adds a list of available HTTP endpoints for the kube-controller-manager component under the /statusz page

nmn3m · nmn3m · commit d4bd007d3b88 · 2025-08-11T22:51:59.000+03:00
diff --git a/cmd/kube-controller-manager/app/controllermanager.go b/cmd/kube-controller-manager/app/controllermanager.go
@@ -225,7 +225,14 @@ func Run(ctx context.Context, c *config.CompletedConfig) error {
 		}
 
 		if utilfeature.DefaultFeatureGate.Enabled(zpagesfeatures.ComponentStatusz) {
-			statusz.Install(unsecuredMux, kubeControllerManager, statusz.NewRegistry(c.ComponentGlobalsRegistry.EffectiveVersionFor(basecompatibility.DefaultKubeComponent)))
+			statusz.Install(
+				unsecuredMux,
+				kubeControllerManager,
+				statusz.NewRegistry(
+					c.ComponentGlobalsRegistry.EffectiveVersionFor(basecompatibility.DefaultKubeComponent),
+					statusz.WithListedPaths(unsecuredMux.ListedPaths()),
+				),
+			)
 		}
 
 		handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, &c.Authorization, &c.Authentication)
diff --git a/test/integration/serving/serving_test.go b/test/integration/serving/serving_test.go
@@ -29,6 +29,8 @@ import (
 	"strings"
 	"testing"
 
+	"reflect"
+
 	"k8s.io/apiserver/pkg/server"
 	"k8s.io/apiserver/pkg/server/options"
 	utilfeature "k8s.io/apiserver/pkg/util/feature"
@@ -352,15 +354,24 @@ users:
 		anonymous      bool // to use the token or not
 		wantErr        bool
 		wantSecureCode *int
+		wantPaths      []string
 	}{
-		{"serving /statusz", []string{
-			"--authentication-skip-lookup", // to survive inaccessible extensions-apiserver-authentication configmap
-			"--authentication-kubeconfig", apiserverConfig.Name(),
-			"--authorization-kubeconfig", apiserverConfig.Name(),
-			"--authorization-always-allow-paths", "/statusz",
-			"--kubeconfig", apiserverConfig.Name(),
-			"--leader-elect=false",
-		}, "/statusz", false, false, ptr.To(http.StatusOK)},
+		{
+			name: "serving /statusz",
+			flags: []string{
+				"--authentication-skip-lookup", // to survive inaccessible extensions-apiserver-authentication configmap
+				"--authentication-kubeconfig", apiserverConfig.Name(),
+				"--authorization-kubeconfig", apiserverConfig.Name(),
+				"--authorization-always-allow-paths", "/statusz",
+				"--kubeconfig", apiserverConfig.Name(),
+				"--leader-elect=false",
+			},
+			path:           "/statusz",
+			anonymous:      false,
+			wantErr:        false,
+			wantSecureCode: ptr.To(http.StatusOK),
+			wantPaths:      []string{"/configz", "/healthz", "/metrics"},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -416,7 +427,8 @@ users:
 					t.Fatalf("failed to GET %s from component: %v", tt.path, err)
 				}
 
-				if _, err = io.ReadAll(r.Body); err != nil {
+				body, err := io.ReadAll(r.Body)
+				if err != nil {
 					t.Fatalf("failed to read response body: %v", err)
 				}
 				defer func() {
@@ -428,6 +440,39 @@ users:
 				if got, expected := r.StatusCode, *tt.wantSecureCode; got != expected {
 					t.Fatalf("expected http %d at %s of component, got: %d", expected, tt.path, got)
 				}
+
+				bodyStr := string(body)
+
+				if !strings.Contains(bodyStr, "Paths") {
+					t.Error("response does not contain Paths section")
+				}
+
+				var foundPathsRaw []string
+				for _, line := range strings.Split(bodyStr, "\n") {
+					if strings.HasPrefix(line, "Paths") {
+						parts := strings.Fields(line)
+						if len(parts) > 1 {
+							foundPathsRaw = parts[1:] // Skip "Paths" label
+						}
+						break
+					}
+				}
+
+				expectedPaths := tt.wantPaths
+
+				foundPathsSet := make(map[string]struct{})
+				for _, p := range foundPathsRaw {
+					foundPathsSet[p] = struct{}{}
+				}
+
+				expectedPathsSet := make(map[string]struct{})
+				for _, p := range expectedPaths {
+					expectedPathsSet[p] = struct{}{}
+				}
+
+				if !reflect.DeepEqual(foundPathsSet, expectedPathsSet) {
+					t.Errorf("path mismatch:\n- want: %v\n- got:  %v", expectedPaths, foundPathsRaw)
+				}
 			}
 		})
 	}

Original file line number	Diff line number	Diff line change
`@@ -225,7 +225,14 @@ func Run(ctx context.Context, c *config.CompletedConfig) error {`
`225`	`225`	`}`
`226`	`226`
`227`	`227`	`if utilfeature.DefaultFeatureGate.Enabled(zpagesfeatures.ComponentStatusz) {`
`228`		`- statusz.Install(unsecuredMux, kubeControllerManager, statusz.NewRegistry(c.ComponentGlobalsRegistry.EffectiveVersionFor(basecompatibility.DefaultKubeComponent)))`
	`228`	`+ statusz.Install(`
	`229`	`+ unsecuredMux,`
	`230`	`+ kubeControllerManager,`
	`231`	`+ statusz.NewRegistry(`
	`232`	`+ c.ComponentGlobalsRegistry.EffectiveVersionFor(basecompatibility.DefaultKubeComponent),`
	`233`	`+ statusz.WithListedPaths(unsecuredMux.ListedPaths()),`
	`234`	`+ ),`
	`235`	`+ )`
`229`	`236`	`}`
`230`	`237`
`231`	`238`	`handler := genericcontrollermanager.BuildHandlerChain(unsecuredMux, &c.Authorization, &c.Authentication)`