Skip to content

Fix registration for statusz and flagz in apiserver, kubelet#137420

Merged
k8s-ci-robot merged 1 commit intokubernetes:masterfrom
richabanker:statusz-installation
Mar 6, 2026
Merged

Fix registration for statusz and flagz in apiserver, kubelet#137420
k8s-ci-robot merged 1 commit intokubernetes:masterfrom
richabanker:statusz-installation

Conversation

@richabanker
Copy link
Copy Markdown
Contributor

@richabanker richabanker commented Mar 4, 2026
edited
Loading

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Install both flagz and statusz handlers together at the end of the debugging handlers block. This ensures they are disabled when debugging handlers on kubelet are disabled

Which issue(s) this PR is related to:

Issues: kubernetes/enhancements#4827, kubernetes/enhancements#4828

Special notes for your reviewer:

Does this PR introduce a user-facing change?

NONE

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 4, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 4, 2026

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Mar 4, 2026
@richabanker richabanker changed the title Fix auth registration for statusz and flagz Fix auth registration for statusz and flagz in kubelet Mar 4, 2026
@k8s-ci-robot k8s-ci-robot added area/kubelet sig/node Categorizes an issue or PR as relevant to SIG Node. labels Mar 4, 2026
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Mar 4, 2026
@SergeyKanzhelev
Copy link
Copy Markdown
Member

SergeyKanzhelev commented Mar 4, 2026

This ensures they do not bypass authentication.

Can this ^^^ be tested?

@richabanker richabanker force-pushed the statusz-installation branch from d62bd1d to e111bf4 Compare March 4, 2026 23:11
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. sig/auth Categorizes an issue or PR as relevant to SIG Auth. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Mar 4, 2026
@richabanker
Copy link
Copy Markdown
Contributor Author

richabanker commented Mar 4, 2026
edited
Loading

This ensures they do not bypass authentication.

Can this ^^^ be tested?

Being tested by existing tests (failing TestInstallAuthNotRequiredHandlers) in #137384 which is what brought attention to the incorrect installation for statusz.

Actually "ensures they do not bypass authentication." is not quite right, the issue was that previously statusz handler was being installed unconditionally (gated behind the feature flag). So when we graduated the ComponentStatusz feature gate to beta, the statusz handler started getting installed unconditionally and TestInstallAuthNotRequiredHandlers which expects only a handful of handlers to be installed when debugging is disabled, complained about statusz showing up in that list of select handlers). So with this change, we properly install the statusz handler only as a debugging handler.

@richabanker richabanker force-pushed the statusz-installation branch from e111bf4 to 8f2834c Compare March 4, 2026 23:38
SergeyKanzhelev
SergeyKanzhelev approved these changes Mar 4, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@SergeyKanzhelev SergeyKanzhelev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

ok for kubelet

@richabanker richabanker mentioned this pull request Mar 5, 2026
Merged
@enj enj moved this to Needs Triage in SIG Auth Mar 5, 2026
@richabanker
Copy link
Copy Markdown
Contributor Author

richabanker commented Mar 5, 2026

cc @liggitt since this PR is required to fix the failing unit test in #137384

liggitt
liggitt reviewed Mar 5, 2026
View reviewed changes
Comment thread pkg/kubelet/server/server.go
@richabanker richabanker force-pushed the statusz-installation branch from 8f2834c to afe4d27 Compare March 5, 2026 22:33
liggitt
liggitt reviewed Mar 5, 2026
View reviewed changes
Comment thread pkg/kubelet/server/server.go
Comment thread pkg/kubelet/server/server.go
Comment thread pkg/kubelet/server/server.go
Comment thread pkg/kubelet/server/server.go
@richabanker richabanker force-pushed the statusz-installation branch from 751879c to a206ee2 Compare March 6, 2026 00:05
@richabanker richabanker force-pushed the statusz-installation branch from a206ee2 to 426bb7c Compare March 6, 2026 00:31
@richabanker richabanker changed the title Fix auth registration for statusz and flagz in kubelet Fix registration for statusz and flagz in apiserver, kubelet Mar 6, 2026
@k8s-ci-robot k8s-ci-robot added area/apiserver sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. labels Mar 6, 2026
@liggitt
Copy link
Copy Markdown
Member

liggitt commented Mar 6, 2026

/lgtm
/approve
/retest

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 6, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 6, 2026

LGTM label has been added.

DetailsGit tree hash: e2fac9f7e9eed5e56951ee707e7c94f9351f0778

@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 6, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, richabanker, SergeyKanzhelev

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 6, 2026
@k8s-ci-robot k8s-ci-robot merged commit 68f0b37 into kubernetes:master Mar 6, 2026
14 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.36 milestone Mar 6, 2026
@github-project-automation github-project-automation Bot moved this from Needs Triage to Closed / Done in SIG Auth Mar 6, 2026
@richabanker richabanker deleted the statusz-installation branch March 9, 2026 19:16
This was referenced Mar 10, 2026
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@liggitt liggitt liggitt left review comments

@rphillips rphillips Awaiting requested review from rphillips

+1 more reviewer

@SergeyKanzhelev SergeyKanzhelev SergeyKanzhelev approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@liggitt liggitt

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. area/apiserver area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note-none Denotes a PR that doesn't merit a release note. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/node Categorizes an issue or PR as relevant to SIG Node. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

SIG Auth
Archived in project
SIG Node: code and documentation PRs
Status: Done

Milestone

v1.36

Development

Successfully merging this pull request may close these issues.

6 participants

@richabanker @k8s-ci-robot @SergeyKanzhelev @liggitt @benjaminapetersen @enj