The `certificate_expiration_seconds` histogram measures the remaining
time of client certificates used to authenticate to the API server. It
records the lifetime of received client request certificates in buckets
of 6h, 12h, ..., 1y.
In environments with automated certificate rotation it is not uncommen
to have issued certificates expire in less than the above mentioned
minimum bucket of 6h. In such environments the above histogram is
useless given that every request will be recorded in the first bucket.
This patch increases the histogram resolution by adding a 30m, 1h and 2h
bucket. Prometheus histogram buckets are cummulative, e.g. the 12h
bucket is counting _all_ records with an expiration date lower or equal
to 12h including _all_ requests of the 6h bucket. Thereby this patch
does not break existing monitoring setups. This histogram is exposed
once per API server, thereby the 3 additional time series do not cause a
cardinality issue.
k/k#71137:
- apiextensions: prune {any,one}Of + Not recursively on OpenAPI v2 conversion
roycaihw/kubernetes#6:
- apiextensions: filter CRD schema to not break (too) strict kube-openapi
- model validator;
- SQUASH: fix root level filtering to not drop properties;
- SQUASH: fix incomplete test specs which degenerate during kubectl <= 1.13 filtering
Co-authored-by: Dr. Stefan Schimanski <stefan.schimanski@gmail.com>
When setting up a port forwarding with the client-go library (using the
`k8s.io/client-go/tools/portforward.PortForwarder`) with a non-defined local
port (i.e. passing `:80` as `ports` parameter to `portforward.New(...)`), a
local port will be assigned dynamically.
Currently, the local port will be _always_ 0 if it was not specified initially.
This is because the assigned local port is only set on a _copy_ of the actual
`ForwardedPort` type that is obtained in a `range` loop. This PR changes this
behaviour to set the local port at the correct instance by passing a pointer
instead of a copy to the relevant functions.
