.
w.Header().Set(flowcontrol.ResponseHeaderMatchedPriorityLevelConfigurationUID, string(classification.PriorityLevelUID))
w.Header().Set(flowcontrol.ResponseHeaderMatchedFlowSchemaUID, string(classification.FlowSchemaUID))
}