New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
plumb context with request deadline #96901
Conversation
2d63de1
to
edadcb2
Compare
/retest |
edadcb2
to
1b45da0
Compare
/retest |
1b45da0
to
cc9ac1f
Compare
cc9ac1f
to
7804351
Compare
return errorHandler | ||
} | ||
|
||
return http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this above handler has been copied from https://github.com/kubernetes/kubernetes/blob/master/staging/src/k8s.io/apiserver/pkg/endpoints/filters/authn_audit.go#L35-L58 and made reusable, any server filter that appears before the audit filter can use it to audit a failed request.
If this looks good then I am happy to open a follow up PR to replace authn_audit.go.
/assign @liggitt @sttts @deads2k @smarterclayton |
t.handler.ServeHTTP(w, r) | ||
return | ||
} | ||
|
||
timeout := r.Context().Done() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: timeoutCh
@@ -76,7 +73,7 @@ func createHandler(r rest.NamedCreater, scope *RequestScope, admit admission.Int | |||
} | |||
} | |||
|
|||
ctx, cancel := context.WithTimeout(req.Context(), timeout) | |||
ctx, cancel := context.WithTimeout(req.Context(), requestTimeout) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this needs explanation. Why is it good to put a 34s here now?
581d1f4
to
6fcd768
Compare
// context with deadline. The go-routine can keep running, while the timeout logic will return a timeout to the client. | ||
handler = genericfilters.WithTimeoutForNonLongRunningRequests(handler, c.LongRunningFunc) | ||
|
||
// WithRequestDeadline sets a deadline for the request context appropriately |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this comment can go
6fcd768
to
5cd6e9b
Compare
- as soon as a request is received by the apiserver, determine the timeout of the request and set a new request context with the deadline. - the timeout filter that times out non-long-running requests should use the request context as opposed to a fixed 60s wait today. - admission and storage layer uses the same request context with the deadline specified. we use the default timeout enforced by the apiserver: - if the user has specified a timeout of 0s, this implies no timeout on the user's part. - if the user has specified a timeout that exceeds the maximum deadline allowed by the apiserver.
5cd6e9b
to
df7a890
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sttts, tkashem The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
What type of PR is this?
/kind bug
What this PR does / why we need it:
plumb context with request deadline: A request deadline is:
60s
is the default if the above is not present.Plumbing:
60s
wait today)This approach is:
We use the default timeout enforced by the apiserver:
If the user specifies an invalid timeout duration specifier in the request URL then the request is failed with HTTP 400 and it is audited.
Does this PR introduce a user-facing change?:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: