Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add flagz endpoint for apiserver #127581

Merged
merged 1 commit into from
Nov 8, 2024
Merged

Add flagz endpoint for apiserver #127581

merged 1 commit into from
Nov 8, 2024

Conversation

richabanker
Copy link
Contributor

@richabanker richabanker commented Sep 24, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds a /flagz endpoint for kube-apiserver

Which issue(s) this PR fixes:

kubernetes/enhancements#4828

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Adds a /flagz endpoint for kube-apiserver endpoint

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Snippet of response returned by

curl -k --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key https://localhost:6443/flagz 

kube-apiserver flags
Warning: This endpoint is not meant to be machine parseable, has no formatting compatibility guarantees and is for debugging purposes only.

advertise-address=192.168.8.2
contention-profiling=false
enable-priority-and-fairness=true
profiling=true
authorization-mode=[Node,RBAC]
authorization-webhook-cache-authorized-ttl=5m0s
authorization-webhook-cache-unauthorized-ttl=30s
authorization-webhook-version=v1beta1
default-watch-cache-size=100
delete-collection-workers=1
enable-garbage-collector=true
encryption-provider-config-automatic-reload=false
etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
etcd-compaction-interval=5m0s
etcd-count-metric-poll-period=1m0s
etcd-db-metric-poll-interval=30s
etcd-healthcheck-timeout=2s
etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
etcd-prefix=/registry
etcd-readycheck-timeout=2s
etcd-servers=[https://127.0.0.1:2379]
lease-reuse-duration-seconds=60
storage-media-type=application/vnd.kubernetes.protobuf
watch-cache=true

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Sep 24, 2024
@k8s-ci-robot k8s-ci-robot added area/apiserver sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Sep 24, 2024
@richabanker richabanker force-pushed the flagz-apiserver branch 4 times, most recently from 1de51ac to e67c926 Compare September 24, 2024 01:45
@k8s-ci-robot k8s-ci-robot added area/dependency Issues or PRs related to dependency changes area/kube-proxy area/kubectl area/kubelet sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Sep 24, 2024
@richabanker
Copy link
Contributor Author

/remove-sig cli
/remove-sig network
/remove-sig node

/remove-area kubelet
/remove-area kube-proxy
/remove-area kubectl

@k8s-ci-robot k8s-ci-robot removed sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. labels Sep 24, 2024
@sttts
Copy link
Contributor

sttts commented Nov 7, 2024

It's very likely o.OIDC.areFlagsConfigured. That func is bound to the fs argument of the AddFlags method. And because this PR calls opts.Flags() another time, areFlagsConfigured is wrong. So it is not this PR that is wrong, but it just uncovers the hack in AddFlags, mutating the receiver, which is should not do.

@richabanker richabanker mentioned this pull request Nov 7, 2024
Merged
@richabanker
Copy link
Contributor Author

richabanker commented Nov 7, 2024
edited
Loading

It's very likely o.OIDC.areFlagsConfigured. That func is bound to the fs argument of the AddFlags method. And because this PR calls opts.Flags() another time, areFlagsConfigured is wrong. So it is not this PR that is wrong, but it just uncovers the hack in AddFlags, mutating the receiver, which is should not do.

Created #128674 for a partial fix for the OIDC flags. With this, the TestOIDC test was passing with the flagz changes.

@liggitt
Copy link
Member

liggitt commented Nov 7, 2024

/approve

@liggitt liggitt added this to the v1.32 milestone Nov 7, 2024
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 7, 2024
@richabanker
Copy link
Contributor Author

/test pull-kubernetes-integration

@dgrisonnet
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 7, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 6e30f852399771f58bb2d52a175af52a481e9759

@richabanker
Copy link
Contributor Author

/hold
until #125577 merges

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 8, 2024
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Nov 8, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet, liggitt, richabanker, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@dgrisonnet
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 8, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: aae9d3dcdd951de2a40b516d01d8c7621e5c6f2c

@richabanker
Copy link
Contributor Author

/unhold
since #125577 is now merged

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 8, 2024
@wendy-ha18
Copy link
Member

Hi @richabanker @dgrisonnet
Appreciate all of your efforts with this PR!!
A gentle reminder that the code freeze has started 02:00 UTC Friday November 8th 2024 . Please make sure this has both lgtm and approved labels ASAP, and file an Exception.

@richabanker
Copy link
Contributor Author

richabanker commented Nov 8, 2024
edited
Loading

@wendy-ha18 lgtm label was added an hour ago, and the approve tag was added much before. Do I still need to file an exception?

@wendy-ha18
Copy link
Member

Hi @richabanker, IOM no you don't need to file Exception. I saw this PR in merging queue are now with a milestone. PR can be merged with milestone after code freeze.

@k8s-ci-robot k8s-ci-robot merged commit 4d91d50 into kubernetes:master Nov 8, 2024
16 checks passed
@richabanker richabanker deleted the flagz-apiserver branch November 8, 2024 17:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Jefftree Jefftree Jefftree left review comments

@liggitt liggitt liggitt left review comments

@jpbetz jpbetz jpbetz left review comments

@enj enj Awaiting requested review from enj

@johnbelamaric johnbelamaric Awaiting requested review from johnbelamaric

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@dashpole dashpole Awaiting requested review from dashpole

@dgrisonnet dgrisonnet Awaiting requested review from dgrisonnet

@sttts sttts Awaiting requested review from sttts

Assignees

@sttts sttts

@dgrisonnet dgrisonnet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/architecture Categorizes an issue or PR as relevant to SIG Architecture. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Apps
Status: Done
SIG Auth
Status: Closed / Done
SIG CLI
Status: Done
SIG Node CI/Test Board
Status: Done
SIG Node: code and documentation PRs
Status: Done
[sig-release] Bug Triage
Status: Done
Milestone
v1.32
Development

Successfully merging this pull request may close these issues.
9 participants
@richabanker @dgrisonnet @k8s-triage-robot @liggitt @sttts @k8s-ci-robot @wendy-ha18 @jpbetz @Jefftree