var pathPrefixesExemptFromRetryAfter … type isRequestExemptFunc … type retryAfterParams … type shouldRespondWithRetryAfterFunc … // WithRetryAfter rejects any incoming new request(s) with a 429 // if the specified shutdownDelayDurationElapsedFn channel is closed // // It includes new request(s) on a new or an existing TCP connection // Any new request(s) arriving after shutdownDelayDurationElapsedFn is closed // are replied with a 429 and the following response headers: // - 'Retry-After: N` (so client can retry after N seconds, hopefully on a new apiserver instance) // - 'Connection: close': tear down the TCP connection // // TODO: is there a way to merge WithWaitGroup and this filter? func WithRetryAfter(handler http.Handler, shutdownDelayDurationElapsedCh <-chan struct{ … } func withRetryAfter(handler http.Handler, isRequestExemptFn isRequestExemptFunc, shouldRespondWithRetryAfterFn shouldRespondWithRetryAfterFunc) http.Handler { … } // isRequestExemptFromRetryAfter returns true if the given request should be exempt // from being rejected with a 'Retry-After' response. // NOTE: both 'WithRetryAfter' and 'WithWaitGroup' filters should use this function // to exempt the set of requests from being rejected or tracked. func isRequestExemptFromRetryAfter(r *http.Request) bool { … } // isKubeApiserverUserAgent returns true if the user-agent matches // the one set by the local loopback. // NOTE: we can't look up the authenticated user informaion from the // request context since the authentication filter has not executed yet. func isKubeApiserverUserAgent(req *http.Request) bool { … } func hasExemptPathPrefix(r *http.Request) bool { … }