Add flagz endpoint for apiserver by richabanker · Pull Request #127581 · kubernetes/kubernetes

richabanker · 2024-09-24T00:30:24Z

What type of PR is this?

/kind feature

What this PR does / why we need it:

Adds a /flagz endpoint for kube-apiserver

Which issue(s) this PR fixes:

kubernetes/enhancements#4828

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Adds a /flagz endpoint for kube-apiserver endpoint

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

KEP : https://github.com/kubernetes/enhancements/blob/master/keps/sig-instrumentation/4828-component-flagz/README.md

Snippet of response returned by

curl -k --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key https://localhost:6443/flagz

kube-apiserver flags
Warning: This endpoint is not meant to be machine parseable, has no formatting compatibility guarantees and is for debugging purposes only.

advertise-address=192.168.8.2
contention-profiling=false
enable-priority-and-fairness=true
profiling=true
authorization-mode=[Node,RBAC]
authorization-webhook-cache-authorized-ttl=5m0s
authorization-webhook-cache-unauthorized-ttl=30s
authorization-webhook-version=v1beta1
default-watch-cache-size=100
delete-collection-workers=1
enable-garbage-collector=true
encryption-provider-config-automatic-reload=false
etcd-cafile=/etc/kubernetes/pki/etcd/ca.crt
etcd-certfile=/etc/kubernetes/pki/apiserver-etcd-client.crt
etcd-compaction-interval=5m0s
etcd-count-metric-poll-period=1m0s
etcd-db-metric-poll-interval=30s
etcd-healthcheck-timeout=2s
etcd-keyfile=/etc/kubernetes/pki/apiserver-etcd-client.key
etcd-prefix=/registry
etcd-readycheck-timeout=2s
etcd-servers=[https://127.0.0.1:2379]
lease-reuse-duration-seconds=60
storage-media-type=application/vnd.kubernetes.protobuf
watch-cache=true

richabanker · 2024-09-24T02:09:01Z

/remove-sig cli
/remove-sig network
/remove-sig node

/remove-area kubelet
/remove-area kube-proxy
/remove-area kubectl

dgrisonnet

/lgtm
/approve

k8s-ci-robot · 2024-11-06T19:40:07Z

LGTM label has been added.

Details

Git tree hash: 63d6e2cc66c8dca81fc6c826e462e63c726c9fb9

dgrisonnet · 2024-11-06T19:43:40Z

Tests failures seem to be unrelated.

dgrisonnet · 2024-11-06T21:11:05Z

/lgtm

k8s-ci-robot · 2024-11-06T21:11:11Z

LGTM label has been added.

Details

Git tree hash: 1becdbcd8b8a5fadb89b13a677c9602236591669

sttts · 2024-11-07T10:14:59Z

/lgtm
/approve

Thanks @richabanker for the updates. Looks great now!

k8s-ci-robot · 2024-11-07T10:15:05Z

LGTM label has been added.

Details

Git tree hash: a01f3e8246e37f844e091ac9f7687c3745c00e17

sttts · 2024-11-07T10:15:26Z

/retest

richabanker · 2024-11-07T15:23:15Z

/retest

liggitt · 2024-11-07T15:42:22Z

the integration failure looks related to this PR... I can't reproduce on master and I can reproduce the failure 100% on this PR

go test ./test/integration/apiserver/oidc -run 'TestOIDC/ID_token_is_ok$'

liggitt · 2024-11-07T15:46:31Z

looks like that's been failing on this PR since 10/16 - https://prow.k8s.io/view/gs/kubernetes-ci-logs/pr-logs/pull/127581/pull-kubernetes-integration/1846632627503632384

sttts · 2024-11-07T19:05:46Z

It's very likely o.OIDC.areFlagsConfigured. That func is bound to the fs argument of the AddFlags method. And because this PR calls opts.Flags() another time, areFlagsConfigured is wrong. So it is not this PR that is wrong, but it just uncovers the hack in AddFlags, mutating the receiver, which is should not do.

richabanker · 2024-11-07T19:53:26Z

It's very likely o.OIDC.areFlagsConfigured. That func is bound to the fs argument of the AddFlags method. And because this PR calls opts.Flags() another time, areFlagsConfigured is wrong. So it is not this PR that is wrong, but it just uncovers the hack in AddFlags, mutating the receiver, which is should not do.

Created #128674 for a partial fix for the OIDC flags. With this, the TestOIDC test was passing with the flagz changes.

liggitt · 2024-11-07T23:01:22Z

/approve

richabanker · 2024-11-07T23:33:39Z

/test pull-kubernetes-integration

dgrisonnet · 2024-11-07T23:44:49Z

/lgtm

k8s-ci-robot · 2024-11-07T23:44:55Z

LGTM label has been added.

Details

Git tree hash: 6e30f852399771f58bb2d52a175af52a481e9759

richabanker · 2024-11-08T00:07:08Z

/hold
until #125577 merges

k8s-ci-robot · 2024-11-08T01:12:28Z

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dgrisonnet, liggitt, richabanker, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

~~cmd/kube-apiserver/OWNERS~~ [liggitt,sttts]
~~pkg/controlplane/OWNERS~~ [liggitt,sttts]
~~pkg/features/OWNERS~~ [dgrisonnet,liggitt,sttts]
~~plugin/pkg/auth/authorizer/OWNERS~~ [liggitt]
~~staging/src/k8s.io/apiserver/OWNERS~~ [liggitt,sttts]
~~staging/src/k8s.io/component-base/zpages/OWNERS~~ [dgrisonnet,liggitt]
~~test/featuregates_linter/test_data/OWNERS~~ [dgrisonnet,liggitt,sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

dgrisonnet · 2024-11-08T01:21:40Z

/lgtm

k8s-ci-robot · 2024-11-08T01:21:45Z

LGTM label has been added.

Details

Git tree hash: aae9d3dcdd951de2a40b516d01d8c7621e5c6f2c

richabanker · 2024-11-08T01:48:27Z

/unhold
since #125577 is now merged

wendy-ha18 · 2024-11-08T02:58:33Z

Hi @richabanker @dgrisonnet
Appreciate all of your efforts with this PR!!
A gentle reminder that the code freeze has started 02:00 UTC Friday November 8th 2024 . Please make sure this has both lgtm and approved labels ASAP, and file an Exception.

richabanker · 2024-11-08T03:06:39Z

@wendy-ha18 lgtm label was added an hour ago, and the approve tag was added much before. Do I still need to file an exception?

wendy-ha18 · 2024-11-08T03:52:40Z

Hi @richabanker, IOM no you don't need to file Exception. I saw this PR in merging queue are now with a milestone. PR can be merged with milestone after code freeze.

k8s-ci-robot requested review from enj and johnbelamaric September 24, 2024 00:30

richabanker force-pushed the flagz-apiserver branch 4 times, most recently from 1de51ac to e67c926 Compare September 24, 2024 01:45

k8s-ci-robot removed sig/cli Categorizes an issue or PR as relevant to SIG CLI. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. labels Sep 24, 2024

dgrisonnet approved these changes Nov 6, 2024

View reviewed changes

richabanker mentioned this pull request Nov 7, 2024

Fix OIDC flags #128674

Merged

Add flagz implementation and enablement in apiserver

da8dc43

richabanker mentioned this pull request Nov 29, 2024

feat: Add flagz endpoint for kubelet #128857

Merged

richabanker mentioned this pull request Feb 11, 2025

Flagz on kube-apiserver doesn't return parsed flag values #129994

Closed

yongruilin mentioned this pull request Feb 12, 2025

fix: apiserver flagz to response actual parsed flags #129996

Merged

Conversation

richabanker commented Sep 24, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Special notes for your reviewer:

Does this PR introduce a user-facing change?

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

Uh oh!

richabanker commented Sep 24, 2024

Uh oh!

dgrisonnet left a comment

Choose a reason for hiding this comment

Uh oh!

k8s-ci-robot commented Nov 6, 2024

Uh oh!

dgrisonnet commented Nov 6, 2024

Uh oh!

dgrisonnet commented Nov 6, 2024

Uh oh!

k8s-ci-robot commented Nov 6, 2024

Uh oh!

sttts commented Nov 7, 2024

Uh oh!

k8s-ci-robot commented Nov 7, 2024

Uh oh!

sttts commented Nov 7, 2024

Uh oh!

richabanker commented Nov 7, 2024

Uh oh!

liggitt commented Nov 7, 2024

Uh oh!

liggitt commented Nov 7, 2024

Uh oh!

sttts commented Nov 7, 2024

Uh oh!

richabanker commented Nov 7, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

liggitt commented Nov 7, 2024

Uh oh!

richabanker commented Nov 7, 2024

Uh oh!

dgrisonnet commented Nov 7, 2024

Uh oh!

k8s-ci-robot commented Nov 7, 2024

Uh oh!

richabanker commented Nov 8, 2024

Uh oh!

k8s-ci-robot commented Nov 8, 2024

Uh oh!

dgrisonnet commented Nov 8, 2024

Uh oh!

k8s-ci-robot commented Nov 8, 2024

Uh oh!

richabanker commented Nov 8, 2024

Uh oh!

wendy-ha18 commented Nov 8, 2024

Uh oh!

richabanker commented Nov 8, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

wendy-ha18 commented Nov 8, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

10 participants

richabanker commented Sep 24, 2024 •

edited

Loading

richabanker commented Nov 7, 2024 •

edited

Loading

richabanker commented Nov 8, 2024 •

edited

Loading