Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adding a limit on the size of request body the apiserver will decode for write operations #73805

Merged
merged 3 commits into from
Feb 12, 2019
Merged

Adding a limit on the size of request body the apiserver will decode for write operations #73805

merged 3 commits into from
Feb 12, 2019

Conversation

caesarxuchao
Copy link
Member

@caesarxuchao caesarxuchao commented Feb 7, 2019
edited
Loading

The first two commits are #73713.

/assign
/kind bug-fix
/sig api-machinery
/release-note-none

This doesn't require a release note because request that fails the new limit has always been invalid. This patch just make it fail early in the apiserver REST handler, instead of after hitting etcd.

kube-apiserver: a request body of a CREATE/UPDATE/PATCH/DELETE resource operation larger than 100 MB will return a 413 "request entity too large" error.

Custom apiservers built with the latest apiserver library will have the 100MB limit on the body of resource requests as well. The limit can be altered via ServerRunOptions.MaxRequestBodyBytes.

The body size limit does not apply to subresources like pods/proxy that proxy request content to another server.

@k8s-ci-robot k8s-ci-robot added sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/apiserver kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Feb 7, 2019
@caesarxuchao caesarxuchao changed the title Adding a limit on resource body size apiserver will decode for write operations Adding a limit on the size of request body the apiserver will decode for write operations Feb 7, 2019
@caesarxuchao caesarxuchao force-pushed the resource-size-limit branch 2 times, most recently from 3eecdaf to 0a1bf00 Compare February 7, 2019 18:50
@caesarxuchao caesarxuchao force-pushed the resource-size-limit branch 2 times, most recently from 67a0765 to af17697 Compare February 7, 2019 22:44
@caesarxuchao
Copy link
Member Author

/unassign
/assign @liggitt

@k8s-ci-robot k8s-ci-robot assigned liggitt and unassigned caesarxuchao Feb 8, 2019
liggitt
liggitt reviewed Feb 8, 2019
View reviewed changes
test/integration/apiserver/max_request_body_bytes_test.go Outdated

// Tests that the apiserver limits the resource size in write operations.
func TestMaxResourceSize(t *testing.T) {
s, clientSet, closeFn := setup(t)
Copy link
Member

@liggitt liggitt Feb 8, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggest this instead to limit to 1MB to avoid needing 200MB in memory to run this test:

	stopCh := make(chan struct{})
	defer close(stopCh)
	clientSet, _ := framework.StartTestServer(t, stopCh, framework.TestServerSetup{
		ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
			opts.GenericServerRunOptions.MaxRequestBodyBytes = 1024*1024
		},
	})

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point. Done.

@liggitt
Copy link
Member

liggitt commented Feb 8, 2019

one test comment, agree on matching json patch copy size

@caesarxuchao
Copy link
Member Author

@liggitt comments addressed. PTAL. Thank you.

@caesarxuchao
Copy link
Member Author

/retest

2 similar comments
@liggitt
Copy link
Member

liggitt commented Feb 9, 2019

/retest

@caesarxuchao
Copy link
Member Author

/retest

@liggitt
Copy link
Member

liggitt commented Feb 11, 2019

/test all

@liggitt
Copy link
Member

liggitt commented Feb 11, 2019

I think the new potential http status code is worth a release note

@liggitt
Copy link
Member

liggitt commented Feb 11, 2019

once it has a release note and the 10->100 test fixup is done, lgtm

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed do-not-merge/release-note-label-needed Indicates that a PR should not merge because it's missing one of the release note labels. labels Feb 11, 2019
@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Feb 11, 2019
@caesarxuchao
Copy link
Member Author

Both done. PTAL. Thanks.

@liggitt
Copy link
Member

liggitt commented Feb 12, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Feb 12, 2019
@liggitt
Copy link
Member

liggitt commented Feb 12, 2019

updated release note to clarify the limit only applies to resource requests, not proxy subresources like pods/proxy

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: caesarxuchao, liggitt

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 12, 2019
@k8s-ci-robot k8s-ci-robot merged commit 2940317 into kubernetes:master Feb 12, 2019
This was referenced Feb 15, 2019
Merged
Merged
Merged
k8s-ci-robot added a commit that referenced this pull request Feb 21, 2019
@k8s-ci-robot
Merge pull request #74104 from caesarxuchao/automated-cherry-pick-of-…
88a90a7 
…#73443-#73713-#73805-#74000-upstream-release-1.12

Automated cherry pick of #73443: update json-patch to pick up bug fixes
k8s-ci-robot added a commit that referenced this pull request Feb 21, 2019
@k8s-ci-robot
Merge pull request #74102 from caesarxuchao/automated-cherry-pick-of-…
de4225f 
…#73443-#73713-#73805-#74000-upstream-release-1.13

Automated cherry pick of #73443: update json-patch to pick up bug fixes
k8s-ci-robot added a commit that referenced this pull request Feb 23, 2019
@k8s-ci-robot
Merge pull request #74106 from caesarxuchao/automated-cherry-pick-of-…
5d86c1b 
…#68428-#68442-#73443-#73713-#73805-#74000-upstream-release-1.11

Automated cherry pick of #68428: vendor: bump github.com/evanphx/json-patch
@roycaihw roycaihw mentioned this pull request Feb 26, 2019
Closed
@roycaihw roycaihw mentioned this pull request Mar 18, 2019
Closed
@Placidina Placidina mentioned this pull request Mar 9, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@cheftako cheftako Awaiting requested review from cheftako

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@liggitt liggitt

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@caesarxuchao @liggitt @k8s-ci-robot