Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upAdding a limit on the size of request body the apiserver will decode for write operations #73805
Conversation
k8s-ci-robot
assigned
caesarxuchao
Feb 7, 2019
k8s-ci-robot
added
sig/api-machinery
do-not-merge/release-note-label-needed
cncf-cla: yes
needs-kind
needs-priority
area/apiserver
kind/api-change
sig/cli
sig/testing
and removed
needs-kind
labels
Feb 7, 2019
k8s-ci-robot
requested review from
cheftako
and
deads2k
Feb 7, 2019
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
from
80e49d2
to
262609c
Feb 7, 2019
caesarxuchao
changed the title
Adding a limit on resource body size apiserver will decode for write operations
Adding a limit on the size of request body the apiserver will decode for write operations
Feb 7, 2019
liggitt
reviewed
Feb 7, 2019
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
2 times, most recently
from
3eecdaf
to
0a1bf00
Feb 7, 2019
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
2 times, most recently
from
67a0765
to
af17697
Feb 7, 2019
caesarxuchao
reviewed
Feb 8, 2019
This comment has been minimized.
This comment has been minimized.
/unassign |
k8s-ci-robot
assigned
liggitt
and unassigned
caesarxuchao
Feb 8, 2019
liggitt
reviewed
Feb 8, 2019
|
||
// Tests that the apiserver limits the resource size in write operations. | ||
func TestMaxResourceSize(t *testing.T) { | ||
s, clientSet, closeFn := setup(t) |
This comment has been minimized.
This comment has been minimized.
liggitt
Feb 8, 2019
•
Member
suggest this instead to limit to 1MB to avoid needing 200MB in memory to run this test:
stopCh := make(chan struct{})
defer close(stopCh)
clientSet, _ := framework.StartTestServer(t, stopCh, framework.TestServerSetup{
ModifyServerRunOptions: func(opts *options.ServerRunOptions) {
opts.GenericServerRunOptions.MaxRequestBodyBytes = 1024*1024
},
})
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
one test comment, agree on matching json patch copy size |
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
from
af17697
to
a7da55a
Feb 8, 2019
This comment has been minimized.
This comment has been minimized.
@liggitt comments addressed. PTAL. Thank you. |
This comment has been minimized.
This comment has been minimized.
/retest |
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
from
a7da55a
to
ee787c8
Feb 9, 2019
This comment has been minimized.
This comment has been minimized.
/retest |
2 similar comments
This comment has been minimized.
This comment has been minimized.
/retest |
This comment has been minimized.
This comment has been minimized.
/retest |
This comment has been minimized.
This comment has been minimized.
/test all |
This comment has been minimized.
This comment has been minimized.
I think the new potential http status code is worth a release note |
This comment has been minimized.
This comment has been minimized.
once it has a release note and the 10->100 test fixup is done, lgtm |
k8s-ci-robot
added
release-note
and removed
do-not-merge/release-note-label-needed
labels
Feb 11, 2019
caesarxuchao
force-pushed the
caesarxuchao:resource-size-limit
branch
from
ee787c8
to
27166e4
Feb 11, 2019
k8s-ci-robot
added
the
size/L
label
Feb 11, 2019
This comment has been minimized.
This comment has been minimized.
Both done. PTAL. Thanks. |
This comment has been minimized.
This comment has been minimized.
/lgtm |
k8s-ci-robot
added
the
lgtm
label
Feb 12, 2019
This comment has been minimized.
This comment has been minimized.
updated release note to clarify the limit only applies to resource requests, not proxy subresources like |
This comment has been minimized.
This comment has been minimized.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: caesarxuchao, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
caesarxuchao commentedFeb 7, 2019
•
edited
The first two commits are #73713.
/assign
/kind bug-fix
/sig api-machinery
/release-note-none
This doesn't require a release note because request that fails the new limit has always been invalid. This patch just make it fail early in the apiserver REST handler, instead of after hitting etcd.