Skip to content

Commit

Permalink
Merge pull request #109024 from stlaz/sha1_sig_deprecation
Browse files Browse the repository at this point in the history 
webhooks,aggregation: add metrics to count certs with SHA1 signatures

Kubernetes-commit: e0ca5cfd73bd046ee5fbdef50e073842e6fbc52f
  • Loading branch information
@k8s-publishing-bot
k8s-publishing-bot committed Mar 28, 2022
2 parents b4638dd + b933b02 commit 45c5478
Show file tree
Hide file tree
Showing 4 changed files with 29 additions and 13 deletions.
12 changes: 6 additions & 6 deletions go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ require (
github.com/stretchr/testify v1.7.0
golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
k8s.io/api v0.0.0-20220327010943-9431395a90d0
k8s.io/apimachinery v0.0.0-20220327010739-4d8ad187e0a0
k8s.io/apiserver v0.0.0-20220327012231-6144d1e2b7cc
k8s.io/apimachinery v0.0.0-20220327010740-1992dccd17de
k8s.io/apiserver v0.0.0-20220328172932-8c9e58df375b
k8s.io/client-go v0.0.0-20220327011239-402aa66c5cad
k8s.io/code-generator v0.0.0-20220327010549-a207ba43f29b
k8s.io/component-base v0.0.0-20220327011759-ab4264d408ec
k8s.io/component-base v0.0.0-20220328131428-cf687172c5c1
k8s.io/klog/v2 v2.60.1
k8s.io/kube-openapi v0.0.0-20220324211241-9f9c01d62a3a
k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9
Expand All @@ -26,9 +26,9 @@ require (

replace (
k8s.io/api => k8s.io/api v0.0.0-20220327010943-9431395a90d0
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220327010739-4d8ad187e0a0
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20220327012231-6144d1e2b7cc
k8s.io/apimachinery => k8s.io/apimachinery v0.0.0-20220327010740-1992dccd17de
k8s.io/apiserver => k8s.io/apiserver v0.0.0-20220328172932-8c9e58df375b
k8s.io/client-go => k8s.io/client-go v0.0.0-20220327011239-402aa66c5cad
k8s.io/code-generator => k8s.io/code-generator v0.0.0-20220327010549-a207ba43f29b
k8s.io/component-base => k8s.io/component-base v0.0.0-20220327011759-ab4264d408ec
k8s.io/component-base => k8s.io/component-base v0.0.0-20220328131428-cf687172c5c1
)
12 changes: 6 additions & 6 deletions go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -950,16 +950,16 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
k8s.io/api v0.0.0-20220327010943-9431395a90d0 h1:X+CjFuKiWUYmXxuNueT2v0YNHDZhiRJ0389k24Fh1cg=
k8s.io/api v0.0.0-20220327010943-9431395a90d0/go.mod h1:OHmmfP+B0EkV7rltm6KDhsy7UJUjc3nPo97jKZwLIkM=
k8s.io/apimachinery v0.0.0-20220327010739-4d8ad187e0a0 h1:vZrBcVfdctsRfR+SUOLUmY4+eU4FOnRIpsx03xNPqJ8=
k8s.io/apimachinery v0.0.0-20220327010739-4d8ad187e0a0/go.mod h1:WkN7hnr/sIpKTK8v3BZKqLkdqTMz00TBdMWqE0M0O7Q=
k8s.io/apiserver v0.0.0-20220327012231-6144d1e2b7cc h1:cS0Rf120lB60Q1a/Kmh00Gx/8+LqPCuVgdB8xSfxDic=
k8s.io/apiserver v0.0.0-20220327012231-6144d1e2b7cc/go.mod h1:auD1U3cWklGlcjJqncL/2kBAI69VD4D96rq/uD/y0hU=
k8s.io/apimachinery v0.0.0-20220327010740-1992dccd17de h1:YQ7cVEFpw9qaBjGa5/JYzHq/Xi/mKBAeUmEt6NwljMc=
k8s.io/apimachinery v0.0.0-20220327010740-1992dccd17de/go.mod h1:WkN7hnr/sIpKTK8v3BZKqLkdqTMz00TBdMWqE0M0O7Q=
k8s.io/apiserver v0.0.0-20220328172932-8c9e58df375b h1:gPp8WDs8INofE1+x6ky/a0y1sLY4qi0kA5lQrrhOHsM=
k8s.io/apiserver v0.0.0-20220328172932-8c9e58df375b/go.mod h1:QZ0P6Gy+3pAAxZxq2hT37b0s5zv3gzS1DkeP5TA3p50=
k8s.io/client-go v0.0.0-20220327011239-402aa66c5cad h1:v2udgOBdg/+3kM7nGJtQfjvnlsjgA0wdR9sJjiX7UfQ=
k8s.io/client-go v0.0.0-20220327011239-402aa66c5cad/go.mod h1:HCq7QlEN/lEZ7hg4X9ldPo4rbktT3jtB83/5IJmurlw=
k8s.io/code-generator v0.0.0-20220327010549-a207ba43f29b h1:/W7LKW7INcyQg+4t9MiVKiAcNEfcEJKr3GNFwJTXwaM=
k8s.io/code-generator v0.0.0-20220327010549-a207ba43f29b/go.mod h1:K+f3PS8AJPkGO9NJoAqq6J1NMsr37Ey1IaQrQ2c97yQ=
k8s.io/component-base v0.0.0-20220327011759-ab4264d408ec h1:FJOEmHL/fuAEoY/W+SUmBrfrN4lwqBpAGPIAnS4yGpA=
k8s.io/component-base v0.0.0-20220327011759-ab4264d408ec/go.mod h1:ovi3X90kD1M022w7Jk4rQ0JiXQSCTZGXTP3xC65q2FM=
k8s.io/component-base v0.0.0-20220328131428-cf687172c5c1 h1:u12RSj/wUOlBMijVItJMa5oFTamtWwcJGpl0m64M3Vc=
k8s.io/component-base v0.0.0-20220328131428-cf687172c5c1/go.mod h1:bv8VKJjKvywGpxYTIs9+A7blbVBaoOSApzZwU1DLK/8=
k8s.io/gengo v0.0.0-20210813121822-485abfe95c7c/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185 h1:TT1WdmqqXareKxZ/oNXEUSwKlLiHzPMyB0t8BaFeBYI=
k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
Expand Down
5 changes: 4 additions & 1 deletion pkg/apiserver/handler_proxy.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,10 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationv1api.APIServ
CAData: apiService.Spec.CABundle,
},
}
clientConfig.Wrap(x509metrics.NewMissingSANRoundTripperWrapperConstructor(x509MissingSANCounter))
clientConfig.Wrap(x509metrics.NewDeprecatedCertificateRoundTripperWrapperConstructor(
x509MissingSANCounter,
x509InsecureSHA1Counter,
))

newInfo := proxyHandlingInfo{
name: apiService.Name,
Expand Down
13 changes: 13 additions & 0 deletions pkg/apiserver/metrics.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,19 @@ var x509MissingSANCounter = metrics.NewCounter(
},
)

var x509InsecureSHA1Counter = metrics.NewCounter(
&metrics.CounterOpts{
Subsystem: "kube_aggregator",
Namespace: "apiserver",
Name: "x509_insecure_sha1_total",
Help: "Counts the number of requests to servers with insecure SHA1 signatures " +
"in their serving certificate OR the number of connection failures " +
"due to the insecure SHA1 signatures (either/or, based on the runtime environment)",
StabilityLevel: metrics.ALPHA,
},
)

func init() {
legacyregistry.MustRegister(x509MissingSANCounter)
legacyregistry.MustRegister(x509InsecureSHA1Counter)
}

0 comments on commit 45c5478

Please sign in to comment.