CSI says about NodeStage (=MountDevice):
// The CO SHALL ensure [...]
// that the path is directory and that the process serving the
// request has `read` and `write` permission to that directory. The
// CO SHALL be responsible for creating the directory if it does not
// exist.
Based on the comments in this file, it seems like these import
restrictions were originally meant for the kubelet CRI streaming
package. This commit moves the import restrictions to
pkg/kubelet/cri/streaming so that pkg/kubelet/cri can import internal
packages like pkg/probe/exec
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
This change also involves adding a custom error type for probe timeouts
so that the kubelet exec prober can distinguish between failed probes
that have exited or probes that have timed out.
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
This fixes a bug where the exec timeouts are not respected with
containerd
Exec prober expects a utilexec.CodeExitError on failed probes, otherwise
the prober returns 'Unknown' and a non-nil error which the kubelet throws
away. As a temporary fix, ExecSync as part of the CRI remote runtime
should return utilexec.CodeExitError when the grpc error code is
DeadlineContextExceeded. This ensure the exec prober registers exec
timeouts as real probe failures to the kubelet. We should also add a
TimededError type to k8s.io/utils/exec since it doesn't really make
sense to use CodeExitError for exec time outs.
Signed-off-by: Andrew Sy Kim <kim.andrewsy@gmail.com>
Aborted requests are the ones that were disrupted with http.ErrAbortHandler.
For example, the timeout handler will panic with http.ErrAbortHandler when a response to the client has been already sent
and the timeout elapsed.
Additionally, a new metric requestAbortsTotal was defined to count aborted requests. The new metric allows for aggregation for each group, version, verb, resource, subresource and scope.
without APIServerIdentity enabled, stale apiserver leases won't be GC'ed
and the same for stale storage version entries. In that case the storage
migrator won't operate correctly without manual intervention.
To make sure that the storage version filter can block certain requests until
the storage version updates are completed, and that the apiserver works
properly after the storage version updates are done.
StorageVersions are updated during apiserver bootstrap.
Also add a poststarthook to the aggregator which updates the
StorageVersions via the storageversion.Manager
