Skip to content

Commit

Permalink
UPSTREAM: <carry>: annotate audit events for requests during unready …
Browse files Browse the repository at this point in the history
…phase and graceful termination phase

OpenShift-Rebase-Source: 9f6dcf3
  • Loading branch information
deads2k authored and sanchezl committed Jan 5, 2023
1 parent 122f74e commit 97c75d3
Showing 1 changed file with 6 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ limitations under the License.
package server

import (
"fmt"
"net"
"net/http"
"strings"
Expand All @@ -26,6 +27,7 @@ import (
"go.uber.org/atomic"

corev1 "k8s.io/api/core/v1"
"k8s.io/apiserver/pkg/audit"
"k8s.io/klog/v2"
netutils "k8s.io/utils/net"
)
Expand Down Expand Up @@ -80,8 +82,10 @@ func WithLateConnectionFilter(handler http.Handler) http.Handler {
if late {
if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" {
if isLocal(r) {
audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host))
klog.V(4).Infof("Loopback request to %q (user agent %q) through connection created very late in the graceful termination process (more than 80%% has passed). This client probably does not watch /readyz and might get failures when termination is over.", r.URL.Path, r.UserAgent())
} else {
audit.AddAuditAnnotation(r.Context(), "openshift.io/during-graceful", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host))
klog.Warningf("Request to %q (source IP %s, user agent %q) through a connection created very late in the graceful termination process (more than 80%% has passed), possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent())

// create only one event to avoid event spam.
Expand Down Expand Up @@ -118,9 +122,11 @@ func WithNonReadyRequestLogging(handler http.Handler, hasBeenReadySignal lifecyc
if pth := "/" + strings.TrimLeft(r.URL.Path, "/"); pth != "/readyz" && pth != "/healthz" && pth != "/livez" {
if isLocal(r) {
if !isKubeApiserverLoopBack(r) {
audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=true,%v,readyz=false", r.URL.Host))
klog.V(2).Infof("Loopback request to %q (user agent %q) before server is ready. This client probably does not watch /readyz and might get inconsistent answers.", r.URL.Path, r.UserAgent())
}
} else {
audit.AddAuditAnnotation(r.Context(), "openshift.io/unready", fmt.Sprintf("loopback=false,%v,readyz=false", r.URL.Host))
klog.Warningf("Request to %q (source IP %s, user agent %q) before server is ready, possibly a sign for a broken load balancer setup.", r.URL.Path, r.RemoteAddr, r.UserAgent())

// create only one event to avoid event spam.
Expand Down

0 comments on commit 97c75d3

Please sign in to comment.