Skip to content
Permalink
Browse files

flow-control system

compute flow-distinguisher

config controller

plumbs default-confifuration into post-start-hook

addressing reviews

apiserver flow-control
  • Loading branch information...
yue9944882 committed Aug 9, 2019
1 parent 3eb5b22 commit de55dc6323de7a0db2ea13dd5511d3192e1babff
Showing with 1,129 additions and 226 deletions.
  1. +2 −1 cmd/kube-apiserver/app/BUILD
  2. +37 −36 cmd/kube-apiserver/app/aggregator.go
  3. +16 −2 cmd/kube-apiserver/app/server.go
  4. +1 −1 pkg/apis/flowcontrol/BUILD
  5. +0 −27 pkg/apis/flowcontrol/bootstrap/flowschemas.go
  6. +0 −27 pkg/apis/flowcontrol/bootstrap/prioritylevelconfigurations.go
  7. +42 −0 pkg/apis/flowcontrol/helpers.go
  8. +4 −4 pkg/apis/flowcontrol/types.go
  9. +18 −2 pkg/apis/flowcontrol/v1alpha1/defaults.go
  10. +7 −0 pkg/apis/flowcontrol/v1alpha1/zz_generated.defaults.go
  11. +2 −2 pkg/apis/flowcontrol/validation/validation.go
  12. +2 −2 pkg/apis/flowcontrol/validation/validation_test.go
  13. +26 −0 pkg/apis/flowcontrol/zz_generated.deepcopy.go
  14. +2 −0 pkg/printers/internalversion/BUILD
  15. +88 −0 pkg/printers/internalversion/printers.go
  16. +1 −0 pkg/registry/BUILD
  17. +7 −6 pkg/{apis → registry}/flowcontrol/bootstrap/BUILD
  18. +196 −0 pkg/registry/flowcontrol/bootstrap/default-objects.go
  19. +3 −2 pkg/registry/flowcontrol/flowschema/storage/BUILD
  20. +8 −14 pkg/registry/flowcontrol/flowschema/storage/storage.go
  21. +3 −2 pkg/registry/flowcontrol/prioritylevelconfiguration/storage/BUILD
  22. +8 −14 pkg/registry/flowcontrol/prioritylevelconfiguration/storage/storage.go
  23. +1 −1 pkg/registry/flowcontrol/rest/BUILD
  24. +3 −3 pkg/registry/flowcontrol/rest/storage_flowcontrol.go
  25. +1 −0 staging/src/k8s.io/api/flowcontrol/v1alpha1/BUILD
  26. +67 −0 staging/src/k8s.io/api/flowcontrol/v1alpha1/helpers.go
  27. +13 −2 staging/src/k8s.io/api/flowcontrol/v1alpha1/types.go
  28. +2 −2 staging/src/k8s.io/api/flowcontrol/v1alpha1/types_swagger_doc_generated.go
  29. +26 −0 staging/src/k8s.io/api/flowcontrol/v1alpha1/zz_generated.deepcopy.go
  30. +2 −1 staging/src/k8s.io/apiserver/pkg/server/config.go
  31. +4 −3 staging/src/k8s.io/apiserver/pkg/server/filters/reqmgmt.go
  32. +1 −1 staging/src/k8s.io/apiserver/pkg/server/options/BUILD
  33. +8 −2 staging/src/k8s.io/apiserver/pkg/server/options/recommended.go
  34. +11 −2 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/BUILD
  35. +1 −0 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/BUILD
  36. +46 −0 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/no-restraint.go
  37. +258 −0 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/reqmgmt-config.go
  38. +112 −67 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/reqmgmt.go
  39. +100 −0 staging/src/k8s.io/apiserver/pkg/util/flowcontrol/rule.go
@@ -27,6 +27,7 @@ go_library(
"//pkg/master/reconcilers:go_default_library",
"//pkg/master/tunneler:go_default_library",
"//pkg/registry/cachesize:go_default_library",
"//pkg/registry/flowcontrol/bootstrap:go_default_library",
"//pkg/registry/rbac/rest:go_default_library",
"//pkg/serviceaccount:go_default_library",
"//pkg/util/flag:go_default_library",
@@ -41,7 +42,6 @@ go_library(
"//staging/src/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/clock:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/errors:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/net:go_default_library",
"//staging/src/k8s.io/apimachinery/pkg/util/sets:go_default_library",
@@ -59,6 +59,7 @@ go_library(
"//staging/src/k8s.io/apiserver/pkg/storage/etcd3/preflight:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/feature:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flowcontrol:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/term:go_default_library",
"//staging/src/k8s.io/apiserver/pkg/util/webhook:go_default_library",
"//staging/src/k8s.io/client-go/informers:go_default_library",
@@ -244,42 +244,43 @@ var apiVersionPriorities = map[schema.GroupVersion]priority{
// can reasonably expect seems questionable.
{Group: "extensions", Version: "v1beta1"}: {group: 17900, version: 1},
// to my knowledge, nothing below here collides
{Group: "apps", Version: "v1beta1"}: {group: 17800, version: 1},
{Group: "apps", Version: "v1beta2"}: {group: 17800, version: 9},
{Group: "apps", Version: "v1"}: {group: 17800, version: 15},
{Group: "events.k8s.io", Version: "v1beta1"}: {group: 17750, version: 5},
{Group: "authentication.k8s.io", Version: "v1"}: {group: 17700, version: 15},
{Group: "authentication.k8s.io", Version: "v1beta1"}: {group: 17700, version: 9},
{Group: "authorization.k8s.io", Version: "v1"}: {group: 17600, version: 15},
{Group: "authorization.k8s.io", Version: "v1beta1"}: {group: 17600, version: 9},
{Group: "autoscaling", Version: "v1"}: {group: 17500, version: 15},
{Group: "autoscaling", Version: "v2beta1"}: {group: 17500, version: 9},
{Group: "autoscaling", Version: "v2beta2"}: {group: 17500, version: 1},
{Group: "batch", Version: "v1"}: {group: 17400, version: 15},
{Group: "batch", Version: "v1beta1"}: {group: 17400, version: 9},
{Group: "batch", Version: "v2alpha1"}: {group: 17400, version: 9},
{Group: "certificates.k8s.io", Version: "v1beta1"}: {group: 17300, version: 9},
{Group: "networking.k8s.io", Version: "v1"}: {group: 17200, version: 15},
{Group: "networking.k8s.io", Version: "v1beta1"}: {group: 17200, version: 9},
{Group: "policy", Version: "v1beta1"}: {group: 17100, version: 9},
{Group: "rbac.authorization.k8s.io", Version: "v1"}: {group: 17000, version: 15},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1"}: {group: 17000, version: 12},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1"}: {group: 17000, version: 9},
{Group: "settings.k8s.io", Version: "v1alpha1"}: {group: 16900, version: 9},
{Group: "storage.k8s.io", Version: "v1"}: {group: 16800, version: 15},
{Group: "storage.k8s.io", Version: "v1beta1"}: {group: 16800, version: 9},
{Group: "storage.k8s.io", Version: "v1alpha1"}: {group: 16800, version: 1},
{Group: "apiextensions.k8s.io", Version: "v1beta1"}: {group: 16700, version: 9},
{Group: "admissionregistration.k8s.io", Version: "v1"}: {group: 16700, version: 15},
{Group: "admissionregistration.k8s.io", Version: "v1beta1"}: {group: 16700, version: 12},
{Group: "scheduling.k8s.io", Version: "v1"}: {group: 16600, version: 15},
{Group: "scheduling.k8s.io", Version: "v1beta1"}: {group: 16600, version: 12},
{Group: "scheduling.k8s.io", Version: "v1alpha1"}: {group: 16600, version: 9},
{Group: "coordination.k8s.io", Version: "v1"}: {group: 16500, version: 15},
{Group: "coordination.k8s.io", Version: "v1beta1"}: {group: 16500, version: 9},
{Group: "auditregistration.k8s.io", Version: "v1alpha1"}: {group: 16400, version: 1},
{Group: "node.k8s.io", Version: "v1alpha1"}: {group: 16300, version: 1},
{Group: "node.k8s.io", Version: "v1beta1"}: {group: 16300, version: 9},
{Group: "apps", Version: "v1beta1"}: {group: 17800, version: 1},
{Group: "apps", Version: "v1beta2"}: {group: 17800, version: 9},
{Group: "apps", Version: "v1"}: {group: 17800, version: 15},
{Group: "events.k8s.io", Version: "v1beta1"}: {group: 17750, version: 5},
{Group: "authentication.k8s.io", Version: "v1"}: {group: 17700, version: 15},
{Group: "authentication.k8s.io", Version: "v1beta1"}: {group: 17700, version: 9},
{Group: "authorization.k8s.io", Version: "v1"}: {group: 17600, version: 15},
{Group: "authorization.k8s.io", Version: "v1beta1"}: {group: 17600, version: 9},
{Group: "autoscaling", Version: "v1"}: {group: 17500, version: 15},
{Group: "autoscaling", Version: "v2beta1"}: {group: 17500, version: 9},
{Group: "autoscaling", Version: "v2beta2"}: {group: 17500, version: 1},
{Group: "batch", Version: "v1"}: {group: 17400, version: 15},
{Group: "batch", Version: "v1beta1"}: {group: 17400, version: 9},
{Group: "batch", Version: "v2alpha1"}: {group: 17400, version: 9},
{Group: "certificates.k8s.io", Version: "v1beta1"}: {group: 17300, version: 9},
{Group: "networking.k8s.io", Version: "v1"}: {group: 17200, version: 15},
{Group: "networking.k8s.io", Version: "v1beta1"}: {group: 17200, version: 9},
{Group: "policy", Version: "v1beta1"}: {group: 17100, version: 9},
{Group: "rbac.authorization.k8s.io", Version: "v1"}: {group: 17000, version: 15},
{Group: "rbac.authorization.k8s.io", Version: "v1beta1"}: {group: 17000, version: 12},
{Group: "rbac.authorization.k8s.io", Version: "v1alpha1"}: {group: 17000, version: 9},
{Group: "settings.k8s.io", Version: "v1alpha1"}: {group: 16900, version: 9},
{Group: "storage.k8s.io", Version: "v1"}: {group: 16800, version: 15},
{Group: "storage.k8s.io", Version: "v1beta1"}: {group: 16800, version: 9},
{Group: "storage.k8s.io", Version: "v1alpha1"}: {group: 16800, version: 1},
{Group: "apiextensions.k8s.io", Version: "v1beta1"}: {group: 16700, version: 9},
{Group: "admissionregistration.k8s.io", Version: "v1"}: {group: 16700, version: 15},
{Group: "admissionregistration.k8s.io", Version: "v1beta1"}: {group: 16700, version: 12},
{Group: "scheduling.k8s.io", Version: "v1"}: {group: 16600, version: 15},
{Group: "scheduling.k8s.io", Version: "v1beta1"}: {group: 16600, version: 12},
{Group: "scheduling.k8s.io", Version: "v1alpha1"}: {group: 16600, version: 9},
{Group: "coordination.k8s.io", Version: "v1"}: {group: 16500, version: 15},
{Group: "coordination.k8s.io", Version: "v1beta1"}: {group: 16500, version: 9},
{Group: "auditregistration.k8s.io", Version: "v1alpha1"}: {group: 16400, version: 1},
{Group: "node.k8s.io", Version: "v1alpha1"}: {group: 16300, version: 1},
{Group: "node.k8s.io", Version: "v1beta1"}: {group: 16300, version: 9},
{Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1"}: {group: 16200, version: 1},
// Append a new group to the end of the list if unsure.
// You can use min(existing group)-100 as the initial value for a group.
// Version can be set to 9 (to have space around) for a new group.
@@ -36,7 +36,6 @@ import (

extensionsapiserver "k8s.io/apiextensions-apiserver/pkg/apiserver"
v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/clock"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
utilnet "k8s.io/apimachinery/pkg/util/net"
"k8s.io/apimachinery/pkg/util/sets"
@@ -53,6 +52,7 @@ import (
"k8s.io/apiserver/pkg/storage/etcd3/preflight"
utilfeature "k8s.io/apiserver/pkg/util/feature"
utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol"
"k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing"
"k8s.io/apiserver/pkg/util/term"
"k8s.io/apiserver/pkg/util/webhook"
clientgoinformers "k8s.io/client-go/informers"
@@ -80,6 +80,7 @@ import (
"k8s.io/kubernetes/pkg/master/reconcilers"
"k8s.io/kubernetes/pkg/master/tunneler"
"k8s.io/kubernetes/pkg/registry/cachesize"
flowcontrolbootstrap "k8s.io/kubernetes/pkg/registry/flowcontrol/bootstrap"
rbacrest "k8s.io/kubernetes/pkg/registry/rbac/rest"
"k8s.io/kubernetes/pkg/serviceaccount"
utilflag "k8s.io/kubernetes/pkg/util/flag"
@@ -499,7 +500,7 @@ func buildGenericConfig(
}

if utilfeature.DefaultFeatureGate.Enabled(genericfeatures.RequestManagement) {
genericConfig.RequestManagement = utilflowcontrol.NewRequestManagementSystem(versionedInformers, genericConfig.MaxRequestsInFlight+genericConfig.MaxMutatingRequestsInFlight, genericConfig.RequestTimeout/4, clock.RealClock{})
genericConfig.RequestManagement = BuildRequestManagement(s, clientgoExternalClient, versionedInformers)
}

return
@@ -529,6 +530,19 @@ func BuildAuthorizer(s *options.ServerRunOptions, versionedInformers clientgoinf
return authorizationConfig.New()
}

// BuildAuthenticator constructs the authenticator
func BuildRequestManagement(s *options.ServerRunOptions, extclient clientgoclientset.Interface, versionedInformer clientgoinformers.SharedInformerFactory) utilflowcontrol.Interface {
return utilflowcontrol.NewRequestManagementSystemWithPreservation(
versionedInformer,
extclient.FlowcontrolV1alpha1(),
fairqueuing.NewNoRestraintFactory( /* TODO: switch to real implementation */ ),
s.GenericServerRunOptions.MaxRequestsInFlight+s.GenericServerRunOptions.MaxMutatingRequestsInFlight,
s.GenericServerRunOptions.RequestTimeout/4,
flowcontrolbootstrap.PreservingFlowSchemas,
flowcontrolbootstrap.PreservingPriorityLevelConfigurations,
)
}

// completedServerRunOptions is a private wrapper that enforces a call of Complete() before Run can be invoked.
type completedServerRunOptions struct {
*options.ServerRunOptions
@@ -4,6 +4,7 @@ go_library(
name = "go_default_library",
srcs = [
"doc.go",
"helpers.go",
"register.go",
"types.go",
"zz_generated.deepcopy.go",
@@ -29,7 +30,6 @@ filegroup(
name = "all-srcs",
srcs = [
":package-srcs",
"//pkg/apis/flowcontrol/bootstrap:all-srcs",
"//pkg/apis/flowcontrol/install:all-srcs",
"//pkg/apis/flowcontrol/v1alpha1:all-srcs",
"//pkg/apis/flowcontrol/validation:all-srcs",

This file was deleted.

This file was deleted.

@@ -0,0 +1,42 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package flowcontrol

import "sort"

var _ sort.Interface = FlowSchemaSequence{}

// FlowSchemaSequence holds sorted set of pointers to FlowSchema objects.
// FlowSchemaSequence implements `sort.Interface`
type FlowSchemaSequence []*FlowSchema

func (s FlowSchemaSequence) Len() int {
return len(s)
}

func (s FlowSchemaSequence) Less(i, j int) bool {
// the flow-schema w/ lower matching-precedence is prior
if ip, jp := s[i].Spec.MatchingPrecedence, s[j].Spec.MatchingPrecedence; ip != jp {
return ip < jp
}
// sort alphabetically
return s[i].Name < s[j].Name
}

func (s FlowSchemaSequence) Swap(i, j int) {
s[i], s[j] = s[j], s[i]
}
@@ -46,8 +46,8 @@ const (

// System preset priority level names
const (
PriorityLevelConfigurationNameSystemTop = "system-top"
PriorityLevelConfigurationNameWorkloadLow = "workload-low"
PriorityLevelConfigurationNameExempt = "exempt"
PriorityLevelConfigurationNameDefault = "default"
)

// Default settings for flow-schema
@@ -262,15 +262,15 @@ type PriorityLevelConfigurationCondition struct {
// Subject matches a set of users.
// Syntactically, Subject is a general API object reference.
// Authorization produces a username and a set of groups, and we imagine special kinds of non-namespaced objects,
// User and Group in API group "rbac.authorization.k8s.io", to represent such a username or group.
// User and Group in API group "flowcontrol.apiserver.k8s.io", to represent such a username or group.
// The only kind of true object reference that currently will match any users is ServiceAccount.
type Subject struct {
// `kind` of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
// If the kind value is not recognized, the flow-control layer in api-server should report an error.
Kind string
// `apiGroup` holds the API group of the referenced subject.
// Defaults to "" for ServiceAccount subjects.
// Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
// Defaults to "flowcontrol.apiserver.k8s.io" for User and Group subjects.
// +optional
APIGroup string
// `name` of the object being referenced.
@@ -30,7 +30,23 @@ func SetDefaults_FlowSchema(obj *v1alpha1.FlowSchema) {

// SetDefaults_FlowSchema sets default values for flow schema
func SetDefaults_PriorityLevelConfiguration(obj *v1alpha1.PriorityLevelConfiguration) {
if obj.Spec.HandSize == 0 {
obj.Spec.HandSize = flowcontrol.PriorityLevelConfigurationDefaultHandSize
if !obj.Spec.Exempt {
if obj.Spec.HandSize == 0 {
obj.Spec.HandSize = flowcontrol.PriorityLevelConfigurationDefaultHandSize
}
}
}

// SetDefaults_Subject defaults fields for subject
func SetDefaults_Subject(obj *v1alpha1.Subject) {
if len(obj.APIGroup) == 0 {
switch obj.Kind {
case v1alpha1.ServiceAccountKind:
// do nothing
case v1alpha1.UserKind:
obj.APIGroup = GroupName
case v1alpha1.GroupKind:
obj.APIGroup = GroupName
}
}
}

Some generated files are not rendered by default. Learn more.

@@ -204,10 +204,10 @@ func ValidatePriorityLevelConfiguration(pl *flowcontrol.PriorityLevelConfigurati

func ValidatePriorityLevelConfigurationSpec(spec *flowcontrol.PriorityLevelConfigurationSpec, name string, fldPath *field.Path) field.ErrorList {
var allErrs field.ErrorList
if name != flowcontrol.PriorityLevelConfigurationNameSystemTop && spec.Exempt {
if name != flowcontrol.PriorityLevelConfigurationNameExempt && spec.Exempt {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("exempt"), "must not be exempt"))
}
if name != flowcontrol.PriorityLevelConfigurationNameWorkloadLow && spec.GlobalDefault {
if name != flowcontrol.PriorityLevelConfigurationNameDefault && spec.GlobalDefault {
allErrs = append(allErrs, field.Forbidden(fldPath.Child("globalDefault"), "must not be global default"))
}
if !spec.Exempt {
@@ -416,7 +416,7 @@ func TestPriorityLevelConfigurationValidation(t *testing.T) {
name: "system top priority level w/ global-default should work",
priorityLevelConfiguration: &flowcontrol.PriorityLevelConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: flowcontrol.PriorityLevelConfigurationNameWorkloadLow,
Name: flowcontrol.PriorityLevelConfigurationNameDefault,
},
Spec: flowcontrol.PriorityLevelConfigurationSpec{
GlobalDefault: true,
@@ -448,7 +448,7 @@ func TestPriorityLevelConfigurationValidation(t *testing.T) {
name: "system low priority level w/ exempt should work",
priorityLevelConfiguration: &flowcontrol.PriorityLevelConfiguration{
ObjectMeta: metav1.ObjectMeta{
Name: flowcontrol.PriorityLevelConfigurationNameSystemTop,
Name: flowcontrol.PriorityLevelConfigurationNameExempt,
},
Spec: flowcontrol.PriorityLevelConfigurationSpec{
GlobalDefault: false,

0 comments on commit de55dc6

Please sign in to comment.
You can’t perform that action at this time.