From 15019c48ace9f7eb0be1e13eea2cf3b71928dd4d Mon Sep 17 00:00:00 2001 From: Luis Sanchez Date: Wed, 28 Aug 2024 13:59:10 -0400 Subject: [PATCH] log only deprecated api requests --- .../apiaccess_count_controller.go | 2 +- .../filters/apirequestcount/deprecated.go | 128 ++++++++++-------- .../filters/apirequestcount_filter.go | 17 ++- 3 files changed, 81 insertions(+), 66 deletions(-) diff --git a/openshift-kube-apiserver/filters/apirequestcount/apiaccess_count_controller.go b/openshift-kube-apiserver/filters/apirequestcount/apiaccess_count_controller.go index ad2f82b737465..c784e3d11b8b6 100644 --- a/openshift-kube-apiserver/filters/apirequestcount/apiaccess_count_controller.go +++ b/openshift-kube-apiserver/filters/apirequestcount/apiaccess_count_controller.go @@ -49,7 +49,7 @@ type controller struct { // IsDeprecated return true if the resource is deprecated. func (c *controller) IsDeprecated(resource, version, group string) bool { - _, ok := deprecatedApiRemovedRelease[schema.GroupVersionResource{ + _, ok := DeprecatedAPIRemovedRelease[schema.GroupVersionResource{ Group: group, Version: version, Resource: resource, diff --git a/openshift-kube-apiserver/filters/apirequestcount/deprecated.go b/openshift-kube-apiserver/filters/apirequestcount/deprecated.go index 66519b98df9b7..99f9198d21e65 100644 --- a/openshift-kube-apiserver/filters/apirequestcount/deprecated.go +++ b/openshift-kube-apiserver/filters/apirequestcount/deprecated.go @@ -1,70 +1,78 @@ package apirequestcount -import "k8s.io/apimachinery/pkg/runtime/schema" +import ( + "fmt" -var deprecatedApiRemovedRelease = map[schema.GroupVersionResource]string{ + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var DeprecatedAPIRemovedRelease = map[schema.GroupVersionResource]int{ // Kubernetes APIs - {Group: "apps", Version: "v1beta1", Resource: "controllerrevisions"}: "1.16", - {Group: "apps", Version: "v1beta1", Resource: "deploymentrollbacks"}: "1.16", - {Group: "apps", Version: "v1beta1", Resource: "deployments"}: "1.16", - {Group: "apps", Version: "v1beta1", Resource: "scales"}: "1.16", - {Group: "apps", Version: "v1beta1", Resource: "statefulsets"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "controllerrevisions"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "daemonsets"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "deployments"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "replicasets"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "scales"}: "1.16", - {Group: "apps", Version: "v1beta2", Resource: "statefulsets"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "daemonsets"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "deploymentrollbacks"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "deployments"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "networkpolicies"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "podsecuritypolicies"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "replicasets"}: "1.16", - {Group: "extensions", Version: "v1beta1", Resource: "scales"}: "1.16", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1", Resource: "flowschemas"}: "1.21", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1", Resource: "prioritylevelconfigurations"}: "1.21", - {Group: "admissionregistration.k8s.io", Version: "v1beta1", Resource: "mutatingwebhookconfigurations"}: "1.22", - {Group: "admissionregistration.k8s.io", Version: "v1beta1", Resource: "validatingwebhookconfigurations"}: "1.22", - {Group: "apiextensions.k8s.io", Version: "v1beta1", Resource: "customresourcedefinitions"}: "1.22", - {Group: "apiregistration.k8s.io", Version: "v1beta1", Resource: "apiservices"}: "1.22", - {Group: "authentication.k8s.io", Version: "v1beta1", Resource: "tokenreviews"}: "1.22", - {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "localsubjectaccessreviews"}: "1.22", - {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectaccessreviews"}: "1.22", - {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectrulesreviews"}: "1.22", - {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "subjectaccessreviews"}: "1.22", - {Group: "certificates.k8s.io", Version: "v1beta1", Resource: "certificatesigningrequests"}: "1.22", - {Group: "coordination.k8s.io", Version: "v1beta1", Resource: "leases"}: "1.22", - {Group: "extensions", Version: "v1beta1", Resource: "ingresses"}: "1.22", - {Group: "networking.k8s.io", Version: "v1beta1", Resource: "ingresses"}: "1.22", - {Group: "networking.k8s.io", Version: "v1beta1", Resource: "ingressclasses"}: "1.22", - {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "clusterrolebindings"}: "1.22", - {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "clusterroles"}: "1.22", - {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "rolebindings"}: "1.22", - {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "roles"}: "1.22", - {Group: "scheduling.k8s.io", Version: "v1beta1", Resource: "priorityclasses"}: "1.22", - {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csidrivers"}: "1.22", - {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csinodes"}: "1.22", - {Group: "storage.k8s.io", Version: "v1beta1", Resource: "storageclasses"}: "1.22", - {Group: "storage.k8s.io", Version: "v1beta1", Resource: "volumeattachments"}: "1.22", - {Group: "batch", Version: "v1beta1", Resource: "cronjobs"}: "1.25", - {Group: "discovery.k8s.io", Version: "v1beta1", Resource: "endpointslices"}: "1.25", - {Group: "events.k8s.io", Version: "v1beta1", Resource: "events"}: "1.25", - {Group: "autoscaling", Version: "v2beta1", Resource: "horizontalpodautoscalers"}: "1.25", - {Group: "policy", Version: "v1beta1", Resource: "poddisruptionbudgets"}: "1.25", - {Group: "policy", Version: "v1beta1", Resource: "podsecuritypolicies"}: "1.25", - {Group: "node.k8s.io", Version: "v1beta1", Resource: "runtimeclasses"}: "1.25", - {Group: "autoscaling", Version: "v2beta2", Resource: "horizontalpodautoscalers"}: "1.26", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Resource: "flowschemas"}: "1.26", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Resource: "prioritylevelconfigurations"}: "1.26", - {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csistoragecapacities"}: "1.27", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "flowschemas"}: "1.29", - {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "prioritylevelconfigurations"}: "1.29", + {Group: "apps", Version: "v1beta1", Resource: "controllerrevisions"}: 16, + {Group: "apps", Version: "v1beta1", Resource: "deploymentrollbacks"}: 16, + {Group: "apps", Version: "v1beta1", Resource: "deployments"}: 16, + {Group: "apps", Version: "v1beta1", Resource: "scales"}: 16, + {Group: "apps", Version: "v1beta1", Resource: "statefulsets"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "controllerrevisions"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "daemonsets"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "deployments"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "replicasets"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "scales"}: 16, + {Group: "apps", Version: "v1beta2", Resource: "statefulsets"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "daemonsets"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "deploymentrollbacks"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "deployments"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "networkpolicies"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "podsecuritypolicies"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "replicasets"}: 16, + {Group: "extensions", Version: "v1beta1", Resource: "scales"}: 16, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1", Resource: "flowschemas"}: 21, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1alpha1", Resource: "prioritylevelconfigurations"}: 21, + {Group: "admissionregistration.k8s.io", Version: "v1beta1", Resource: "mutatingwebhookconfigurations"}: 22, + {Group: "admissionregistration.k8s.io", Version: "v1beta1", Resource: "validatingwebhookconfigurations"}: 22, + {Group: "apiextensions.k8s.io", Version: "v1beta1", Resource: "customresourcedefinitions"}: 22, + {Group: "apiregistration.k8s.io", Version: "v1beta1", Resource: "apiservices"}: 22, + {Group: "authentication.k8s.io", Version: "v1beta1", Resource: "tokenreviews"}: 22, + {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "localsubjectaccessreviews"}: 22, + {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectaccessreviews"}: 22, + {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "selfsubjectrulesreviews"}: 22, + {Group: "authorization.k8s.io", Version: "v1beta1", Resource: "subjectaccessreviews"}: 22, + {Group: "certificates.k8s.io", Version: "v1beta1", Resource: "certificatesigningrequests"}: 22, + {Group: "coordination.k8s.io", Version: "v1beta1", Resource: "leases"}: 22, + {Group: "extensions", Version: "v1beta1", Resource: "ingresses"}: 22, + {Group: "networking.k8s.io", Version: "v1beta1", Resource: "ingresses"}: 22, + {Group: "networking.k8s.io", Version: "v1beta1", Resource: "ingressclasses"}: 22, + {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "clusterrolebindings"}: 22, + {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "clusterroles"}: 22, + {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "rolebindings"}: 22, + {Group: "rbac.authorization.k8s.io", Version: "v1beta1", Resource: "roles"}: 22, + {Group: "scheduling.k8s.io", Version: "v1beta1", Resource: "priorityclasses"}: 22, + {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csidrivers"}: 22, + {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csinodes"}: 22, + {Group: "storage.k8s.io", Version: "v1beta1", Resource: "storageclasses"}: 22, + {Group: "storage.k8s.io", Version: "v1beta1", Resource: "volumeattachments"}: 22, + {Group: "batch", Version: "v1beta1", Resource: "cronjobs"}: 25, + {Group: "discovery.k8s.io", Version: "v1beta1", Resource: "endpointslices"}: 25, + {Group: "events.k8s.io", Version: "v1beta1", Resource: "events"}: 25, + {Group: "autoscaling", Version: "v2beta1", Resource: "horizontalpodautoscalers"}: 25, + {Group: "policy", Version: "v1beta1", Resource: "poddisruptionbudgets"}: 25, + {Group: "policy", Version: "v1beta1", Resource: "podsecuritypolicies"}: 25, + {Group: "node.k8s.io", Version: "v1beta1", Resource: "runtimeclasses"}: 25, + {Group: "autoscaling", Version: "v2beta2", Resource: "horizontalpodautoscalers"}: 26, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Resource: "flowschemas"}: 26, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta1", Resource: "prioritylevelconfigurations"}: 26, + {Group: "storage.k8s.io", Version: "v1beta1", Resource: "csistoragecapacities"}: 27, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "flowschemas"}: 29, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "prioritylevelconfigurations"}: 29, + {Group: "flowcontrol.apiserver.k8s.io", Version: "v1beta2", Resource: "prioritylevelconfigurations"}: 32, // OpenShift APIs - {Group: "operator.openshift.io", Version: "v1beta1", Resource: "kubedeschedulers"}: "1.22", + {Group: "operator.openshift.io", Version: "v1beta1", Resource: "kubedeschedulers"}: 22, } // removedRelease of a specified resource.version.group. func removedRelease(resource schema.GroupVersionResource) string { - return deprecatedApiRemovedRelease[resource] + if minor, ok := DeprecatedAPIRemovedRelease[resource]; ok { + return fmt.Sprintf("1.%d", minor) + } + return "" } diff --git a/openshift-kube-apiserver/filters/apirequestcount_filter.go b/openshift-kube-apiserver/filters/apirequestcount_filter.go index 12d1606d6fa7c..6505449ea168a 100644 --- a/openshift-kube-apiserver/filters/apirequestcount_filter.go +++ b/openshift-kube-apiserver/filters/apirequestcount_filter.go @@ -2,20 +2,31 @@ package filters import ( "net/http" + "strconv" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/endpoints/request" + versioninfo "k8s.io/component-base/version" "k8s.io/kubernetes/openshift-kube-apiserver/filters/apirequestcount" ) // WithAPIRequestCountLogging adds a handler that logs counts of api requests. func WithAPIRequestCountLogging(handler http.Handler, requestLogger apirequestcount.APIRequestLogger) http.Handler { + currentMinor, _ := strconv.Atoi(versioninfo.Get().Minor) handlerFunc := http.HandlerFunc(func(w http.ResponseWriter, req *http.Request) { defer handler.ServeHTTP(w, req) info, ok := request.RequestInfoFrom(req.Context()) if !ok || !info.IsResourceRequest { return } + gvr := schema.GroupVersionResource{ + Group: info.APIGroup, + Version: info.APIVersion, + Resource: info.Resource, + } + if minor, ok := apirequestcount.DeprecatedAPIRemovedRelease[gvr]; !ok || minor < currentMinor { + return + } timestamp, ok := request.ReceivedTimestampFrom(req.Context()) if !ok { return @@ -25,11 +36,7 @@ func WithAPIRequestCountLogging(handler http.Handler, requestLogger apirequestco return } requestLogger.LogRequest( - schema.GroupVersionResource{ - Group: info.APIGroup, - Version: info.APIVersion, - Resource: info.Resource, - }, + gvr, timestamp, user.GetName(), req.UserAgent(),