github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-04 01:40:07 +00:00
Code Issues Projects Releases Wiki Activity

fix semantics of the rejected label in webhook metrics

Browse Source 
when error calling webhook is ignored, do not log the request as
rejected
This commit is contained in:
Haowei Cai 2019-08-28 15:31:27 -07:00
parent 41049fdf4b
commit f3c793512b
2 changed files with 20 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
View File

@ -133,7 +133,16 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
round = 1 round = 1
} }
changed, err := a.callAttrMutatingHook(ctx, hook, invocation, versionedAttr, o, round, i) changed, err := a.callAttrMutatingHook(ctx, hook, invocation, versionedAttr, o, round, i)
admissionmetrics.Metrics.ObserveWebhook(time.Since(t), err != nil, versionedAttr.Attributes, "admit", hook.Name) ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
rejected := false
if err != nil {
// ErrCallingWebhook is ignored if the webhook is configured to failopen.
// Otherwise the request is rejected.
if _, ok := err.(*webhookutil.ErrCallingWebhook); !ok || !ignoreClientCallFailures {
rejected = true
}
}
admissionmetrics.Metrics.ObserveWebhook(time.Since(t), rejected, versionedAttr.Attributes, "admit", hook.Name)
if changed { if changed {
// Patch had changed the object. Prepare to reinvoke all previous webhooks that are eligible for re-invocation. // Patch had changed the object. Prepare to reinvoke all previous webhooks that are eligible for re-invocation.
webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins() webhookReinvokeCtx.RequireReinvokingPreviouslyInvokedPlugins()
@ -146,7 +155,6 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
continue continue
} }
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok { if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok {
if ignoreClientCallFailures { if ignoreClientCallFailures {
klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)

12
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/validating/dispatcher.go
View File

@ -101,12 +101,20 @@ func (d *validatingDispatcher) Dispatch(ctx context.Context, attr admission.Attr
versionedAttr := versionedAttrs[invocation.Kind] versionedAttr := versionedAttrs[invocation.Kind]
t := time.Now() t := time.Now()
err := d.callHook(ctx, hook, invocation, versionedAttr) err := d.callHook(ctx, hook, invocation, versionedAttr)
admissionmetrics.Metrics.ObserveWebhook(time.Since(t), err != nil, versionedAttr.Attributes, "validating", hook.Name) ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
rejected := false
if err != nil {
// ErrCallingWebhook is ignored if the webhook is configured to failopen.
// Otherwise the request is rejected.
if _, ok := err.(*webhookutil.ErrCallingWebhook); !ok || !ignoreClientCallFailures {
rejected = true
}
}
admissionmetrics.Metrics.ObserveWebhook(time.Since(t), rejected, versionedAttr.Attributes, "validating", hook.Name)
if err == nil { if err == nil {
return return
} }
ignoreClientCallFailures := hook.FailurePolicy != nil && *hook.FailurePolicy == v1beta1.Ignore
if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok { if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok {
if ignoreClientCallFailures { if ignoreClientCallFailures {
klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr) klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)