github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b837a0c1ff
kubernetes/pkg
History
Francesco Romani b837a0c1ff kubelet: podresources: DOS prevention with builtin ratelimit 
Implement DOS prevention wiring a global rate limit for podresources
API. The goal here is not to introduce a general ratelimiting solution
for the kubelet (we need more research and discussion to get there),
but rather to prevent misuse of the API.

Known limitations:
- the rate limits value (QPS, BurstTokens) are hardcoded to
  "high enough" values.
  Enabling user-configuration would require more discussion
  and sweeping changes to the other kubelet endpoints, so it
  is postponed for now.
- the rate limiting is global. Malicious clients can starve other
  clients consuming the QPS quota.

Add e2e test to exercise the flow, because the wiring itself
is mostly boilerplate and API adaptation.
2023-03-11 08:00:54 +01:00
..
api dedupe pod resource request calculation 2023-03-09 17:15:53 -06:00
apis Merge pull request #115260 from pwschuurman/kep-3335-statefulset-start-ordinal-beta 2023-03-09 21:34:30 -08:00
auth Merge pull request #105598 from gy95/match 2022-01-05 09:22:38 -08:00
capabilities
client delete unused functions in pkg directory 2023-01-16 21:43:36 +08:00
cloudprovider Remove AWS legacy cloud provider + EBS in-tree storage plugin 2023-03-06 14:01:15 +00:00
cluster/ports e2e_node/{service,util}: use kubelet healthz port. 2022-04-22 16:14:31 -07:00
controller Merge pull request #114420 from bzsuni/bz/optimization 2023-03-09 21:33:37 -08:00
controlplane KEP-3325: Promote SelfSubjectReview to Beta (#116274) 2023-03-08 15:42:33 -08:00
credentialprovider Drop AWS kubelet credential provider and cleanup AWS storage e2e tests 2023-03-07 09:00:12 -05:00
features Merge pull request #115260 from pwschuurman/kep-3335-statefulset-start-ordinal-beta 2023-03-09 21:34:30 -08:00
fieldpath Improved FormatMap: Improves performance by about 4x, or nearly 2x in the worst case (#112661) 2023-03-01 22:26:55 -08:00
generated Merge pull request #115969 from DangerOnTheRanger/messageExpression-for-crd 2023-03-09 22:43:19 -08:00
kubeapiserver authenticator config: use static CA reader for OIDC CA 2023-02-14 13:43:58 +01:00
kubectl Refactor to simplify factory Validator 2022-12-11 18:20:28 -08:00
kubelet kubelet: podresources: DOS prevention with builtin ratelimit 2023-03-11 08:00:54 +01:00
kubemark Merge pull request #114357 from dengyufeng2206/1208pull 2023-03-09 21:33:22 -08:00
printers Merge pull request #114759 from my-git9/chore/k8staint 2023-01-31 21:01:17 -08:00
probe Merge pull request #115708 from my-git9/ut-util 2023-03-10 00:06:40 -08:00
proxy Merge pull request #111661 from alexanderConstantinescu/etp-local-svc-hc-kube-proxy 2023-03-07 05:34:36 -08:00
quota/v1 dedupe pod resource request calculation 2023-03-09 17:15:53 -06:00
registry Merge pull request #115065 from apelisse/apimachinery-managed-fields 2023-03-09 21:34:22 -08:00
routes unittests: Fixes unit tests for Windows (part 3) 2022-10-21 19:25:48 +03:00
scheduler Merge pull request #116395 from alculquicondor/fix-podinfo-race 2023-03-09 22:44:17 -08:00
security changes in NewValidator 2023-02-21 13:02:30 +05:30
securitycontext add SeccompProfile to Pod and Container accessors/mutators 2023-02-22 17:15:27 +01:00
serviceaccount handle new error where sa jwt issued in the future 2023-03-02 03:15:13 +01:00
util Merge pull request #115527 from sondinht/ipvs_sh 2023-02-14 04:25:30 -08:00
volume Merge pull request #115314 from UiPath/fix-quota-monitoring 2023-03-09 22:42:39 -08:00
windows/service Fix typo at pkg/windows/service/service.go:94 2022-03-24 07:25:33 -04:00
.import-restrictions
OWNERS Move root approvers to subdirs 2022-10-10 13:43:03 -04:00