Skip to content

Honor max_output_length for custom plugin stdout capture#1288

Open
kv-cache wants to merge 1 commit into
kubernetes:masterfrom
kv-cache:fix/custom-plugin-honor-max-output-length
Open

Honor max_output_length for custom plugin stdout capture#1288
kv-cache wants to merge 1 commit into
kubernetes:masterfrom
kv-cache:fix/custom-plugin-honor-max-output-length

Conversation

@kv-cache

@kv-cache kv-cache commented Jun 4, 2026

Copy link
Copy Markdown

What this PR does / why we need it:

Custom-plugin stdout is read into a hardcoded 4 KiB buffer
(maxCustomPluginBufferBytes = 1024 * 4) and only then truncated to the
configured max_output_length, so the effective limit is
min(4096, max_output_length). Any plugin configured with
max_output_length > 4096 is silently capped at 4096 bytes — the configured
value has no effect. For a plugin that emits JSON, the cut lands mid-token and
produces invalid output that a strict consumer discards entirely.

This drives the stdout read limit from max_output_length, bounded by a 1 MiB
safety ceiling to protect against a runaway plugin. stderr keeps a small fixed
cap since it is used only for diagnostic logging (logPluginStderr) and is never
included in the returned output. No behavior change for the default config
(max_output_length = 80).

Which issue(s) this PR fixes:

NONE

Special notes for your reviewer:

Adds TestPluginRunCaptureRespectsMaxOutputLength plus a fixture that emits
16384 bytes. With max_output_length = 8192 the captured output must be exactly
8192 bytes — this fails on the current code (capped at 4096) and passes with the
fix. go test -short -race ./pkg/custompluginmonitor/... passes; gofmt/vet clean.

This raises the capture ceiling so a plugin's configured max_output_length
takes effect; it does not change that output beyond max_output_length is still
byte-truncated.

/kind bug

Does this PR introduce a user-facing change?:

Custom plugin monitor now honors a `max_output_length` larger than 4096 bytes. Previously plugin stdout was silently capped at a hardcoded 4 KiB internal buffer regardless of the configured `max_output_length`.

Note:

Made with AI

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Jun 4, 2026
@linux-foundation-easycla

linux-foundation-easycla Bot commented Jun 4, 2026

Copy link
Copy Markdown

CLA Signed
The committers listed above are authorized under a signed CLA.

  • ✅ login: kv-cache / name: Vineeth Rao Kanaparthi (25f099b)

@k8s-ci-robot k8s-ci-robot requested review from mrunalp and sjenning June 4, 2026 03:30
@k8s-ci-robot

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: kv-cache
Once this PR has been reviewed and has the lgtm label, please assign tallclair for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot

Copy link
Copy Markdown
Contributor

Welcome @kv-cache!

It looks like this is your first PR to kubernetes/node-problem-detector 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes/node-problem-detector has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Jun 4, 2026
@k8s-ci-robot

Copy link
Copy Markdown
Contributor

Hi @kv-cache. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 4, 2026
Custom plugin stdout was read into a hardcoded 4 KiB buffer
(maxCustomPluginBufferBytes = 1024*4) and only then truncated to the
configured max_output_length, so the effective limit was
min(4096, max_output_length). Any plugin configured with
max_output_length > 4096 was silently capped at 4096 bytes, and a
JSON-emitting plugin would be cut mid-token into invalid output.

Drive the stdout read limit from max_output_length, bounded by a 1 MiB
safety ceiling against a runaway plugin. stderr keeps a small fixed cap
since it is only used for diagnostic logging and never becomes the
plugin output.

Adds a regression test and fixture asserting that a plugin emitting more
than 4 KiB is captured up to max_output_length rather than the old fixed
buffer size.

Signed-off-by: Vineeth Rao Kanaparthi <vineeth0025@gmail.com>
@kv-cache kv-cache force-pushed the fix/custom-plugin-honor-max-output-length branch from ecb0aec to 25f099b Compare June 4, 2026 03:32
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. and removed cncf-cla: no Indicates the PR's author has not signed the CNCF CLA. labels Jun 4, 2026

@DigitalVeer DigitalVeer left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this fix! I notice two points worth addressing:

  1. The read window now shrinks below the old 4 KiB for small max_output_length, so default-config behavior change
  2. The 1 mib ceiling silently ignores larger configured values and may be too large

// Capture enough stdout to honor the configured max_output_length, bounded
// by a hard safety ceiling. Previously this was a fixed 4 KiB buffer that
// silently truncated plugins configured with a larger max_output_length.
stdoutCapture := int64(*p.config.PluginGlobalConfig.MaxOutputLength)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This changes the default config behavior. run() trims whitespace after capture so the old code always had a 4 KiB window to find non-whitespace content in. Now that window is max_output_length itself which is 80 bytes by default.

I reproduced this is by having a plugin prints 80 spaces then DiskHung: /dev/sda1 unresponsive and exiting w/ a status code of 1. Right now NPD reports the message, but this PR reports "". The output is lost when the plugin fires.

Keeping the old 4 KiB as a floor fixes the >4 KiB truncation without changing anything else:

stdoutCapture := int64(*p.config.PluginGlobalConfig.MaxOutputLength)
if stdoutCapture < 4096 {
	stdoutCapture = 4096
}
if stdoutCapture > maxCustomPluginStdoutCeilingBytes {
	stdoutCapture = maxCustomPluginStdoutCeilingBytes
}

A leading whitespace test case that tests this is worthwhile

// size; this ceiling only caps the (misconfigured) case where max_output_length
// itself exceeds it. It must be >= the largest supported max_output_length so a
// plugin's configured limit is never silently truncated by the read buffer.
const maxCustomPluginStdoutCeilingBytes = 1024 * 1024

@DigitalVeer DigitalVeer Jul 9, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

max_output_length > 1 MiB gets capped here with no log. Would it be better to check it once at config load and log or reject out-of-range values there?

1 mib may also be too big. The captured results still end up in resultChan which holds 1000 entries. That is 1000 * 1 MiB =~ about 1 GiB of RAM held by a node daemon. And the output goes verbatim into NodeCondition.Message and event messages.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants