Upgrade k8s package verison (#5358)
* upgrade k8s package version Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> * Script upgrade and code formatting. Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io> Signed-off-by: hongzhouzi <hongzhouzi@kubesphere.io>
This commit is contained in:
hongzhouzi
64
vendor/k8s.io/apiserver/pkg/server/secure_serving.go
generated
vendored
64
vendor/k8s.io/apiserver/pkg/server/secure_serving.go
generated
vendored
@@ -86,45 +86,52 @@ func (s *SecureServingInfo) tlsConfig(stopCh <-chan struct{}) (*tls.Config, erro
|
||||
s.SNICerts,
|
||||
nil, // TODO see how to plumb an event recorder down in here. For now this results in simply klog messages.
|
||||
)
|
||||
// register if possible
|
||||
if notifier, ok := s.ClientCA.(dynamiccertificates.Notifier); ok {
|
||||
notifier.AddListener(dynamicCertificateController)
|
||||
|
||||
if s.ClientCA != nil {
|
||||
s.ClientCA.AddListener(dynamicCertificateController)
|
||||
}
|
||||
if notifier, ok := s.Cert.(dynamiccertificates.Notifier); ok {
|
||||
notifier.AddListener(dynamicCertificateController)
|
||||
if s.Cert != nil {
|
||||
s.Cert.AddListener(dynamicCertificateController)
|
||||
}
|
||||
// generate a context from stopCh. This is to avoid modifying files which are relying on apiserver
|
||||
// TODO: See if we can pass ctx to the current method
|
||||
ctx, cancel := context.WithCancel(context.Background())
|
||||
go func() {
|
||||
select {
|
||||
case <-stopCh:
|
||||
cancel() // stopCh closed, so cancel our context
|
||||
case <-ctx.Done():
|
||||
}
|
||||
}()
|
||||
// start controllers if possible
|
||||
if controller, ok := s.ClientCA.(dynamiccertificates.ControllerRunner); ok {
|
||||
// runonce to try to prime data. If this fails, it's ok because we fail closed.
|
||||
// Files are required to be populated already, so this is for convenience.
|
||||
if err := controller.RunOnce(); err != nil {
|
||||
if err := controller.RunOnce(ctx); err != nil {
|
||||
klog.Warningf("Initial population of client CA failed: %v", err)
|
||||
}
|
||||
|
||||
go controller.Run(1, stopCh)
|
||||
go controller.Run(ctx, 1)
|
||||
}
|
||||
if controller, ok := s.Cert.(dynamiccertificates.ControllerRunner); ok {
|
||||
// runonce to try to prime data. If this fails, it's ok because we fail closed.
|
||||
// Files are required to be populated already, so this is for convenience.
|
||||
if err := controller.RunOnce(); err != nil {
|
||||
if err := controller.RunOnce(ctx); err != nil {
|
||||
klog.Warningf("Initial population of default serving certificate failed: %v", err)
|
||||
}
|
||||
|
||||
go controller.Run(1, stopCh)
|
||||
go controller.Run(ctx, 1)
|
||||
}
|
||||
for _, sniCert := range s.SNICerts {
|
||||
if notifier, ok := sniCert.(dynamiccertificates.Notifier); ok {
|
||||
notifier.AddListener(dynamicCertificateController)
|
||||
}
|
||||
|
||||
sniCert.AddListener(dynamicCertificateController)
|
||||
if controller, ok := sniCert.(dynamiccertificates.ControllerRunner); ok {
|
||||
// runonce to try to prime data. If this fails, it's ok because we fail closed.
|
||||
// Files are required to be populated already, so this is for convenience.
|
||||
if err := controller.RunOnce(); err != nil {
|
||||
if err := controller.RunOnce(ctx); err != nil {
|
||||
klog.Warningf("Initial population of SNI serving certificate failed: %v", err)
|
||||
}
|
||||
|
||||
go controller.Run(1, stopCh)
|
||||
go controller.Run(ctx, 1)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -144,14 +151,15 @@ func (s *SecureServingInfo) tlsConfig(stopCh <-chan struct{}) (*tls.Config, erro
|
||||
// Serve runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails.
|
||||
// The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. Serve does not block.
|
||||
// It returns a stoppedCh that is closed when all non-hijacked active requests have been processed.
|
||||
func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, error) {
|
||||
// It returns a listenerStoppedCh that is closed when the underlying http Server has stopped listening.
|
||||
func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, <-chan struct{}, error) {
|
||||
if s.Listener == nil {
|
||||
return nil, fmt.Errorf("listener must not be nil")
|
||||
return nil, nil, fmt.Errorf("listener must not be nil")
|
||||
}
|
||||
|
||||
tlsConfig, err := s.tlsConfig(stopCh)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, nil, err
|
||||
}
|
||||
|
||||
secureServer := &http.Server{
|
||||
@@ -159,6 +167,9 @@ func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Dur
|
||||
Handler: handler,
|
||||
MaxHeaderBytes: 1 << 20,
|
||||
TLSConfig: tlsConfig,
|
||||
|
||||
IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout
|
||||
ReadHeaderTimeout: 32 * time.Second, // just shy of requestTimeoutUpperBound
|
||||
}
|
||||
|
||||
// At least 99% of serialized resources in surveyed clusters were smaller than 256kb.
|
||||
@@ -166,7 +177,9 @@ func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Dur
|
||||
// and small enough to allow a per connection buffer of this size multiplied by `MaxConcurrentStreams`.
|
||||
const resourceBody99Percentile = 256 * 1024
|
||||
|
||||
http2Options := &http2.Server{}
|
||||
http2Options := &http2.Server{
|
||||
IdleTimeout: 90 * time.Second, // matches http.DefaultTransport keep-alive timeout
|
||||
}
|
||||
|
||||
// shrink the per-stream buffer and max framesize from the 1MB default while still accommodating most API POST requests in a single frame
|
||||
http2Options.MaxUploadBufferPerStream = resourceBody99Percentile
|
||||
@@ -185,7 +198,7 @@ func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Dur
|
||||
if !s.DisableHTTP2 {
|
||||
// apply settings to the server
|
||||
if err := http2.ConfigureServer(secureServer, http2Options); err != nil {
|
||||
return nil, fmt.Errorf("error configuring http2: %v", err)
|
||||
return nil, nil, fmt.Errorf("error configuring http2: %v", err)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -209,15 +222,15 @@ func RunServer(
|
||||
ln net.Listener,
|
||||
shutDownTimeout time.Duration,
|
||||
stopCh <-chan struct{},
|
||||
) (<-chan struct{}, error) {
|
||||
) (<-chan struct{}, <-chan struct{}, error) {
|
||||
if ln == nil {
|
||||
return nil, fmt.Errorf("listener must not be nil")
|
||||
return nil, nil, fmt.Errorf("listener must not be nil")
|
||||
}
|
||||
|
||||
// Shutdown server gracefully.
|
||||
stoppedCh := make(chan struct{})
|
||||
serverShutdownCh, listenerStoppedCh := make(chan struct{}), make(chan struct{})
|
||||
go func() {
|
||||
defer close(stoppedCh)
|
||||
defer close(serverShutdownCh)
|
||||
<-stopCh
|
||||
ctx, cancel := context.WithTimeout(context.Background(), shutDownTimeout)
|
||||
server.Shutdown(ctx)
|
||||
@@ -226,6 +239,7 @@ func RunServer(
|
||||
|
||||
go func() {
|
||||
defer utilruntime.HandleCrash()
|
||||
defer close(listenerStoppedCh)
|
||||
|
||||
var listener net.Listener
|
||||
listener = tcpKeepAliveListener{ln}
|
||||
@@ -244,7 +258,7 @@ func RunServer(
|
||||
}
|
||||
}()
|
||||
|
||||
return stoppedCh, nil
|
||||
return serverShutdownCh, listenerStoppedCh, nil
|
||||
}
|
||||
|
||||
// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
|
||||
|
||||
Reference in New Issue
Block a user