Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

use admission.Handler readyFunc for CEL Admission plugin #113758

Merged
merged 2 commits into from Nov 10, 2022
Merged

use admission.Handler readyFunc for CEL Admission plugin #113758

merged 2 commits into from Nov 10, 2022

Conversation

alexzielenski
Copy link
Contributor

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

This replaces a usage of cache.WaitForNamedCacheSync with the standard readyfunc seen in other admission plugins. The old usage was very verbose in logs and would log two unnecessary messages shown for every object create/update/delete

This is for the CEL ValidatingAdmissionPolicy plugin about to become alpha in 1.26.

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

/cc @andrewsykim @cici37 @jpbetz

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 8, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexzielenski

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/apiserver sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. approved Indicates a PR has been approved by an approver from all required OWNERS files. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Nov 8, 2022
alexzielenski
alexzielenski commented Nov 8, 2022
View reviewed changes
staging/src/k8s.io/apiserver/pkg/admission/plugin/cel/admission_test.go
@@ -460,6 +468,38 @@ func must3[T any, I any](val T, _ I, err error) T {
// Functionality Tests
////////////////////////////////////////////////////////////////////////////////

func TestPluginNotReady(t *testing.T) {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this test takes 10s to complete due to:

kubernetes/staging/src/k8s.io/apiserver/pkg/admission/handler.go

Lines 26 to 28 in 76b4699

// timeToWaitForReady is the amount of time to wait to let an admission controller to be ready to satisfy a request.
// this is useful when admission controllers need to warm their caches before letting requests through.
timeToWaitForReady = 10 * time.Second

I'm not sure if it is best to include it or selectively enable it, etc. Or is it ok because it is run in parallel with many others?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You could create a new timeout field in handler that defaults to timeToWaitForReady, and a new method SetTimeout() to override it from tests.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree that is probably ideal. I was hoping to keep the change as low impact as possible due to code freeze/approvals. I wonder if that is something the release managers might allow to go in past code freeze?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is ok to update with suggested fix if you like since it is considered as a fix plus reviewed/approved before code freeze.

@cici37
Copy link
Contributor

cici37 commented Nov 8, 2022

The code changes in admission.go lgtm. Would love to have someone else confirm with the test time

@andrewsykim
Copy link
Member

andrewsykim commented Nov 9, 2022
edited

I would consider this a bug found from integration tests in #113738 -- logging V=0 on every requests is too verbose. Also tagging v1.26 since this PR had approval yesterday. The test fix is probably fine as a follow-up before test freeze (or a tracking issue at the very least).

/kind bug
/milestone v1.26

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Nov 9, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Nov 9, 2022
@andrewsykim
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 9, 2022
@andrewsykim
Copy link
Member

/hold

The CI failure looks legitimate

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 9, 2022
@alexzielenski
use existing admissionHandler readyfunc to wait for sync
df315f3 
is what other plugins do, and should decrease verbosity in logs
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 9, 2022
@alexzielenski
Copy link
Contributor Author

@andrewsykim this pr conflicted with the other I had that merged. rebased and fixed test again. PTAL

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 9, 2022
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 9, 2022
@andrewsykim
Copy link
Member

@andrewsykim this pr conflicted with the other I had that merged. rebased and fixed test again. PTAL

I might be missing something, but it seemed like the test just timed out, unrelated to other change

I1109 22:17:29.485159   72342 shared_informer.go:273] Waiting for caches to sync for cel-policy-definitions
panic: test timed out after 3m0s

goroutine 11 [running]:
testing.(*M).startAlarm.func1()
	/usr/local/go/src/testing/testing.go:2036 +0xbb
created by time.goFunc
	/usr/local/go/src/time/sleep.go:176 +0x48

goroutine 1 [chan receive, 3 minutes]:
testing.(*T).Run(0xc000309380, {0x2bc23bd, 0x12}, 0x2ca17a8)
	/usr/local/go/src/testing/testing.go:1494 +0x789
testing.runTests.func1(0x0?)
	/usr/local/go/src/testing/testing.go:1846 +0x9a
testing.tRunner(0xc000309380, 0xc0006dfba0)
	/usr/local/go/src/testing/testing.go:1446 +0x217
testing.runTests(0xc0004d4fa0?, {0x413ba60, 0xc, 0xc}, {0x40?, 0x7f337874f140?, 0x41599c0?})
	/usr/local/go/src/testing/testing.go:1844 +0x7ed
testing.(*M).Run(0xc0004d4fa0)
	/usr/local/go/src/testing/testing.go:1726 +0xa85
main.main()
	_testmain.go:69 +0x2ea

@alexzielenski
Copy link
Contributor Author

alexzielenski commented Nov 10, 2022
edited

but it seemed like the test just timed out, unrelated to other change

It's related. There is a log not included in your post Waiting for caches to sync for initial sync. This is the new sync added by the other pr that blocks forever if the informer is not started. Since this pr adds the possibility to not stop the informer, they conflicted with each other in that sense.

To solve that, I changed setupTestCommon to early return before the WaitForNamedCacheSync: https://github.com/kubernetes/kubernetes/pull/113758/files#diff-c66c2bd982171e72da2080e5a373924930ecdd30597aab5e413cc798e52d2c7cR287-R289

andrewsykim
andrewsykim reviewed Nov 10, 2022
View reviewed changes
Copy link
Member

@andrewsykim andrewsykim left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 10, 2022
@andrewsykim
Copy link
Member

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 10, 2022
@k8s-ci-robot k8s-ci-robot merged commit aeb8a8d into kubernetes:master Nov 10, 2022
@alexzielenski
Copy link
Contributor Author

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Nov 15, 2022
@alexzielenski alexzielenski deleted the readyFunc-refactor branch November 16, 2022 18:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cici37 cici37 cici37 left review comments

@andrewsykim andrewsykim andrewsykim left review comments

@jpbetz jpbetz Awaiting requested review from jpbetz

Assignees

@andrewsykim andrewsykim

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.26
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@alexzielenski @k8s-ci-robot @cici37 @andrewsykim