Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubelet cert TTL via GaugeFunc #85874

Merged
merged 1 commit into from
Dec 9, 2019
Merged

Kubelet cert TTL via GaugeFunc #85874

merged 1 commit into from
Dec 9, 2019

Conversation

sambdavidson
Copy link
Contributor

Rewrote the Kubelet client and serving certificate packages to use a GaugeFunc instead of a traditional Gauge. This allows them both to accurately report the TTL of their certificates at read time rather than arbitrary setting the TTL in unrelated threads.

The metric certificate_manager_server_expiration_seconds has been renamed to certificate_manager_server_ttl_seconds and its behavior has changed from reporting an absolute time, to reporting the seconds remaining e.g. date seconds since epoch like 1257894000 -> remaining seconds like 1234.

The behavior of rest_client_exec_plugin_ttl_seconds remains the same it has just become more accurate when read.

What type of PR is this?
/kind cleanup

What this PR does / why we need it:
Building off of new client cert metrics (#84382), new serving cert metrics (#84534), and a GaugeFunc implementation (#83830). We now have accurate insights into Kubetlet certificate rotations and TTL. This provides visibility towards efforts of shortening certificate lifetimes.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

- Renamed Kubelet metric certificate_manager_server_expiration_seconds to certificate_manager_server_ttl_seconds and changed to report the second until expiration at read time rather than absolute time of expiry.
- Improved accuracy of Kubelet metric rest_client_exec_plugin_ttl_seconds.

/assign @awly @logicalhan @liggitt

@k8s-ci-robot k8s-ci-robot added the release-note Denotes a PR that will be considered when it comes time to generate release notes. label Dec 4, 2019
@k8s-ci-robot k8s-ci-robot added kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Dec 4, 2019
@k8s-ci-robot k8s-ci-robot added area/kubelet sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/node Categorizes an issue or PR as relevant to SIG Node. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Dec 4, 2019
logicalhan
logicalhan approved these changes Dec 6, 2019
View reviewed changes
Copy link
Member

@logicalhan logicalhan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Thanks for iterating over this!

staging/src/k8s.io/client-go/plugin/pkg/client/auth/exec/metrics_test.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 6, 2019
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 6, 2019
@liggitt
Copy link
Member

liggitt commented Dec 9, 2019

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 9, 2019
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: liggitt, sambdavidson

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 9, 2019
@k8s-ci-robot k8s-ci-robot merged commit 398e2bc into kubernetes:master Dec 9, 2019
@k8s-ci-robot k8s-ci-robot added this to the v1.18 milestone Dec 9, 2019
@sambdavidson sambdavidson deleted the ttlFunc branch December 9, 2019 23:09
@liggitt liggitt mentioned this pull request May 15, 2020
Merged
@mcristina422 mcristina422 mentioned this pull request Nov 19, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@logicalhan logicalhan logicalhan approved these changes

@awly awly Awaiting requested review from awly

@coffeepac coffeepac Awaiting requested review from coffeepac

Assignees

@logicalhan logicalhan

@liggitt liggitt

@awly awly

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubelet cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/auth Categorizes an issue or PR as relevant to SIG Auth. sig/cluster-lifecycle Categorizes an issue or PR as relevant to SIG Cluster Lifecycle. sig/instrumentation Categorizes an issue or PR as relevant to SIG Instrumentation. sig/node Categorizes an issue or PR as relevant to SIG Node. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.18
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@sambdavidson @liggitt @k8s-ci-robot @logicalhan @awly