mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-23 03:41:45 +00:00
Merge pull request #99658 from deads2k/proxy-skip
promote AllowInsecureBackendProxy to stable
This commit is contained in:
commit
f25f071af1
@ -496,6 +496,7 @@ const (
|
||||
|
||||
// owner: @deads2k
|
||||
// beta: v1.17
|
||||
// GA: v1.21
|
||||
//
|
||||
// Enables the users to skip TLS verification of kubelets on pod logs requests
|
||||
AllowInsecureBackendProxy featuregate.Feature = "AllowInsecureBackendProxy"
|
||||
@ -783,7 +784,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
||||
EndpointSliceNodeName: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, //remove in 1.25
|
||||
WindowsEndpointSliceProxying: {Default: true, PreRelease: featuregate.Beta},
|
||||
StartupProbe: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23
|
||||
AllowInsecureBackendProxy: {Default: true, PreRelease: featuregate.Beta},
|
||||
AllowInsecureBackendProxy: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.23
|
||||
PodDisruptionBudget: {Default: true, PreRelease: featuregate.Beta},
|
||||
CronJobControllerV2: {Default: true, PreRelease: featuregate.Beta},
|
||||
DaemonSetUpdateSurge: {Default: false, PreRelease: featuregate.Alpha},
|
||||
|
@ -27,10 +27,8 @@ import (
|
||||
genericregistry "k8s.io/apiserver/pkg/registry/generic/registry"
|
||||
genericrest "k8s.io/apiserver/pkg/registry/generic/rest"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
"k8s.io/kubernetes/pkg/apis/core/validation"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
"k8s.io/kubernetes/pkg/kubelet/client"
|
||||
"k8s.io/kubernetes/pkg/registry/core/pod"
|
||||
|
||||
@ -80,11 +78,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
|
||||
return nil, fmt.Errorf("invalid options object: %#v", opts)
|
||||
}
|
||||
|
||||
// we must do this before forcing the insecure flag if the feature is disabled
|
||||
countSkipTLSMetric(logOpts.InsecureSkipTLSVerifyBackend)
|
||||
if !utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
|
||||
logOpts.InsecureSkipTLSVerifyBackend = false
|
||||
}
|
||||
|
||||
if errs := validation.ValidatePodLogOptions(logOpts); len(errs) > 0 {
|
||||
return nil, errors.NewInvalid(api.Kind("PodLogOptions"), name, errs)
|
||||
@ -107,11 +101,7 @@ func (r *LogREST) Get(ctx context.Context, name string, opts runtime.Object) (ru
|
||||
func countSkipTLSMetric(insecureSkipTLSVerifyBackend bool) {
|
||||
usageType := usageEnforce
|
||||
if insecureSkipTLSVerifyBackend {
|
||||
if utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
|
||||
usageType = usageSkipAllowed
|
||||
} else {
|
||||
usageType = usageSkipDenied
|
||||
}
|
||||
usageType = usageSkipAllowed
|
||||
}
|
||||
|
||||
counter, err := podLogsUsage.GetMetricWithLabelValues(usageType)
|
||||
|
@ -46,7 +46,6 @@ import (
|
||||
api "k8s.io/kubernetes/pkg/apis/core"
|
||||
"k8s.io/kubernetes/pkg/apis/core/helper/qos"
|
||||
"k8s.io/kubernetes/pkg/apis/core/validation"
|
||||
"k8s.io/kubernetes/pkg/features"
|
||||
"k8s.io/kubernetes/pkg/kubelet/client"
|
||||
proxyutil "k8s.io/kubernetes/pkg/proxy/util"
|
||||
)
|
||||
@ -386,7 +385,7 @@ func LogLocation(
|
||||
RawQuery: params.Encode(),
|
||||
}
|
||||
|
||||
if opts.InsecureSkipTLSVerifyBackend && utilfeature.DefaultFeatureGate.Enabled(features.AllowInsecureBackendProxy) {
|
||||
if opts.InsecureSkipTLSVerifyBackend {
|
||||
return loc, nodeInfo.InsecureSkipTLSVerifyTransport, nil
|
||||
}
|
||||
return loc, nodeInfo.Transport, nil
|
||||
|
Loading…
Reference in New Issue
Block a user