apiserver aggregation redirect rejection incorrectly fails on 304 Not Modified
responses
#112524
Labels
area/apiserver
kind/bug
Categorizes issue or PR as related to a bug.
kind/regression
Categorizes issue or PR as related to a regression from a prior release.
priority/critical-urgent
Highest priority. Must be actively worked on as someone's top priority right now.
sig/api-machinery
Categorizes an issue or PR as relevant to SIG API Machinery.
triage/accepted
Indicates an issue or PR is ready to be actively worked on.
What happened?
Upgraded from Kubernetes v1.25.0 to v1.25.1. Standard metrics-server deployment now causes the following message to appear in the kube-apiserver logs on a recurring basis:
Adding a quick hack debug Infof print shows:
I0917 00:46:32.431308 53 upgradeaware.go:267] Request for https://10.42.0.6:10250/openapi/v2 (&http.Request{Method:"GET", URL:(*url.URL)(0xc00577bef0), Proto:"HTTP/1.1", ProtoMajor:1, ProtoMinor:1, Header:http.Header{"Accept":[]string{"application/json"}, "If-None-Match":[]string{"\"5C20AA8E3041C498FF6A7840B92F71F052BF64D5A4BF31E879A160C22C31BE4BF0289546AEB9EB605F96DF72AEAB19257C2636A7DF2C16DFF9A75BF89EEF3942\""}, "User-Agent":[]string{""}, "X-Forwarded-Host":[]string{"10.42.0.6:10250"}, "X-Forwarded-Proto":[]string{"https"}, "X-Forwarded-Uri":[]string{"/openapi/v2"}, "X-Remote-User":[]string{"system:aggregator"}}, Body:io.ReadCloser(nil), GetBody:(func() (io.ReadCloser, error))(nil), ContentLength:0, TransferEncoding:[]string(nil), Close:false, Host:"10.42.0.6:10250", Form:url.Values(nil), PostForm:url.Values(nil), MultipartForm:(*multipart.Form)(nil), Trailer:http.Header(nil), RemoteAddr:"", RequestURI:"", TLS:(*tls.ConnectionState)(nil), Cancel:(<-chan struct {})(nil), Response:(*http.Response)(nil), ctx:(*context.valueCtx)(0xc013832ba0)}) was redirected with code 304
It appears that the apiserver is sending an If-None-Match cache control header when refreshing the openapi spec, and the metrics-server service is correctly responding with a 304 Not Modified.
What did you expect to happen?
No errors logged; proper refresh of OpenAPI specs
How can we reproduce it (as minimally and precisely as possible)?
Deploy metrics-server, or any other service that uses apiserver aggregation and honors caching headers such as
If-None-Match
, to a Kubernetes 1.25.1 cluster.Anything else we need to know?
#112193 made bad assumptions; not all HTTP 3XX responses are redirects. It should probably only reject the response if it is 300-399 AND the
location
header is set.Kubernetes version
Cloud provider
none
OS version
Install tools
k3s
Container runtime (CRI) and version (if applicable)
containerd
Related plugins (CNI, CSI, ...) and versions (if applicable)
flannel
The text was updated successfully, but these errors were encountered: