New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use admission.Handler readyFunc for CEL Admission plugin #113758
use admission.Handler readyFunc for CEL Admission plugin #113758
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alexzielenski The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@@ -460,6 +468,38 @@ func must3[T any, I any](val T, _ I, err error) T { | |||
// Functionality Tests | |||
//////////////////////////////////////////////////////////////////////////////// | |||
|
|||
func TestPluginNotReady(t *testing.T) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this test takes 10s to complete due to:
kubernetes/staging/src/k8s.io/apiserver/pkg/admission/handler.go
Lines 26 to 28 in 76b4699
// timeToWaitForReady is the amount of time to wait to let an admission controller to be ready to satisfy a request. | |
// this is useful when admission controllers need to warm their caches before letting requests through. | |
timeToWaitForReady = 10 * time.Second |
I'm not sure if it is best to include it or selectively enable it, etc. Or is it ok because it is run in parallel with many others?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You could create a new timeout
field in handler that defaults to timeToWaitForReady
, and a new method SetTimeout()
to override it from tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree that is probably ideal. I was hoping to keep the change as low impact as possible due to code freeze/approvals. I wonder if that is something the release managers might allow to go in past code freeze?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is ok to update with suggested fix if you like since it is considered as a fix plus reviewed/approved before code freeze.
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/admission.go
Outdated
Show resolved
Hide resolved
67afae6
to
7796933
Compare
The code changes in admission.go lgtm. Would love to have someone else confirm with the test time |
I would consider this a bug found from integration tests in #113738 -- logging V=0 on every requests is too verbose. Also tagging v1.26 since this PR had approval yesterday. The test fix is probably fine as a follow-up before test freeze (or a tracking issue at the very least). /kind bug |
/lgtm |
/hold The CI failure looks legitimate |
is what other plugins do, and should decrease verbosity in logs
7796933
to
50d68b9
Compare
@andrewsykim this pr conflicted with the other I had that merged. rebased and fixed test again. PTAL |
50d68b9
to
f6dd28d
Compare
f6dd28d
to
97a6650
Compare
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/admission_test.go
Outdated
Show resolved
Hide resolved
I might be missing something, but it seemed like the test just timed out, unrelated to other change
|
It's related. There is a log not included in your post To solve that, I changed |
97a6650
to
acf571f
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/hold cancel |
/triage accepted |
What type of PR is this?
/kind cleanup
What this PR does / why we need it:
This replaces a usage of cache.WaitForNamedCacheSync with the standard readyfunc seen in other admission plugins. The old usage was very verbose in logs and would log two unnecessary messages shown for every object create/update/delete
This is for the CEL ValidatingAdmissionPolicy plugin about to become alpha in 1.26.
Which issue(s) this PR fixes:
Special notes for your reviewer:
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:
/cc @andrewsykim @cici37 @jpbetz