Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Kubectl command headers in requests: KEP 859 #98952

Merged
merged 1 commit into from
Mar 3, 2021
Merged

Kubectl command headers in requests: KEP 859 #98952

merged 1 commit into from
Mar 3, 2021

Conversation

seans3
Copy link
Contributor

@seans3 seans3 commented Feb 10, 2021
edited
Loading

  • alpha (opt-in) implementation of Kubectl Command Headers SIG CLI KEP 859 protected by KUBECTL_COMMAND_HEADERS environment variable.
  • Transparently adds headers such as X-Kubectl-Command to each http request to document which kubectl command spawned the request.
  • Example output using -v=7, showing headers being added to request for a command with subcommands:
$ ./kubectl create secret generic second --from-literal=key1=supersecret -v=7
I0224 20:49:37.332408 1443256 loader.go:372] Config loaded from file:  /home/sean/.kube/config
I0224 20:49:37.336503 1443256 round_trippers.go:432] POST https://127.0.0.1:43177/api/v1/namespaces/default/secrets?fieldManager=kubectl-create
I0224 20:49:37.336519 1443256 round_trippers.go:438] Request Headers:
I0224 20:49:37.336526 1443256 round_trippers.go:442]     Accept: application/json
I0224 20:49:37.336532 1443256 round_trippers.go:442]     User-Agent: kubectl/v1.21.0 (linux/amd64) kubernetes/31efead
I0224 20:49:37.336546 1443256 command_headers.go:47] Adding Request Header: X-Kubectl-Session/bc4c7d66-8c12-46c2-8313-4d256a02af6a
I0224 20:49:37.336553 1443256 command_headers.go:47] Adding Request Header: X-Kubectl-Command/kubectl create secret generic
I0224 20:49:37.344592 1443256 round_trippers.go:457] Response Status: 201 Created in 8 milliseconds
secret/second created
  • Another example using -v=7, showing multiple http requests from a single kubectl command (notice the same session id in each request):
$ kubectl apply -f ~/testdata/testdata-namespace-1/namespace.yaml -v=7
I0224 20:48:03.809620 1442827 loader.go:372] Config loaded from file:  /home/sean/.kube/config
I0224 20:48:03.810493 1442827 round_trippers.go:432] GET https://127.0.0.1:43177/openapi/v2?timeout=32s
I0224 20:48:03.810502 1442827 round_trippers.go:438] Request Headers:
I0224 20:48:03.810511 1442827 round_trippers.go:442]     Accept: application/com.github.proto-openapi.spec.v2@v1.0+protobuf
I0224 20:48:03.810518 1442827 round_trippers.go:442]     User-Agent: kubectl/v1.21.0 (linux/amd64) kubernetes/31efead
I0224 20:48:03.813627 1442827 command_headers.go:47] Adding Request Header: X-Kubectl-Session/490cdf00-c8ce-4fe2-a24f-b8e2454b3ecc
I0224 20:48:03.813663 1442827 command_headers.go:47] Adding Request Header: X-Kubectl-Command/kubectl apply
I0224 20:48:03.821110 1442827 round_trippers.go:457] Response Status: 200 OK in 10 milliseconds
I0224 20:48:03.884687 1442827 round_trippers.go:432] GET https://127.0.0.1:43177/api/v1/namespaces/test-namespace
I0224 20:48:03.884707 1442827 round_trippers.go:438] Request Headers:
I0224 20:48:03.884715 1442827 round_trippers.go:442]     User-Agent: kubectl/v1.21.0 (linux/amd64) kubernetes/31efead
I0224 20:48:03.884722 1442827 round_trippers.go:442]     Accept: application/json
I0224 20:48:03.884730 1442827 command_headers.go:47] Adding Request Header: X-Kubectl-Session/490cdf00-c8ce-4fe2-a24f-b8e2454b3ecc
I0224 20:48:03.884736 1442827 command_headers.go:47] Adding Request Header: X-Kubectl-Command/kubectl apply
I0224 20:48:03.886426 1442827 round_trippers.go:457] Response Status: 200 OK in 1 milliseconds
namespace/test-namespace unchanged
I0224 20:48:03.886615 1442827 apply.go:396] Running apply post-processor function
  • Manually tested by examining API Server logs. Example:
I0225 01:42:12.966894 1826413 httplog.go:89] "HTTP" verb="GET" URI="/version?timeout=32s" Headers="(X-Kubectl-Command=[kubectl get]) (X-Kubectl-Session=[4553ca7a-932d-4f0a-be58-94f6c82eaa78]) (Accept=[application/json, */*]) (User-Agent=[kubectl/v1.21.0 (linux/amd64) kubernetes/a197126]) (Accept-Encoding=[gzip]) " latency="259.229µs" userAgent="kubectl/v1.21.0 (linux/amd64) kubernetes/a197126" srcIP="127.0.0.1:44304" resp=200
  • Another example (notice the session id is the same for the same kubectl get command):
I0225 01:44:04.164623 1826413 httplog.go:89] "HTTP" verb="GET" URI="/version?timeout=32s" Headers="(User-Agent=[kubectl/v1.21.0 (linux/amd64) kubernetes/a197126]) (Accept-Encoding=[gzip]) (X-Kubectl-Session=[e362b5ce-4fd5-4349-b79d-3a45f8aca7e1]) (X-Kubectl-Command=[kubectl get]) (Accept=[application/json, */*]) " latency="250.863µs" userAgent="kubectl/v1.21.0 (linux/amd64) kubernetes/a197126" srcIP="127.0.0.1:46640" resp=200
I0225 01:44:04.178111 1826413 httplog.go:89] "HTTP" verb="GET" URI="/api/v1/namespaces/test-configmaps/configmaps/test-binary-configmap" Headers="(User-Agent=[kubectl/v1.21.0 (linux/amd64) kubernetes/a197126]) (X-Kubectl-Session=[e362b5ce-4fd5-4349-b79d-3a45f8aca7e1]) (X-Kubectl-Command=[kubectl get]) (Accept-Encoding=[gzip]) (Accept=[application/json]) " latency="1.045442ms" userAgent="kubectl/v1.21.0 (linux/amd64) kubernetes/a197126" srcIP="127.0.0.1:46640" resp=200

/kind feature

* Alpha implementation of Kubectl Command Headers: SIG CLI KEP 859 enabled when KUBECTL_COMMAND_HEADERS environment variable set on the client command line.
* To enable: export KUBECTL_COMMAND_HEADERS=1; kubectl ...

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

SIG CLI KEP 859 Kubectl Command Headers

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/dependency Issues or PRs related to dependency changes area/kubectl sig/cli Categorizes an issue or PR as relevant to SIG CLI. labels Feb 10, 2021
@seans3
Copy link
Contributor Author

seans3 commented Feb 10, 2021

/milestone v1.21

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Feb 10, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.21 milestone Feb 10, 2021
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Feb 10, 2021
@k8s-ci-robot k8s-ci-robot requested review from pwittrock, shiywang and a team February 10, 2021 07:32
@seans3 seans3 force-pushed the kubectl-commands-in-headers branch from d4f8987 to e232e6f Compare February 10, 2021 08:09
@seans3 seans3 force-pushed the kubectl-commands-in-headers branch from bfd94b4 to ba140bd Compare February 20, 2021 00:34
@seans3
Copy link
Contributor Author

seans3 commented Feb 20, 2021

/priority important-soon

@k8s-ci-robot k8s-ci-robot added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. labels Feb 20, 2021
@seans3
Copy link
Contributor Author

seans3 commented Feb 20, 2021

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 20, 2021
@seans3
Copy link
Contributor Author

seans3 commented Feb 20, 2021

/retest

@seans3
Copy link
Contributor Author

seans3 commented Mar 2, 2021

/cc @brianpursley

@brianpursley
Copy link
Member

LGTM. I left one nit comment.

Only thing that gave me pause was the special-case handling of proxy in cmd.go. It sort of feels like this detail should be kept inside proxy.go. I'm not familiar enough with why proxy is incompatible with CommandHeaderRoundTripper to know how it could be handled any better than this.

All that being said, I think it looks good.

@seans3 seans3 force-pushed the kubectl-commands-in-headers branch from 42ebf94 to fa52f0d Compare March 2, 2021 22:22
@seans3
Copy link
Contributor Author

seans3 commented Mar 2, 2021

/retest

soltysh
soltysh approved these changes Mar 3, 2021
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
@seans3 seans3 force-pushed the kubectl-commands-in-headers branch from fa52f0d to 02ef178 Compare March 3, 2021 17:03
@k8s-ci-robot k8s-ci-robot added area/code-generation sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. and removed lgtm "Looks good to me", indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Mar 3, 2021
@seans3
Copy link
Contributor Author

seans3 commented Mar 3, 2021

/retest

@seans3 seans3 force-pushed the kubectl-commands-in-headers branch from 02ef178 to 211fc12 Compare March 3, 2021 17:49
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 3, 2021
@seans3
Copy link
Contributor Author

seans3 commented Mar 3, 2021

/retest

2 similar comments
@seans3
Copy link
Contributor Author

seans3 commented Mar 3, 2021

/retest

@seans3
Copy link
Contributor Author

seans3 commented Mar 3, 2021

/retest

soltysh
soltysh approved these changes Mar 3, 2021
View reviewed changes
Copy link
Contributor

@soltysh soltysh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 3, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: brianpursley, seans3, soltysh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot merged commit 85cb886 into kubernetes:master Mar 3, 2021
@KnVerey KnVerey mentioned this pull request Mar 19, 2021
Closed
@sftim
Copy link
Contributor

sftim commented Mar 21, 2021

BTW, headers starting X- are deprecated: https://tools.ietf.org/html/rfc6648

@pwittrock
Copy link
Member

pwittrock commented Mar 25, 2021
edited
Loading

BTW, headers starting X- are deprecated: https://tools.ietf.org/html/rfc6648

FYI this was discussed on the original KEP PR: kubernetes/enhancements#855 (comment)

@seans3 seans3 mentioned this pull request Jan 18, 2023
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pwittrock pwittrock pwittrock left review comments

@brianpursley brianpursley brianpursley approved these changes

@soltysh soltysh soltysh approved these changes

@shiywang shiywang Awaiting requested review from shiywang

Assignees

@soltysh soltysh

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/code-generation area/dependency Issues or PRs related to dependency changes area/kubectl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/cli Categorizes an issue or PR as relevant to SIG CLI. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.21
Development

Successfully merging this pull request may close these issues.
6 participants
@seans3 @brianpursley @k8s-ci-robot @sftim @pwittrock @soltysh