mirror of
https://github.com/ceph/ceph-csi.git
synced 2025-06-13 02:33:34 +00:00
rebase: update kubernetes dep to 1.24.0
As kubernetes 1.24.0 is released, updating kubernetes dependencies to 1.24.0 updates: #3086 Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
This commit is contained in:
Madhu Rajanna
committed by
mergify[bot]
mergify[bot]
parent
fc1529f268
commit
c4f79d455f
32
vendor/k8s.io/apiserver/pkg/admission/audit.go
generated
vendored
32
vendor/k8s.io/apiserver/pkg/admission/audit.go
generated
vendored
@ -19,19 +19,13 @@ package admission
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"sync"
|
||||
|
||||
auditinternal "k8s.io/apiserver/pkg/apis/audit"
|
||||
"k8s.io/apiserver/pkg/audit"
|
||||
)
|
||||
|
||||
// auditHandler logs annotations set by other admission handlers
|
||||
type auditHandler struct {
|
||||
Interface
|
||||
// TODO: move the lock near the Annotations field of the audit event so it is always protected from concurrent access.
|
||||
// to protect the 'Annotations' map of the audit event from concurrent writes
|
||||
mutex sync.Mutex
|
||||
ae *auditinternal.Event
|
||||
}
|
||||
|
||||
var _ Interface = &auditHandler{}
|
||||
@ -42,11 +36,11 @@ var _ ValidationInterface = &auditHandler{}
|
||||
// of attribute into the audit event. Attributes passed to the Admit and
|
||||
// Validate function must be instance of privateAnnotationsGetter or
|
||||
// AnnotationsGetter, otherwise an error is returned.
|
||||
func WithAudit(i Interface, ae *auditinternal.Event) Interface {
|
||||
func WithAudit(i Interface) Interface {
|
||||
if i == nil {
|
||||
return i
|
||||
}
|
||||
return &auditHandler{Interface: i, ae: ae}
|
||||
return &auditHandler{Interface: i}
|
||||
}
|
||||
|
||||
func (handler *auditHandler) Admit(ctx context.Context, a Attributes, o ObjectInterfaces) error {
|
||||
@ -59,7 +53,7 @@ func (handler *auditHandler) Admit(ctx context.Context, a Attributes, o ObjectIn
|
||||
var err error
|
||||
if mutator, ok := handler.Interface.(MutationInterface); ok {
|
||||
err = mutator.Admit(ctx, a, o)
|
||||
handler.logAnnotations(a)
|
||||
handler.logAnnotations(ctx, a)
|
||||
}
|
||||
return err
|
||||
}
|
||||
@ -74,7 +68,7 @@ func (handler *auditHandler) Validate(ctx context.Context, a Attributes, o Objec
|
||||
var err error
|
||||
if validator, ok := handler.Interface.(ValidationInterface); ok {
|
||||
err = validator.Validate(ctx, a, o)
|
||||
handler.logAnnotations(a)
|
||||
handler.logAnnotations(ctx, a)
|
||||
}
|
||||
return err
|
||||
}
|
||||
@ -88,23 +82,21 @@ func ensureAnnotationGetter(a Attributes) error {
|
||||
return fmt.Errorf("attributes must be an instance of privateAnnotationsGetter or AnnotationsGetter")
|
||||
}
|
||||
|
||||
func (handler *auditHandler) logAnnotations(a Attributes) {
|
||||
if handler.ae == nil {
|
||||
func (handler *auditHandler) logAnnotations(ctx context.Context, a Attributes) {
|
||||
ae := audit.AuditEventFrom(ctx)
|
||||
if ae == nil {
|
||||
return
|
||||
}
|
||||
handler.mutex.Lock()
|
||||
defer handler.mutex.Unlock()
|
||||
|
||||
var annotations map[string]string
|
||||
switch a := a.(type) {
|
||||
case privateAnnotationsGetter:
|
||||
for key, value := range a.getAnnotations(handler.ae.Level) {
|
||||
audit.LogAnnotation(handler.ae, key, value)
|
||||
}
|
||||
annotations = a.getAnnotations(ae.Level)
|
||||
case AnnotationsGetter:
|
||||
for key, value := range a.GetAnnotations(handler.ae.Level) {
|
||||
audit.LogAnnotation(handler.ae, key, value)
|
||||
}
|
||||
annotations = a.GetAnnotations(ae.Level)
|
||||
default:
|
||||
// this will never happen, because we have already checked it in ensureAnnotationGetter
|
||||
}
|
||||
|
||||
audit.AddAuditAnnotationsMap(ctx, annotations)
|
||||
}
|
||||
|
||||
2
vendor/k8s.io/apiserver/pkg/admission/interfaces.go
generated
vendored
2
vendor/k8s.io/apiserver/pkg/admission/interfaces.go
generated
vendored
@ -52,7 +52,7 @@ type Attributes interface {
|
||||
IsDryRun() bool
|
||||
// GetObject is the object from the incoming request prior to default values being applied
|
||||
GetObject() runtime.Object
|
||||
// GetOldObject is the existing object. Only populated for UPDATE requests.
|
||||
// GetOldObject is the existing object. Only populated for UPDATE and DELETE requests.
|
||||
GetOldObject() runtime.Object
|
||||
// GetKind is the type of object being manipulated. For example: Pod
|
||||
GetKind() schema.GroupVersionKind
|
||||
|
||||
19
vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go
generated
vendored
19
vendor/k8s.io/apiserver/pkg/admission/metrics/metrics.go
generated
vendored
@ -116,6 +116,7 @@ type AdmissionMetrics struct {
|
||||
controller *metricSet
|
||||
webhook *metricSet
|
||||
webhookRejection *metrics.CounterVec
|
||||
webhookFailOpen *metrics.CounterVec
|
||||
webhookRequest *metrics.CounterVec
|
||||
}
|
||||
|
||||
@ -196,6 +197,16 @@ func newAdmissionMetrics() *AdmissionMetrics {
|
||||
},
|
||||
[]string{"name", "type", "operation", "error_type", "rejection_code"})
|
||||
|
||||
webhookFailOpen := metrics.NewCounterVec(
|
||||
&metrics.CounterOpts{
|
||||
Namespace: namespace,
|
||||
Subsystem: subsystem,
|
||||
Name: "webhook_fail_open_count",
|
||||
Help: "Admission webhook fail open count, identified by name and broken out for each admission type (validating or mutating).",
|
||||
StabilityLevel: metrics.ALPHA,
|
||||
},
|
||||
[]string{"name", "type"})
|
||||
|
||||
webhookRequest := metrics.NewCounterVec(
|
||||
&metrics.CounterOpts{
|
||||
Namespace: namespace,
|
||||
@ -210,8 +221,9 @@ func newAdmissionMetrics() *AdmissionMetrics {
|
||||
controller.mustRegister()
|
||||
webhook.mustRegister()
|
||||
legacyregistry.MustRegister(webhookRejection)
|
||||
legacyregistry.MustRegister(webhookFailOpen)
|
||||
legacyregistry.MustRegister(webhookRequest)
|
||||
return &AdmissionMetrics{step: step, controller: controller, webhook: webhook, webhookRejection: webhookRejection, webhookRequest: webhookRequest}
|
||||
return &AdmissionMetrics{step: step, controller: controller, webhook: webhook, webhookRejection: webhookRejection, webhookFailOpen: webhookFailOpen, webhookRequest: webhookRequest}
|
||||
}
|
||||
|
||||
func (m *AdmissionMetrics) reset() {
|
||||
@ -250,6 +262,11 @@ func (m *AdmissionMetrics) ObserveWebhookRejection(ctx context.Context, name, st
|
||||
m.webhookRejection.WithContext(ctx).WithLabelValues(name, stepType, operation, string(errorType), strconv.Itoa(rejectionCode)).Inc()
|
||||
}
|
||||
|
||||
// ObserveWebhookFailOpen records validating or mutating webhook that fail open.
|
||||
func (m *AdmissionMetrics) ObserveWebhookFailOpen(ctx context.Context, name, stepType string) {
|
||||
m.webhookFailOpen.WithContext(ctx).WithLabelValues(name, stepType).Inc()
|
||||
}
|
||||
|
||||
type metricSet struct {
|
||||
latencies *metrics.HistogramVec
|
||||
latenciesSummary *metrics.SummaryVec
|
||||
|
||||
6
vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
generated
vendored
6
vendor/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
generated
vendored
@ -178,7 +178,7 @@ func (a *mutatingDispatcher) Dispatch(ctx context.Context, attr admission.Attrib
|
||||
if callErr, ok := err.(*webhookutil.ErrCallingWebhook); ok {
|
||||
if ignoreClientCallFailures {
|
||||
klog.Warningf("Failed calling webhook, failing open %v: %v", hook.Name, callErr)
|
||||
|
||||
admissionmetrics.Metrics.ObserveWebhookFailOpen(ctx, hook.Name, "admit")
|
||||
annotator.addFailedOpenAnnotation()
|
||||
|
||||
utilruntime.HandleError(callErr)
|
||||
@ -265,9 +265,9 @@ func (a *mutatingDispatcher) callAttrMutatingHook(ctx context.Context, h *admiss
|
||||
}
|
||||
|
||||
do := func() { err = r.Do(ctx).Into(response) }
|
||||
if wd, ok := endpointsrequest.WebhookDurationFrom(ctx); ok {
|
||||
if wd, ok := endpointsrequest.LatencyTrackersFrom(ctx); ok {
|
||||
tmp := do
|
||||
do = func() { wd.AdmitTracker.Track(tmp) }
|
||||
do = func() { wd.MutatingWebhookTracker.Track(tmp) }
|
||||
}
|
||||
do()
|
||||
if err != nil {
|
||||
|
||||
Reference in New Issue
Block a user