jsonDataLimit#4055

[cr22rc]

Signed-off-by: rickr cr22rc@users.noreply.github.com

Fixes #

see #4055

Proposed Changes

Provide configmap with jsonData max bytes enforce in validating webhook.

By default jsonData max bytes is 4096 bytes.

[knative-test-reporter-robot]

The following jobs failed:

Test name	Triggers	Retries
pull-knative-eventing-upgrade-tests	2020-10-06 21:34:13.445 +0000 UTC	1/3

Automatically retrying due to test flakiness...
/test pull-knative-eventing-upgrade-tests

[lionelvillard]

why is this needed?

[cr22rc]

It generates the deepcopy for store. Model pattern as channel store

[lionelvillard]

This is quite confusing. For channel it's different because the config and the spec are the same. That's not the case for PingSource. I would remove this and just use PingDefaults. WDYT?

[cr22rc]

I'll investigate that. Currently, preoccupied with something else will get back ASAP. Thanks

[lionelvillard]

can we move all files in this package into apis/source/config?

[matzew]

yeah +1 on relocating all of those

[cr22rc]

What if we have future sources with a config? The thought behind doing this was to allow pkg/apis/sources/config/somenewsource/... ?

[lionelvillard]

flattening does not prevent adding defaults for other sources, does it?

[cr22rc]

Probably not. And I'll go ahead and do this change. I'm on the record :) that keeping them separate while maybe not necessary would be cleaner IMO

[zhongduo]

Example part should be put under _example: |, see example here:

eventing/config/core/configmaps/observability.yaml

Line 27 in 5deb379

_example: |

[cr22rc]

I think the confusion was I copied the example comment block. I'm now following what was done with default-broker.yaml, default-broker-channel.yaml, and default-channel.yaml

[zhongduo]

Do you need to handle nil?

[cr22rc]

no present on a nil map comes back as false.

[matzew]

I'd rather pick a different name. Almost all CMs in evneting start with config- - except for default-ch-webhook, unfortunately

[cr22rc]

@matzew Ok I followed that. Given the importance of this conformance can you open a issue for this?

[cr22rc]

I've reconsidered. I think the confusion was I copied the example comment block. I'm now following what was done with default-broker.yaml, default-broker-channel.yaml, and default-channel.yaml

[codecov]

Codecov Report

Merging #4233 (9244b69) into master (d8468ca) will increase coverage by 0.04%.
The diff coverage is 100.00%.

@@            Coverage Diff             @@
##           master    #4233      +/-   ##
==========================================
+ Coverage   81.35%   81.39%   +0.04%     
==========================================
  Files         292      292              
  Lines        8322     8341      +19     
==========================================
+ Hits         6770     6789      +19     
  Misses       1144     1144              
  Partials      408      408              

Impacted Files	Coverage Δ
pkg/apis/sources/v1alpha2/ping_validation.go	100.00% <100.00%> (ø)
pkg/apis/sources/v1beta1/ping_validation.go	100.00% <100.00%> (ø)
pkg/apis/sources/v1beta2/ping_validation.go	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d8468ca...9244b69. Read the comment docs.

[lgtm-com]

This pull request introduces 1 alert when merging aa94a97 into c3e71f5 - view on LGTM.com

new alerts:

• 1 for Useless assignment to local variable

[knative-metrics-robot]

The following is the coverage report on the affected files.
Say /test pull-knative-eventing-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/apis/sources/v1beta2/ping_validation.go	100.0%	89.2%	-10.8

[cr22rc]

I think I addressed all.
I guess if I can't get it merged .. I'll just close it.

[zhongduo]

@cr22rc is there a use case or existing problem that need this? Generally I think it worth bring it up in the eventing meeting (we happened to discuss this week that we should revisit long living PRs in the meeting). Or a discussion in Slack can also be useful.

[zhongduo]

If we reserve the default to be 0, which means unlimited, we can achieve backward compatibility.

[cr22rc]

I don't think that's good admins can install this not know that user could dump large amount of data into their etcd .. Better for user to get a good message that it's limited and admin can adjust

[zhongduo]

Another concern is that I am not sure if a global configmap is a good option for this. IIUC, this can be per source based right? Did you consider adding it as a ping source attribute? This way each one can have a different setting.

[cr22rc]

We don't want user to create unlimited sized messages. Just ading that to the pingsource does not stop them. In reality the data is not much used since it just static. 4096 probably far exceeds what most user will every put in.

[antoineco]

I see an example checksum, but no _example key in the configmap.

[lionelvillard]

Good point. knative.dev/example-checksum: "6eaeecba" Is not needed here.

[antoineco]

Maybe just declare a variable with that buffer initialized before the tests?

[antoineco]

"Too" takes 2 "O".

[lionelvillard]

Set a limit on a type and I'll create 1000 objects instead of 100.

That's one possible trade-off, with the advantage that it can be directly be implemented by using k8s quotas.

Another trade-off is to limit the CR size, and AFAIK that's not something k8s supports right now, am I right?

[antoineco]

It doesn't indeed, but I still don't understand, why focusing on just the PingSource? It seems to me like a careful Kubernetes admin would limit this globally using either

• an admission controller (link)
• some kind of policy agent

This issue can apply to literally any Kubernetes object: you could create 1.5 MB of annotations, and a ConfigMap would be helpless in preventing that. Even if it wasn't, I doubt anyone would want to go ahead and create one ConfigMap per Kubernetes type (good luck).

Just my 2c, but to me it feels like the wrong place and the wrong way to address such a broad concern and I'm surprised to see this in Knative.

[lionelvillard]

To be clear: this PR is not about limiting the size of CRs, it is about fairness. It's about making sure a tenant does not allocate all available resources. For PingSource, there is a direct link between CR size and fairness, thus this PR.

As for the implementation, I agree it could be generalized but for now it's really only applicable to PingSource.

(and please keep discussing)

[lionelvillard]

/approve

/hold

to address comments.

[knative-prow-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: cr22rc, lionelvillard

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [lionelvillard]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[cr22rc]

Changed so the default for data length is not checked.

[lionelvillard]

/unhold

[lionelvillard]

/lgtm

[lberk]

this change seems to be breaking downstream for us. Particularly having an empty data.ping-config and the eventing-webhook fails to start with

{"level":"fatal","ts":"2021-02-17T07:53:19.466Z","logger":"eventing-webhook.ping-config-store","caller":"configmap/store.go:149","msg":"Error initializing pingdefaults config \"config-ping-webhook\": \"ConfigMap is missing (or empty) key: \\\"ping-config\\\" : map[ping-config:]\"","knative.dev/pod":"eventing-webhook-7c5499d784-tvpgd","stacktrace":"knative.dev/pkg/configmap.(*UntypedStore).OnConfigChanged\n\t/go/src/knative.dev/eventing/vendor/knative.dev/pkg/configmap/store.go:149\nknative.dev/pkg/configmap.(*ManualWatcher).OnChange\n\t/go/src/knative.dev/eventing/vendor/knative.dev/pkg/configmap/manual_watcher.go:72\nknative.dev/pkg/configmap/informer.(*InformedWatcher).addConfigMapEvent\n\t/go/src/knative.dev/eventing/vendor/knative.dev/pkg/configmap/informer/informed_watcher.go:190\nk8s.io/client-go/tools/cache.ResourceEventHandlerFuncs.OnAdd\n\t/go/src/knative.dev/eventing/vendor/k8s.io/client-go/tools/cache/controller.go:227\nk8s.io/client-go/tools/cache.(*processorListener).run.func1\n\t/go/src/knative.dev/eventing/vendor/k8s.io/client-go/tools/cache/shared_informer.go:777\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil.func1\n\t/go/src/knative.dev/eventing/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:155\nk8s.io/apimachinery/pkg/util/wait.BackoffUntil\n\t/go/src/knative.dev/eventing/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:156\nk8s.io/apimachinery/pkg/util/wait.JitterUntil\n\t/go/src/knative.dev/eventing/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:133\nk8s.io/apimachinery/pkg/util/wait.Until\n\t/go/src/knative.dev/eventing/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:90\nk8s.io/client-go/tools/cache.(*processorListener).run\n\t/go/src/knative.dev/eventing/vendor/k8s.io/client-go/tools/cache/shared_informer.go:771\nk8s.io/apimachinery/pkg/util/wait.(*Group).Start.func1\n\t/go/src/knative.dev/eventing/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:73"}

Why is the intermediate field ping-config necessary for a single key/value pair? Could we please follow the example of other configmaps and have a _example entry instead of a blank entry?

[matzew]

@cr22rc Do you think this is a problem for migrations?

[matzew]

I'd vote to revert this, before we cut the release - since it does have issues

[cr22rc]

I think the fix is just to set limit
#4893

[cr22rc]

I'm still not sure how the scenario is that this fails. I doesn't fail locally nor did it on the e2e tests.

[antoineco]

@matzew I'd vote for this as well. Besides, not all PR comments were addressed, including some important ones regarding the ConfigMap itself:

• jsonDataLimit#4055 #4233 (review)
• jsonDataLimit#4055 #4233 (review)

[tayarani]

I would vote we revert this as well. We're getting the same errors as posted by @lberk

[lberk]

I've done my best to address some of the comments and fix this breakage in #4894

That being said, if there are still issues including #4894 I have no problem reverting the entire set of patches before the release.