-
Notifications
You must be signed in to change notification settings - Fork 39k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[audit] Figure out timestamps in event objects #52160
Comments
I thought during our discussion we agreed on |
The opposite. |
That we re-use that event object throughout the handler chain is our optimization and an implementation detail. From the outside we create one event per stage. |
I vote for this option. |
@soltysh Yeah, sorry for confusion earlier, I meant what @sttts said @CaoShuFeng I also like this option better, b/c removing ObjectMeta will require some testing and even after that something can break, and leaving CreationTimestamp empty doesn't look good |
Important requirement for this is that it should give very good precision, micro- or milisecond precision so we can measure actual time spent for processing requests. |
+1, I'll add this to the issue description |
In order to improve precision, I think no use of CreationTimestamp is a better choise. We can define |
/assign |
[MILESTONENOTIFIER] Milestone Removed Important: This issue was missing labels required for the v1.9 milestone for more than 3 days: kind: Must specify exactly one of |
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add RequestReceivedTimestamp and StageTimestamp to audit event fixes #52160 **Release note**: ``` Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events. ```
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add RequestReceivedTimestamp and StageTimestamp to audit event fixes kubernetes/kubernetes#52160 **Release note**: ``` Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events. ``` Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add RequestReceivedTimestamp and StageTimestamp to audit event fixes kubernetes/kubernetes#52160 **Release note**: ``` Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events. ``` Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
Automatic merge from submit-queue (batch tested with PRs 53119, 53753, 53795, 52981). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. add RequestReceivedTimestamp and StageTimestamp to audit event fixes kubernetes/kubernetes#52160 **Release note**: ``` Add RequestReceivedTimestamp and StageTimestamp with micro seconds to audit events. ``` Kubernetes-commit: 6901fc37d1f74d131100997bd497f0d3c4ad9515
Ref #48561
Currently, there's a
Timestamp
field in theaudit.Event
object, which representsTime the request reached the apiserver.
. There're several problems with it:CreationTimestamps
. It's also confusing what it means: either the same whatTimestamp
currently means or the stage timestmap.AuditId
(which can be spoofed).We agreed that the @soltysh's PR (#52030) will addressed the latter two points by populating the
CreationTimestamp
field with the stage timestamp, exposing this information and makingCreationTimestamp
field useful. However, that doesn't solve the problem of ambiguous names orCreationTimestamp
precision. There are three options:Timestamp
field e.g. toRequestStartTimestamp
Timestamp
field, introduce two new fieldsRequestStartTimestamp
andStageTimestamp
and removeObjectMeta
. This is the only option that will allow to use timestamps to make an accurate estimation of how much time the request took, sinceCreationTimestamp
has only seconds precision.Renaming/removing field ofc will happen in the backward-compatible way, by creating a new field that will hold the same value and then actually removing the field in the next API release.
Because of the precision problem, the last options seems like the best approach.
/cc @sttts @soltysh @ericchiang @CaoShuFeng
The text was updated successfully, but these errors were encountered: