Closed vladklokun closed 1 year ago
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components.
🦉 GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.
Our GitHub checks need improvements? Share your feedbacks!
warning GitGuardian has uncovered 2 secrets following the scan of your pull request.
Please consider investigating the findings and remediating the incidents. Failure to do so may lead to compromising the associated services or software components. mag_right Detected hardcoded secrets in your pull request hammer_and_wrench Guidelines to remediate hardcoded secrets
owl GitGuardian detects secrets in your source code to help developers and security teams secure the modern development process. You are seeing this because you or someone else with access to this repository has authorized GitGuardian to scan your pull request.Our GitHub checks need improvements? Share your feedbacks!
This is a false positive in the vendored k8s.io/apiserver
package. It contains an example of a secret in a structure’s doc comment.
@dwertent
I can’t add a comment using native Github tools, because the changed vendored file is in the latter part of the 5000+ changed files.
The third place where we change the limits is in vendor/k8s.io/apiserver/pkg/storage/storagebackend/factory/etcd3.go:228
, which looks like this:
var newETCD3Client = func(c storagebackend.TransportConfig) (*clientv3.Client, error) {
// Omitted for brevity...
// clientv3 is the etcd client
cfg := clientv3.Config{
DialTimeout: dialTimeout,
DialKeepAliveTime: keepaliveTime,
DialKeepAliveTimeout: keepaliveTimeout,
DialOptions: dialOptions,
Endpoints: c.ServerList,
TLS: tlsConfig,
Logger: etcd3ClientLogger,
// The part that changed
MaxCallRecvMsgSize: 5 * 1024 * 1024,
MaxCallSendMsgSize: 5 * 1024 * 1024,
}
return clientv3.New(cfg)
The reason why we have to change the config of this factory function is because I could not find how the APIServer machinery exposes the limits as part of the backend storage configuration options. The data structures I have seen do not contain the fields that control the message size.
What this PR changes?
This commit increases the maximum Send and Recieve request sizes in the API server and the etcd client.
This allows to process and store objects larger than the the default K8s and etcd limits (in the ballpark of 2 MiB).
Since TransportConfig does not expose request limits for etcd, the easiest way to change the etcd client limits is vendoring the module and editing the etcd client factory function.
Notes for the Reviewer
The changes themselves are small, but this PR introduces vendoring, so the stats look enormous.