apiserverk8s.io/apiserver/pkg/util/peerproxy Index | Files | Directories

package peerproxy

import "k8s.io/apiserver/pkg/util/peerproxy"

Index

Constants 

const (
	PeerProxiedHeader = "x-kubernetes-peer-proxied"
)

Functions

func NewPeerProxyHandler 

func NewPeerProxyHandler(
	serverId string,
	identityLeaseLabelSelector string,
	leaseInformer coordinationv1informers.LeaseInformer,
	reconciler reconcilers.PeerEndpointLeaseReconciler,
	ser runtime.NegotiatedSerializer,
	loopbackClientConfig *rest.Config,
	proxyClientConfig *transport.Config,
) (*peerProxyHandler, error)

New creates a new instance to implement unknown version proxy This method is used for an alpha feature UnknownVersionInteroperabilityProxy and is subject to future modifications.

Types

type GVExclusionManager 

type GVExclusionManager struct {
	// contains filtered or unexported fields
}

GVExclusionManager manages the exclusion of group-versions from peer discovery. It maintains two atomic maps: - currentlyActiveGVs: All GVs currently served by CRDs and aggregated APIServices - recentlyDeletedGVs: GVs belonging to CRDs and aggregated APIServices that were recently deleted, tracked with deletion timestamp for grace period

It runs two workers:

  1. Active GV Tracker: Triggered on CRD/APIService events, rebuilds active GVs and reaps expired deleted GVs. When a GV is deleted, a delayed sync is scheduled after the grace period to reap it.
  2. Peer Discovery Re-filter: Rate-limited worker that filters peer cache

func NewGVExclusionManager 

func NewGVExclusionManager(
	exclusionGracePeriod time.Duration,
	rawPeerDiscoveryCache *atomic.Value,
	invalidationCallback *atomic.Pointer[func()],
) *GVExclusionManager

NewGVExclusionManager creates a new GV exclusion manager.

func (*GVExclusionManager) GetFilteredPeerDiscoveryCache 

func (m *GVExclusionManager) GetFilteredPeerDiscoveryCache() map[string]PeerDiscoveryCacheEntry

GetFilteredPeerDiscoveryCache returns the filtered peer discovery cache.

func (*GVExclusionManager) RegisterAPIServiceInformerHandlers 

func (m *GVExclusionManager) RegisterAPIServiceInformerHandlers(apiServiceInformer cache.SharedIndexInformer, extractor GVExtractor) error

RegisterAPIServiceInformerHandlers registers event handlers for APIService informer using a custom extractor. The extractor function is responsible for extracting GroupVersions from APIService objects and determining if they represent aggregated APIs.

func (*GVExclusionManager) RegisterCRDInformerHandlers 

func (m *GVExclusionManager) RegisterCRDInformerHandlers(crdInformer cache.SharedIndexInformer, extractor GVExtractor) error

RegisterCRDInformerHandlers registers event handlers for CRD informer using a custom extractor. The extractor function is responsible for extracting GroupVersions from CRD objects.

func (*GVExclusionManager) RunPeerDiscoveryActiveGVTracker 

func (m *GVExclusionManager) RunPeerDiscoveryActiveGVTracker(ctx context.Context)

RunPeerDiscoveryActiveGVTracker runs the Active GV Tracker worker. This worker is triggered by CRD/APIService events and rebuilds the active GV set and reaps expired GVs.

func (*GVExclusionManager) RunPeerDiscoveryRefilter 

func (m *GVExclusionManager) RunPeerDiscoveryRefilter(ctx context.Context)

RunPeerDiscoveryRefilter runs the Peer Discovery Re-filter worker. This worker filters the peer discovery cache using the exclusion set.

func (*GVExclusionManager) TriggerRefilter 

func (m *GVExclusionManager) TriggerRefilter()

TriggerRefilter triggers the refilter worker to apply exclusions to the filtered cache. This should be called by peerLeaseQueue after updating the raw peer discovery cache.

func (*GVExclusionManager) WaitForCacheSync 

func (m *GVExclusionManager) WaitForCacheSync(stopCh <-chan struct{}) bool

WaitForCacheSync waits for the informer caches to sync.

type GVExtractor 

type GVExtractor func(obj interface{}) []schema.GroupVersion

GVExtractor is a function that extracts group-versions from an object. It returns a slice of GroupVersions belonging to CRDs or aggregated APIs that should be excluded from peer-discovery to avoid advertising stale CRDs/aggregated APIs in peer-aggregated discovery that were deleted but still appear in a peer's discovery.

type Interface 

type Interface interface {
	WrapHandler(handler http.Handler) http.Handler
	WaitForCacheSync(stopCh <-chan struct{}) error
	HasFinishedSync() bool
	RunLocalDiscoveryCacheSync(stopCh <-chan struct{}) error
	RunPeerDiscoveryCacheSync(ctx context.Context, workers int)
	GetPeerResources() map[string][]apidiscoveryv2.APIGroupDiscovery
	RegisterCacheInvalidationCallback(cb func())

	// RegisterCRDInformerHandlers registers event handlers on the CRD informer to track
	// which GroupVersions are served locally by CRDs. When a CRD is created or updated,
	// its GV is added to the exclusion set. When deleted, the GV is marked for exclusion
	// during a grace period to allow peers to observe the deletion. The extractor function
	// extracts the GroupVersion from a CRD object.
	//
	// This exclusion is necessary because peer discovery is not refreshed when a local
	// CRD is deleted. Without exclusion, the deleted GV might still appear in cached peer
	// discovery data, causing requests to be incorrectly routed to a peer for a GV that
	// no longer exists locally. Therefore, we intentionally exclude CRD GVs from peer
	// discovery from the start and only rely on the local apiserver's view of the CRD
	// to serve it in peer-aggregated discovery.
	RegisterCRDInformerHandlers(crdInformer cache.SharedIndexInformer, extractor GVExtractor) error

	// RegisterAPIServiceInformerHandlers registers event handlers on the APIService informer
	// to track which GroupVersions are served locally by aggregated APIServices. When an
	// APIService is created or updated, its GV is added to the exclusion set. When deleted,
	// the GV is marked for exclusion during a grace period.
	//
	// This exclusion is necessary because peer discovery is not refreshed when a local
	// aggregated APIService is deleted. Without exclusion, the deleted GV might still appear
	// in cached peer discovery data, causing requests to be incorrectly routed to a peer.
	// Therefore, we intentionally exclude aggregated APIService GVs from peer discovery
	// from the start and only rely on the local apiserver's view to serve them in
	// peer-aggregated discovery.
	RegisterAPIServiceInformerHandlers(apiServiceInformer cache.SharedIndexInformer, extractor GVExtractor) error

	// RunPeerDiscoveryActiveGVTracker starts a worker that processes CRD/APIService informer
	// events to rebuild the set of actively served GroupVersions. This worker is triggered
	// whenever a CRD or APIService is added or updated and updates the exclusion
	// set accordingly. When a GV is deleted, a delayed sync is automatically scheduled
	// after the grace period to reap expired GVs from the exclusion set.
	RunPeerDiscoveryActiveGVTracker(ctx context.Context)

	// RunPeerDiscoveryRefilter starts a worker that re-applies exclusion filtering to the
	// cached peer discovery data whenever the exclusion set changes. This ensures that
	// already-cached peer discovery responses are immediately updated to exclude newly added
	// or updated local GVs, rather than waiting for the next peer lease event to trigger a
	// cache refresh of peer discovery data.
	RunPeerDiscoveryRefilter(ctx context.Context)
}

Interface defines how the Mixed Version Proxy filter interacts with the underlying system.

type PeerDiscoveryCacheEntry 

type PeerDiscoveryCacheEntry struct {
	GVRs           map[schema.GroupVersionResource]bool
	GroupDiscovery []apidiscoveryv2.APIGroupDiscovery
}

PeerDiscoveryCacheEntry holds the GVRs and group-level discovery info for a peer.

Source Files

gv_exclusion_manager.go local_discovery.go peer_discovery.go peerproxy.go peerproxy_handler.go

Directories

PathSynopsis
pkg/util/peerproxy/metrics
Version
v0.36.0 (latest)
Published
Apr 22, 2026
Platform
linux/amd64
Imports
38 packages
Last checked
4 days ago

Tools for package owners.