UPSTREAM: <carry>: return 429 instead of 404 when the server hasn't been ready

[p0lyn0mial]

WithNotFoundProtectorHandler will return 429 instead of 404 iff:

• server hasn't been ready (/readyz=false)
• the user is GC or the namespace lifecycle controller
• the path is for an aggregated API or CR

This handler ensures that the system stays consistent even when requests are received before the server is ready.
In particular it prevents child deletion in case of GC or/and orphaned content in case of the namespaces controller.

[openshift-ci-robot]

@p0lyn0mial: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

• 2a78f0c|UPSTREAM: : return 429 instead of 404 when the server hasn't been ready: does not specify an upstream backport in the commit message
• 8f3cbdf|UPSTREAM: : wires WithNotFoundProtectorHandler to the default NotFound handler: does not specify an upstream backport in the commit message

[p0lyn0mial]

/assign @sttts @deads2k

[p0lyn0mial]

is this enough?

[deads2k]

is this enough?

Yes. Add a comment explaining that since discovery contains all groups, we have to block the discovery paths until CRDs and APIServices are synced. Otherwise someone will optimize this to expose built-in APIs.

I'm open to allowing direct GETS and PUTs for built-in APIs, but not their discovery

[deads2k]

does this match the 429 returned by p&f? I thought we tried to return json.

Can the message here be distinct so we can find it while tracing?

[p0lyn0mial]

does this match the 429 returned by p&f? I thought we tried to return json

yes, p&f uses tooManyRequest function

[p0lyn0mial]

Can the message here be distinct so we can find it while tracing?

+1

[deads2k]

GC uses its own account for informers?

[p0lyn0mial]

nope, informers use system:kube-controller-manager, do we want to add it?

[p0lyn0mial]

I thought it only matters to the discovery and the normal client

[p0lyn0mial]

I think that informers will simply retry on 404

[openshift-ci-robot]

@p0lyn0mial: the contents of this pull request could not be automatically validated.

The following commits could not be validated and must be approved by a top-level approver:

• 003809e|UPSTREAM: : wires WithNotFoundProtectorHandler to the default NotFound handler: does not specify an upstream backport in the commit message
• b071cc8|UPSTREAM: : return 429 instead of 404 when the server hasn't been ready: does not specify an upstream backport in the commit message

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: p0lyn0mial
To complete the pull request process, please ask for approval from deads2k after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• DOWNSTREAM_OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[p0lyn0mial]

do we want to randomize the timeout?

[openshift-ci]

@p0lyn0mial: The following tests failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-gcp	003809e	link	/test e2e-gcp
ci/prow/e2e-gcp-upgrade	003809e	link	/test e2e-gcp-upgrade
ci/prow/e2e-aws-serial	003809e	link	/test e2e-aws-serial

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[openshift-bot]

Issues go stale after 90d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle stale

[openshift-ci]

@p0lyn0mial: PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.

If this issue is safe to close now please do so with /close.

/lifecycle rotten
/remove-lifecycle stale

[openshift-bot]

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

[openshift-ci]

@openshift-bot: Closed this PR.

In response to this:

Rotten issues close after 30d of inactivity.

Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.