-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Importing the latest json patch and set the accumulated copy size limit #73713
Importing the latest json patch and set the accumulated copy size limit #73713
Conversation
@caesarxuchao: Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
e1e5f91
to
6ed8a4b
Compare
staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/mutating/dispatcher.go
Outdated
Show resolved
Hide resolved
6ed8a4b
to
0b95a4f
Compare
/release-note-none |
sounds like a good thing to have in 1.14. right? /milestone v1.14 |
1fc1a19
to
3993ce1
Compare
3993ce1
to
f001f9e
Compare
/lgtm |
/retest |
This prevents a json patch from consuming too much memory.
The kubectl patch command implementation also invokes the json patch library to apply patch, but that's only invoked if it's a dry-run or if the local flag is set. I think for those two cases, it's better to not have a limit than having a different limit than the apiserver, so I didn't set the limit.
There are other places import the json-patch lib, but they don't apply the patch, so they don't need to set the limit.
/assign @liggitt @cjcullen
/kind bug-fix
/sig api-machinery
/release-note-none
I didn't write a release note because users shouldn't see a difference. Even without this pull, patches that violate the limit are rejected by the etcd anyway. This pull makes such requests rejected earlier in the apiserver.