f90bbc3d6b
The `certificate_expiration_seconds` histogram measures the remaining time of client certificates used to authenticate to the API server. It records the lifetime of received client request certificates in buckets of 6h, 12h, ..., 1y. In environments with automated certificate rotation it is not uncommen to have issued certificates expire in less than the above mentioned minimum bucket of 6h. In such environments the above histogram is useless given that every request will be recorded in the first bucket. This patch increases the histogram resolution by adding a 30m, 1h and 2h bucket. Prometheus histogram buckets are cummulative, e.g. the 12h bucket is counting _all_ records with an expiration date lower or equal to 12h including _all_ requests of the 6h bucket. Thereby this patch does not break existing monitoring setups. This histogram is exposed once per API server, thereby the 3 additional time series do not cause a cardinality issue.
External Repository Staging Area
This directory is the staging area for packages that have been split to their own repository. The content here will be periodically published to respective top-level k8s.io repositories.
Repositories currently staged here:
k8s.io/apik8s.io/apiextensions-apiserverk8s.io/apimachineryk8s.io/apiserverk8s.io/cli-runtimek8s.io/client-gok8s.io/cloud-providerk8s.io/cluster-bootstrapk8s.io/code-generatork8s.io/component-basek8s.io/csi-apik8s.io/csi-translation-libk8s.io/kube-aggregatork8s.io/kube-controller-managerk8s.io/kube-proxyk8s.io/kube-schedulerk8s.io/kubeletk8s.io/metricsk8s.io/node-apik8s.io/sample-apiserverk8s.io/sample-cli-plugink8s.io/sample-controller
The code in the staging/ directory is authoritative, i.e. the only copy of the code. You can directly modify such code.
Using staged repositories from Kubernetes code
Kubernetes code uses the repositories in this directory via symlinks in the
vendor/k8s.io directory into this staging area. For example, when
Kubernetes code imports a package from the k8s.io/client-go repository, that
import is resolved to staging/src/k8s.io/client-go relative to the project
root:
// pkg/example/some_code.go
package example
import (
"k8s.io/client-go/dynamic" // resolves to staging/src/k8s.io/client-go/dynamic
)
Once the change-over to external repositories is complete, these repositories
will actually be vendored from k8s.io/<package-name>.
Creating a new repository in staging
Adding the staging repository in kubernetes/kubernetes:
-
Send an email to the SIG Architecture mailing list and the mailing list of the SIG which would own the repo requesting approval for creating the staging repository.
-
Once approval has been granted, create the new staging repository.
-
Add a symlink to the staging repo in
vendor/k8s.io. -
Update
import-restrictions.yamlto add the list of other staging repos that this new repo can import. -
Add all mandatory template files to the staging repo as mentioned in https://github.com/kubernetes/kubernetes-template-project.
-
Make sure that the
.github/PULL_REQUEST_TEMPLATE.mdandCONTRIBUTING.mdfiles mention that PRs are not directly accepted to the repo.
Creating the published repository
-
Create an issue in the
kubernetes/orgrepo to request creation of the respective published repository in the Kubernetes org. The published repository must have an initial empty commit. It also needs specific access rules and branch settings. See #kubernetes/org#58 for an example. -
Setup branch protection and enable access to the
stage-botsteam by adding the repo inprow/config.yaml. See #kubernetes/test-infra#9292 for an example. -
Once the repository has been created in the Kubernetes org, update the publishing-bot to publish the staging repository by updating:
-
rules.yaml: Make sure that the list of dependencies reflects the staging repos in theGodeps.jsonfile. -
fetch-all-latest-and-push.sh: Add the staging repo in the list of repos to be published.
-
-
Add the staging and published repositories as a subproject for the SIG that owns the repos in
sigs.yaml. -
Add the repo to the list of staging repos in this
README.mdfile.