kubernetes 当使用IsForbidden访问集群时,ServerPreferredResources会因CachedDiscoveryClient而恐慌,

l2osamch  于 5个月前  发布在  Kubernetes
关注(0)|答案(5)|浏览(124)

发生了什么?
调用CachedDiscoveryClient的ServerPreferredResources方法时,当调用集群API被禁止时会引发恐慌。
你期望会发生什么?
调用不应该引发恐慌,并返回空列表
我们如何尽可能精确地重现它?
go.mod

module ServerPreferredResources

go 1.19

require k8s.io/cli-runtime v0.26.2

main.go

package main

import "k8s.io/cli-runtime/pkg/genericclioptions"

func main() {
	config_flags := genericclioptions.NewConfigFlags(true)
	client, err := config_flags.ToDiscoveryClient()
	if err != nil {
		panic(err)
	}

	client.ServerPreferredResources()
}
$ go mod tidy
$ go run main.go
E0309 14:50:13.341999  462090 memcache.go:238] couldn't get current server API group list: <nil>
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x28 pc=0x19b5f62]

goroutine 1 [running]:
k8s.io/client-go/discovery.fetchGroupVersionResources({0x20865a8?, 0xc0000b07d0}, 0x0)
	/home/phmartin/go/pkg/mod/k8s.io/client-go@v0.26.2/discovery/discovery_client.go:512 +0x82
k8s.io/client-go/discovery.ServerPreferredResources({0x20865a8, 0xc0000b07d0})
	/home/phmartin/go/pkg/mod/k8s.io/client-go@v0.26.2/discovery/discovery_client.go:450 +0xb2
k8s.io/client-go/discovery/cached/disk.(*CachedDiscoveryClient).ServerPreferredResources(0x1bca501?)
	/home/phmartin/go/pkg/mod/k8s.io/client-go@v0.26.2/discovery/cached/disk/cached_discovery.go:223 +0x25
main.main()
	/home/phmartin/Documents/tests/ServerPreferredResources/main.go:12 +0x33
exit status 2

我们需要知道其他任何信息吗?

  • 无响应*

Kubernetes版本(未连接)
云提供商(未连接)
操作系统版本

# On Linux:
$ cat /etc/os-release
NAME="Fedora Linux"
VERSION="36 (Workstation Edition)"
ID=fedora
VERSION_ID=36
VERSION_CODENAME=""
PLATFORM_ID="platform:f36"
PRETTY_NAME="Fedora Linux 36 (Workstation Edition)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:36"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f36/system-administrators-guide/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=36
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=36
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
SUPPORT_END=2023-05-16
VARIANT="Workstation Edition"
VARIANT_ID=workstation
$ uname -a
Linux fedora 6.1.12-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Feb 15 04:33:28 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux

</details>

### Install tools

<details>

</details>

### Container runtime (CRI) and version (if applicable)

<details>

</details>

### Related plugins (CNI, CSI, ...) and versions (if applicable)

<details>

</details>
lf5gs5x2

lf5gs5x22#

/assign @apelisse
Would you mind taking a look when have time? Thank you :)
/triage accepted

v7pvogib

v7pvogib3#

这是一个很好的建议,实际上@seans3
/assign @seans3

dz6r00yl

dz6r00yl4#

这个问题已经超过一年没有更新了,应该重新进行优先级评估。
你可以:

  • 确认这个问题仍然与 /triage accepted (仅组织成员)相关
  • /close 关闭这个问题

有关优先级评估过程的更多详细信息,请参见 https://www.kubernetes.dev/docs/guide/issue-triage/
已接受移除优先级评估

相关问题