Merge pull request kubernetes#125577 from richabanker/statusz

k8s-ci-robot · web-flow · commit 60651eb17257 · 2024-11-08T01:04:43.000Z
Add statusz endpoint for apiserver
diff --git a/pkg/controlplane/apiserver/server.go b/pkg/controlplane/apiserver/server.go
@@ -36,6 +36,8 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	clientgoinformers "k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
+	zpagesfeatures "k8s.io/component-base/zpages/features"
+	"k8s.io/component-base/zpages/statusz"
 	"k8s.io/component-helpers/apimachinery/lease"
 	"k8s.io/klog/v2"
 	"k8s.io/utils/clock"
@@ -151,6 +153,10 @@ func (c completedConfig) New(name string, delegationTarget genericapiserver.Dele
 		return nil, fmt.Errorf("failed to get listener address: %w", err)
 	}
 
+	if utilfeature.DefaultFeatureGate.Enabled(zpagesfeatures.ComponentStatusz) {
+		statusz.Install(s.GenericAPIServer.Handler.NonGoRestfulMux, name, statusz.NewRegistry())
+	}
+
 	if utilfeature.DefaultFeatureGate.Enabled(apiserverfeatures.CoordinatedLeaderElection) {
 		leaseInformer := s.VersionedInformers.Coordination().V1().Leases()
 		lcInformer := s.VersionedInformers.Coordination().V1alpha1().LeaseCandidates()
diff --git a/pkg/features/kube_features.go b/pkg/features/kube_features.go
@@ -21,6 +21,7 @@ import (
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
 	clientfeatures "k8s.io/client-go/features"
 	"k8s.io/component-base/featuregate"
+	zpagesfeatures "k8s.io/component-base/zpages/features"
 )
 
 const (
@@ -840,6 +841,7 @@ const (
 func init() {
 	runtime.Must(utilfeature.DefaultMutableFeatureGate.Add(defaultKubernetesFeatureGates))
 	runtime.Must(utilfeature.DefaultMutableFeatureGate.AddVersioned(defaultVersionedKubernetesFeatureGates))
+	runtime.Must(zpagesfeatures.AddFeatureGates(utilfeature.DefaultMutableFeatureGate))
 
 	// Register all client-go features with kube's feature gate instance and make all client-go
 	// feature checks use kube's instance. The effect is that for kube binaries, client-go
diff --git a/pkg/features/versioned_kube_features.go b/pkg/features/versioned_kube_features.go
@@ -21,6 +21,7 @@ import (
 	"k8s.io/apimachinery/pkg/util/version"
 	genericfeatures "k8s.io/apiserver/pkg/features"
 	"k8s.io/component-base/featuregate"
+	zpagesfeatures "k8s.io/component-base/zpages/features"
 	kcmfeatures "k8s.io/controller-manager/pkg/features"
 )
 
@@ -801,4 +802,8 @@ var defaultVersionedKubernetesFeatureGates = map[featuregate.Feature]featuregate
 	WindowsHostNetwork: {
 		{Version: version.MustParse("1.26"), Default: true, PreRelease: featuregate.Alpha},
 	},
+
+	zpagesfeatures.ComponentStatusz: {
+		{Version: version.MustParse("1.32"), Default: false, PreRelease: featuregate.Alpha},
+	},
 }
diff --git a/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go b/plugin/pkg/auth/authorizer/rbac/bootstrappolicy/policy.go
@@ -25,6 +25,7 @@ import (
 	"k8s.io/apiserver/pkg/authentication/serviceaccount"
 	"k8s.io/apiserver/pkg/authentication/user"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	zpagesfeatures "k8s.io/component-base/zpages/features"
 
 	rbacv1helpers "k8s.io/kubernetes/pkg/apis/rbac/v1"
 	"k8s.io/kubernetes/pkg/features"
@@ -194,6 +195,18 @@ func NodeRules() []rbacv1.PolicyRule {
 
 // ClusterRoles returns the cluster roles to bootstrap an API server with
 func ClusterRoles() []rbacv1.ClusterRole {
+	monitoringRules := []rbacv1.PolicyRule{
+		rbacv1helpers.NewRule("get").URLs(
+			"/metrics", "/metrics/slis",
+			"/livez", "/readyz", "/healthz",
+			"/livez/*", "/readyz/*", "/healthz/*",
+		).RuleOrDie(),
+	}
+
+	if utilfeature.DefaultFeatureGate.Enabled(zpagesfeatures.ComponentStatusz) {
+		monitoringRules = append(monitoringRules, rbacv1helpers.NewRule("get").URLs("/statusz").RuleOrDie())
+	}
+
 	roles := []rbacv1.ClusterRole{
 		{
 			// a "root" role which can do absolutely anything
@@ -223,13 +236,7 @@ func ClusterRoles() []rbacv1.ClusterRole {
 			// The splatted health check endpoints allow read access to individual health check
 			// endpoints which may contain more sensitive cluster information information
 			ObjectMeta: metav1.ObjectMeta{Name: "system:monitoring"},
-			Rules: []rbacv1.PolicyRule{
-				rbacv1helpers.NewRule("get").URLs(
-					"/metrics", "/metrics/slis",
-					"/livez", "/readyz", "/healthz",
-					"/livez/*", "/readyz/*", "/healthz/*",
-				).RuleOrDie(),
-			},
+			Rules:      monitoringRules,
 		},
 	}
 
diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go
@@ -979,7 +979,7 @@ func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*G
 
 	s.listedPathProvider = routes.ListedPathProviders{s.listedPathProvider, delegationTarget}
 
-	installAPI(s, c.Config)
+	installAPI(name, s, c.Config)
 
 	// use the UnprotectedHandler from the delegation target to ensure that we don't attempt to double authenticator, authorize,
 	// or some other part of the filter chain in delegation cases.
@@ -1076,7 +1076,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler {
 	return handler
 }
 
-func installAPI(s *GenericAPIServer, c *Config) {
+func installAPI(name string, s *GenericAPIServer, c *Config) {
 	if c.EnableIndex {
 		routes.Index{}.Install(s.listedPathProvider, s.Handler.NonGoRestfulMux)
 	}
diff --git a/staging/src/k8s.io/component-base/go.mod b/staging/src/k8s.io/component-base/go.mod
@@ -12,6 +12,7 @@ require (
 	github.com/go-logr/zapr v1.3.0
 	github.com/google/go-cmp v0.6.0
 	github.com/moby/term v0.5.0
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822
 	github.com/prometheus/client_golang v1.19.1
 	github.com/prometheus/client_model v0.6.1
 	github.com/prometheus/common v0.55.0
@@ -59,7 +60,6 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
-	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
diff --git a/staging/src/k8s.io/component-base/metrics/processstarttime.go b/staging/src/k8s.io/component-base/metrics/processstarttime.go
@@ -35,7 +35,7 @@ var processStartTime = NewGaugeVec(
 // a prometheus registry. This metric needs to be included to ensure counter
 // data fidelity.
 func RegisterProcessStartTime(registrationFunc func(Registerable) error) error {
-	start, err := getProcessStart()
+	start, err := GetProcessStart()
 	if err != nil {
 		klog.Errorf("Could not get process start time, %v", err)
 		start = float64(time.Now().Unix())
diff --git a/staging/src/k8s.io/component-base/metrics/processstarttime_others.go b/staging/src/k8s.io/component-base/metrics/processstarttime_others.go
@@ -25,7 +25,7 @@ import (
 	"github.com/prometheus/procfs"
 )
 
-func getProcessStart() (float64, error) {
+func GetProcessStart() (float64, error) {
 	pid := os.Getpid()
 	p, err := procfs.NewProc(pid)
 	if err != nil {
diff --git a/staging/src/k8s.io/component-base/metrics/processstarttime_windows.go b/staging/src/k8s.io/component-base/metrics/processstarttime_windows.go
@@ -23,7 +23,7 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-func getProcessStart() (float64, error) {
+func GetProcessStart() (float64, error) {
 	processHandle := windows.CurrentProcess()
 
 	var creationTime, exitTime, kernelTime, userTime windows.Filetime
diff --git a/staging/src/k8s.io/component-base/zpages/features/doc.go b/staging/src/k8s.io/component-base/zpages/features/doc.go
@@ -0,0 +1,22 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package features contains a separate feature set specifically designed for
+// managing zpages related features. These feature gates control the
+// availability and behavior of various zpages within Kubernetes components.
+// New zpages added to Kubernetes components should utilize this feature set
+// to ensure proper management of their availability.
+package features
diff --git a/staging/src/k8s.io/component-base/zpages/features/kube_features.go b/staging/src/k8s.io/component-base/zpages/features/kube_features.go
@@ -0,0 +1,45 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package features
+
+import (
+	"k8s.io/apimachinery/pkg/util/version"
+	"k8s.io/component-base/featuregate"
+)
+
+const (
+	// owner: @richabanker
+	// kep: https://kep.k8s.io/4827
+	// alpha: v1.32
+	//
+	// Enables /statusz endpoint for a component making it accessible to
+	// users with the system:monitoring cluster role.
+	ComponentStatusz featuregate.Feature = "ComponentStatusz"
+)
+
+func featureGates() map[featuregate.Feature]featuregate.VersionedSpecs {
+	return map[featuregate.Feature]featuregate.VersionedSpecs{
+		ComponentStatusz: {
+			{Version: version.MustParse("1.32"), Default: false, PreRelease: featuregate.Alpha},
+		},
+	}
+}
+
+// AddFeatureGates adds all feature gates used by this package.
+func AddFeatureGates(mutableFeatureGate featuregate.MutableVersionedFeatureGate) error {
+	return mutableFeatureGate.AddVersioned(featureGates())
+}
diff --git a/staging/src/k8s.io/component-base/zpages/statusz/registry.go b/staging/src/k8s.io/component-base/zpages/statusz/registry.go
@@ -0,0 +1,68 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package statusz
+
+import (
+	"time"
+
+	"k8s.io/apimachinery/pkg/util/version"
+	"k8s.io/component-base/featuregate"
+	"k8s.io/klog/v2"
+
+	compbasemetrics "k8s.io/component-base/metrics"
+	utilversion "k8s.io/component-base/version"
+)
+
+type statuszRegistry interface {
+	processStartTime() time.Time
+	goVersion() string
+	binaryVersion() *version.Version
+	emulationVersion() *version.Version
+}
+
+type registry struct{}
+
+func (registry) processStartTime() time.Time {
+	start, err := compbasemetrics.GetProcessStart()
+	if err != nil {
+		klog.Errorf("Could not get process start time, %v", err)
+	}
+
+	return time.Unix(int64(start), 0)
+}
+
+func (registry) goVersion() string {
+	return utilversion.Get().GoVersion
+}
+
+func (registry) binaryVersion() *version.Version {
+	effectiveVer := featuregate.DefaultComponentGlobalsRegistry.EffectiveVersionFor(featuregate.DefaultKubeComponent)
+	if effectiveVer != nil {
+		return effectiveVer.BinaryVersion()
+	}
+
+	return utilversion.DefaultKubeEffectiveVersion().BinaryVersion()
+}
+
+func (registry) emulationVersion() *version.Version {
+	effectiveVer := featuregate.DefaultComponentGlobalsRegistry.EffectiveVersionFor(featuregate.DefaultKubeComponent)
+	if effectiveVer != nil {
+		return effectiveVer.EmulationVersion()
+	}
+
+	return nil
+}
diff --git a/staging/src/k8s.io/component-base/zpages/statusz/registry_test.go b/staging/src/k8s.io/component-base/zpages/statusz/registry_test.go
@@ -0,0 +1,105 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package statusz
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
+	"k8s.io/apimachinery/pkg/util/version"
+	"k8s.io/component-base/featuregate"
+	utilversion "k8s.io/component-base/version"
+)
+
+func TestBinaryVersion(t *testing.T) {
+	componentGlobalsRegistry := featuregate.DefaultComponentGlobalsRegistry
+	tests := []struct {
+		name                    string
+		setFakeEffectiveVersion bool
+		fakeVersion             string
+		wantBinaryVersion       *version.Version
+	}{
+		{
+			name:                    "binaryVersion with effective version",
+			wantBinaryVersion:       version.MustParseSemantic("v1.2.3"),
+			setFakeEffectiveVersion: true,
+			fakeVersion:             "1.2.3",
+		},
+		{
+			name:              "binaryVersion without effective version",
+			wantBinaryVersion: utilversion.DefaultKubeEffectiveVersion().BinaryVersion(),
+		},
+	}
+
+	for _, tt := range tests {
+		componentGlobalsRegistry.Reset()
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setFakeEffectiveVersion {
+				verKube := utilversion.NewEffectiveVersion(tt.fakeVersion)
+				fg := featuregate.NewVersionedFeatureGate(version.MustParse(tt.fakeVersion))
+				utilruntime.Must(componentGlobalsRegistry.Register(featuregate.DefaultKubeComponent, verKube, fg))
+			}
+
+			registry := &registry{}
+			got := registry.binaryVersion()
+			assert.Equal(t, tt.wantBinaryVersion, got)
+		})
+	}
+}
+
+func TestEmulationVersion(t *testing.T) {
+	componentGlobalsRegistry := featuregate.DefaultComponentGlobalsRegistry
+	tests := []struct {
+		name                    string
+		setFakeEffectiveVersion bool
+		fakeEmulVer             string
+		wantEmul                *version.Version
+	}{
+		{
+			name:                    "emulationVersion with effective version",
+			fakeEmulVer:             "2.3.4",
+			setFakeEffectiveVersion: true,
+			wantEmul:                version.MustParseSemantic("2.3.4"),
+		},
+		{
+			name:     "emulationVersion without effective version",
+			wantEmul: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		componentGlobalsRegistry.Reset()
+		t.Run(tt.name, func(t *testing.T) {
+			if tt.setFakeEffectiveVersion {
+				verKube := utilversion.NewEffectiveVersion("0.0.0")
+				verKube.SetEmulationVersion(version.MustParse(tt.fakeEmulVer))
+				fg := featuregate.NewVersionedFeatureGate(version.MustParse(tt.fakeEmulVer))
+				utilruntime.Must(componentGlobalsRegistry.Register(featuregate.DefaultKubeComponent, verKube, fg))
+			}
+
+			registry := &registry{}
+			got := registry.emulationVersion()
+			if tt.wantEmul != nil && got != nil {
+				assert.Equal(t, tt.wantEmul.Major(), got.Major())
+				assert.Equal(t, tt.wantEmul.Minor(), got.Minor())
+			} else {
+				assert.Equal(t, tt.wantEmul, got)
+			}
+		})
+	}
+}
diff --git a/staging/src/k8s.io/component-base/zpages/statusz/statusz.go b/staging/src/k8s.io/component-base/zpages/statusz/statusz.go
diff --git a/staging/src/k8s.io/component-base/zpages/statusz/statusz_test.go b/staging/src/k8s.io/component-base/zpages/statusz/statusz_test.go
diff --git a/test/featuregates_linter/test_data/versioned_feature_list.yaml b/test/featuregates_linter/test_data/versioned_feature_list.yaml
diff --git a/test/integration/auth/rbac_test.go b/test/integration/auth/rbac_test.go

Original file line number	Diff line number	Diff line change
`@@ -979,7 +979,7 @@ func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*G`
`979`	`979`
`980`	`980`	`s.listedPathProvider = routes.ListedPathProviders{s.listedPathProvider, delegationTarget}`
`981`	`981`
`982`		`- installAPI(s, c.Config)`
	`982`	`+ installAPI(name, s, c.Config)`
`983`	`983`
`984`	`984`	`// use the UnprotectedHandler from the delegation target to ensure that we don't attempt to double authenticator, authorize,`
`985`	`985`	`// or some other part of the filter chain in delegation cases.`
`@@ -1076,7 +1076,7 @@ func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler {`
`1076`	`1076`	`return handler`
`1077`	`1077`	`}`
`1078`	`1078`
`1079`		`-func installAPI(s GenericAPIServer, c Config) {`
	`1079`	`+func installAPI(name string, s GenericAPIServer, c Config) {`
`1080`	`1080`	`if c.EnableIndex {`
`1081`	`1081`	`routes.Index{}.Install(s.listedPathProvider, s.Handler.NonGoRestfulMux)`
`1082`	`1082`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,7 +25,7 @@ import (`
`25`	`25`	`"github.com/prometheus/procfs"`
`26`	`26`	`)`
`27`	`27`
`28`		`-func getProcessStart() (float64, error) {`
	`28`	`+func GetProcessStart() (float64, error) {`
`29`	`29`	`pid := os.Getpid()`
`30`	`30`	`p, err := procfs.NewProc(pid)`
`31`	`31`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@ import (`
`23`	`23`	`"golang.org/x/sys/windows"`
`24`	`24`	`)`
`25`	`25`
`26`		`-func getProcessStart() (float64, error) {`
	`26`	`+func GetProcessStart() (float64, error) {`
`27`	`27`	`processHandle := windows.CurrentProcess()`
`28`	`28`
`29`	`29`	`var creationTime, exitTime, kernelTime, userTime windows.Filetime`