跟踪 ApiServer 对 PATCH 请求的处理

ApiServer 处理 PATCH 请求的调用栈如下:

  1. restfulPatchResource
  2.     // 参数
  3.     r rest.Patcher // registry.Store
  4.     scope handlers.RequestScope
  5.     admit admission.Interface
  6.     supportedTypes []string // 支持的资源对象 PATCH 类型
  7.     // 返回值
  8.     restful.RouteFunction // go-restful 的路由处理回调
  10. handlers.PatchResource
  11.     // 创建 handlers.patcher 对象
  12.     // 参数
  13.     r rest.Patcher // registry.Store
  14.     scope *RequestScope
  15.     admit admission.Interface
  16.     patchTypes []string // 支持的资源对象 PATCH 类型
  17.     // 返回值
  18.     http.HandlerFunc
  20. k8s.io/apiserver/pkg/endpoints/handlers.(*patcher).patchResource
  21.     // 参数
  22.     ctx context.Context // http.Request.Context
  23.     scope *RequestScope
  24.     // 返回值
  25.     runtime.Object // 更新后的资源对象
  26.     bool // 是否创建了资源对象(当更新一个不存在的资源对象时,可以直接创建)
  27.     error
  29. k8s.io/apiserver/pkg/registry/generic/registry.(*Store).Update
  30.     // 参数
  31.     ctx context.Context
  32.     name string // 资源对象的名称,例如:/deployments/default/nginx
  33.     objInfo rest.UpdatedObjectInfo // 更新资源对象所需要的信息
  34.     createValidation rest.ValidateObjectFunc
  35.     updateValidation rest.ValidateObjectUpdateFunc
  36.     forceAllowCreate bool
  37.     options *metav1.UpdateOptions
  38.     // 返回值
  39.     runtime.Object // 更新后的资源对象
  40.     bool // 是否创建了资源对象(当更新一个不存在的资源对象时,可以直接创建)
  41.     error
  43. k8s.io/apiserver/pkg/registry/generic/registry.(*DryRunnableStorage).GuaranteedUpdate
  44.     // 实现对资源对象进行模拟更新的逻辑
  45.     // 如果 dryRun = true,则执行完后不会再调用持久化操作
  46.     // 参数
  47.     ctx context.Context
  48.     key string // 资源对象的名称,例如:/deployments/default/nginx
  49.     ptrToType runtime.Object, // 资源对象的指针类型,由 registry.Store.NewFunc 创建
  50.     ignoreNotFound bool, // ???
  51.     preconditions *storage.Preconditions, // 执行更新前的检查,检查 UID 和 ResourceVersion
  52.     tryUpdate storage.UpdateFunc, // registry.Store.Update 方法中的闭包函数,执行资源对象的更新操作
  53.     dryRun bool, // 是否空跑(即执行输入检查,在内存中尝试更新,但不持久化)
  54.     suggestion ...runtime.Object
  55.     // 返回值
  56.     error
  58. k8s.io/apiserver/pkg/storage/cacher.(*Cacher).GuaranteedUpdate
  59.     // 从内存缓存 cacher.Cacher.watchCache 中查询 key 是否存在,若存在,作为 suggestion 传递下去
  60.     // 参数
  61.     ctx context.Context
  62.     key string // 资源对象的名称,例如:/deployments/default/nginx
  63.     ptrToType runtime.Object // 资源对象的指针类型,由 registry.Store.NewFunc 创建
  64.     ignoreNotFound bool
  65.     preconditions *storage.Preconditions // 执行更新前的检查,检查 UID 和 ResourceVersion
  66.     tryUpdate storage.UpdateFunc // registry.Store.Update 方法中的闭包函数,执行资源对象的更新操作
  67.     _ ...runtime.Object
  68.     // 返回值
  69.     error
  71. k8s.io/apiserver/pkg/storage/etcd3.(*store).GuaranteedUpdate
  72.     // 调用 tryUpdate 更新资源对象,并通过 Etcd 的事务更新操作,持久化到 Etcd
  73.     // 参数
  74.     ctx context.Context
  75.     key string // 资源对象的名称,例如:/deployments/default/nginx
  76.     out runtime.Object // 资源对象的指针类型,由 registry.Store.NewFunc 创建
  77.     ignoreNotFound bool
  78.     preconditions *storage.Preconditions // 执行更新前的检查,检查 UID 和 ResourceVersion
  79.     tryUpdate storage.UpdateFunc // registry.Store.Update 方法中的闭包函数,执行资源对象的更新操作
  80.     suggestion ...runtime.Object // 如果在内存缓存中能找到,则可以避免直接访问 Etcd
  81.     // 返回值
  82.     error

在整个调用栈中,有几个关键点需要展开分析下:

storage.Preconditions

执行 tryUpdate 前的检查。

  1. // Preconditions must be fulfilled before an operation (update, delete, etc.) is carried out.
  2. type Preconditions struct {
  3.     // Specifies the target UID.
  4.     // +optional
  5.     UID *types.UID `json:"uid,omitempty"`
  6.     // Specifies the target ResourceVersion
  7.     // +optional
  8.     ResourceVersion *string `json:"resourceVersion,omitempty"`
  9. }

storage.Preconditions 只有一个方法:func (p *Preconditions) Check(key string, obj runtime.Object) error,检查 obj 的 UID 和 ResourceVersion 是否与 Preconditions 一致。
在 PATCH 请求处理中,Preconditions 从 rest.UpdatedObjectInfo.Preconditions() 获取。

rest.UpdatedObjectInfo

tryUpdate 闭包中会调用 rest.UpdatedObjectInfo.UpdatedObject() 对资源对象执行更新操作。

  1. // UpdatedObjectInfo provides information about an updated object to an Updater.
  2. // It requires access to the old object in order to return the newly updated object.
  3. type UpdatedObjectInfo interface {
  4.     // Returns preconditions built from the updated object, if applicable.
  5.     // May return nil, or a preconditions object containing nil fields,
  6.     // if no preconditions can be determined from the updated object.
  7.     Preconditions() *metav1.Preconditions
  9.     // UpdatedObject returns the updated object, given a context and old object.
  10.     // The only time an empty oldObj should be passed in is if a "create on update" is occurring (there is no oldObj).
  11.     // 根据提交的请求内容,修改object
  12.     UpdatedObject(ctx context.Context, oldObj runtime.Object) (newObj runtime.Object, err error)
  13. }


在 PATCH 请求处理中,rest.UpdatedObjectInfo 的实现为 rest.defaultUpdatedObjectInfo:

  1. // defaultUpdatedObjectInfo implements UpdatedObjectInfo
  2. type defaultUpdatedObjectInfo struct {
  3.     // obj is the updated object
  4.     obj runtime.Object
  6.     // transformers is an optional list of transforming functions that modify or
  7.     // replace obj using information from the context, old object, or other sources.
  8.     transformers []TransformFunc
  9. }
  11. // DefaultUpdatedObjectInfo returns an UpdatedObjectInfo impl based on the specified object.
  12. func DefaultUpdatedObjectInfo(obj runtime.Object, transformers ...TransformFunc) UpdatedObjectInfo {
  13.     return &defaultUpdatedObjectInfo{obj, transformers}
  14. }
  16. // Preconditions satisfies the UpdatedObjectInfo interface.
  17. // 注意这里只获取了 UID
  18. func (i *defaultUpdatedObjectInfo) Preconditions() *metav1.Preconditions {
  19.     // Attempt to get the UID out of the object
  20.     accessor, err := meta.Accessor(i.obj)
  21.     if err != nil {
  22.         // If no UID can be read, no preconditions are possible
  23.         return nil
  24.     }
  26.     // If empty, no preconditions needed
  27.     uid := accessor.GetUID()
  28.     if len(uid) == 0 {
  29.         return nil
  30.     }
  32.     return &metav1.Preconditions{UID: &uid}
  33. }
  35. // UpdatedObject satisfies the UpdatedObjectInfo interface.
  36. // It returns a copy of the held obj, passed through any configured transformers.
  37. func (i *defaultUpdatedObjectInfo) UpdatedObject(ctx context.Context, oldObj runtime.Object) (runtime.Object, error) {
  38.     var err error
  39.     // Start with the configured object
  40.     newObj := i.obj
  42.     // If the original is non-nil (might be nil if the first transformer builds the object from the oldObj), make a copy,
  43.     // so we don't return the original. BeforeUpdate can mutate the returned object, doing things like clearing ResourceVersion.
  44.     // If we're re-called, we need to be able to return the pristine version.
  45.     if newObj != nil {
  46.         newObj = newObj.DeepCopyObject()
  47.     }
  49.     // Allow any configured transformers to update the new object
  50.     for _, transformer := range i.transformers {
  51.         // 例如使用patcher.applyPatch 更新object
  52.         newObj, err = transformer(ctx, newObj, oldObj) // if http.method == patch: patcher.applyPatch, patcher.applyAdmission
  53.         if err != nil {
  54.             return nil, err
  55.         }
  56.     }
  58.     return newObj, nil
  59. }

创建时 defaultUpdatedObjectInfo.obj 为 nil,则 defaultUpdatedObjectInfo.Preconditions() 返回 nil,即不会进行 Preconditions 检查。

  1. // patchResource divides PatchResource for easier unit testing
  2. func (p *patcher) patchResource(ctx context.Context, scope *RequestScope) (runtime.Object, bool, error) {
  3.     ......
  4.     p.updatedObjectInfo = rest.DefaultUpdatedObjectInfo(nil, p.applyPatch, p.applyAdmission)
  5.     ......
  6. }

tryUpdate 闭包更新
  1. // Update performs an atomic update and set of the object. Returns the result of the update
  2. // or an error. If the registry allows create-on-update, the create flow will be executed.
  3. // A bool is returned along with the object and any errors, to indicate object creation.
  4. func (e *Store) Update(ctx context.Context, name string, objInfo rest.UpdatedObjectInfo, createValidation rest.ValidateObjectFunc, updateValidation rest.ValidateObjectUpdateFunc, forceAllowCreate bool, options *metav1.UpdateOptions) (runtime.Object, bool, error) {
  5.     ......
  6.     err = e.Storage.GuaranteedUpdate(ctx, key, out, true, storagePreconditions, func(existing runtime.Object, res storage.ResponseMeta) (runtime.Object, *uint64, error) {
  7.         // Given the existing object, get the new object
  8.         // 更新资源对应obj
  9.         obj, err := objInfo.UpdatedObject(ctx, existing) // defaultUpdatedObjectInfo.UpdatedObject
  10.         if err != nil {
  11.             return nil, nil, err
  12.         }
  14.         // If AllowUnconditionalUpdate() is true and the object specified by
  15.         // the user does not have a resource version, then we populate it with
  16.         // the latest version. Else, we check that the version specified by
  17.         // the user matches the version of latest storage object.
  18.         resourceVersion, err := e.Storage.Versioner().ObjectResourceVersion(obj)
  19.         if err != nil {
  20.             return nil, nil, err
  21.         }
  22.         doUnconditionalUpdate := resourceVersion == 0 && e.UpdateStrategy.AllowUnconditionalUpdate()
  24.         version, err := e.Storage.Versioner().ObjectResourceVersion(existing)
  25.         if err != nil {
  26.             return nil, nil, err
  27.         }
  28.         // version == 0 说明 key 对应的资源对象不存在
  29.         if version == 0 {
  30.             if !e.UpdateStrategy.AllowCreateOnUpdate() && !forceAllowCreate {
  31.                 return nil, nil, kubeerr.NewNotFound(qualifiedResource, name)
  32.             }
  33.             creating = true
  34.             creatingObj = obj
  35.             if err := rest.BeforeCreate(e.CreateStrategy, ctx, obj); err != nil {
  36.                 return nil, nil, err
  37.             }
  38.             // at this point we have a fully formed object.  It is time to call the validators that the apiserver
  39.             // handling chain wants to enforce.
  40.             if createValidation != nil {
  41.                 if err := createValidation(obj.DeepCopyObject()); err != nil {
  42.                     return nil, nil, err
  43.                 }
  44.             }
  45.             ttl, err := e.calculateTTL(obj, 0, false)
  46.             if err != nil {
  47.                 return nil, nil, err
  48.             }
  50.             return obj, &ttl, nil
  51.         }
  53.         creating = false
  54.         creatingObj = nil
  55.         if doUnconditionalUpdate {
  56.             // Update the object's resource version to match the latest
  57.             // storage object's resource version.
  58.             // 无条件更新
  59.             err = e.Storage.Versioner().UpdateObject(obj, res.ResourceVersion)
  60.             if err != nil {
  61.                 return nil, nil, err
  62.             }
  63.         } else {
  64.             // Check if the object's resource version matches the latest
  65.             // resource version.
  66.             if resourceVersion == 0 {
  67.                 // TODO: The Invalid error should have a field for Resource.
  68.                 // After that field is added, we should fill the Resource and
  69.                 // leave the Kind field empty. See the discussion in #18526.
  70.                 qualifiedKind := schema.GroupKind{Group: qualifiedResource.Group, Kind: qualifiedResource.Resource}
  71.                 fieldErrList := field.ErrorList{field.Invalid(field.NewPath("metadata").Child("resourceVersion"), resourceVersion, "must be specified for an update")}
  72.                 return nil, nil, kubeerr.NewInvalid(qualifiedKind, name, fieldErrList)
  73.             }
  74.             // 这里是关键,更新前后的资源对象版本不一致,说明出现了并发更新冲突
  75.             // PATCH 请求中 resourceVersion 始终是等于 version 的!!!
  76.             // PUT 请求中才可能会出现 resourceVersion != version
  77.             if resourceVersion != version {
  78.                 return nil, nil, kubeerr.NewConflict(qualifiedResource, name, fmt.Errorf(OptimisticLockErrorMsg))
  79.             }
  80.         }
  81.         if err := rest.BeforeUpdate(e.UpdateStrategy, ctx, obj, existing); err != nil {
  82.             return nil, nil, err
  83.         }
  84.         // at this point we have a fully formed object.  It is time to call the validators that the apiserver
  85.         // handling chain wants to enforce.
  86.         if updateValidation != nil {
  87.             if err := updateValidation(obj.DeepCopyObject(), existing.DeepCopyObject()); err != nil {
  88.                 return nil, nil, err
  89.             }
  90.         }
  91.         // Check the default delete-during-update conditions, and store-specific conditions if provided
  92.         if ShouldDeleteDuringUpdate(ctx, key, obj, existing) &&
  93.             (e.ShouldDeleteDuringUpdate == nil || e.ShouldDeleteDuringUpdate(ctx, key, obj, existing)) {
  94.             deleteObj = obj
  95.             return nil, nil, errEmptiedFinalizers
  96.         }
  97.         ttl, err := e.calculateTTL(obj, res.TTL, true)
  98.         if err != nil {
  99.             return nil, nil, err
  100.         }
  101.         if int64(ttl) != res.TTL {
  102.             return obj, &ttl, nil
  103.         }
  104.         return obj, nil, nil
  105.     }, dryrun.IsDryRun(options.DryRun))
  106.     ......
  107. }

持久化到 Etcd
  1. // GuaranteedUpdate implements storage.Interface.GuaranteedUpdate.
  2. func (s *store) GuaranteedUpdate(
  3.     ctx context.Context, key string, out runtime.Object, ignoreNotFound bool,
  4.     preconditions *storage.Preconditions, tryUpdate storage.UpdateFunc, suggestion ...runtime.Object) error {
  5.     trace := utiltrace.New(fmt.Sprintf("GuaranteedUpdate etcd3: %s", getTypeName(out)))
  6.     defer trace.LogIfLong(500 * time.Millisecond)
  8.     v, err := conversion.EnforcePtr(out) // out 必须是非 nil 值的指针类型
  9.     if err != nil {
  10.         panic("unable to convert output object to pointer")
  11.     }
  12.     key = path.Join(s.pathPrefix, key)
  14.     // 从 Etcd 存储中获取 key 对象的状态
  15.     getCurrentState := func() (*objState, error) {
  16.         startTime := time.Now()
  17.         getResp, err := s.client.KV.Get(ctx, key, s.getOps...)
  18.         metrics.RecordEtcdRequestLatency("get", getTypeName(out), startTime)
  19.         if err != nil {
  20.             return nil, err
  21.         }
  22.         return s.getState(getResp, key, v, ignoreNotFound)
  23.     }
  25.     var origState *objState
  26.     var mustCheckData bool // = true 说明 origState 有可能不是最新的
  27.     // 如果上层调用提供了 key 对象的值(从 k8s.io/apiserver/pkg/storage/cacher.Cacher.watchCache.GetByKey(key) 获取)
  28.     // 则不需要访问 Etcd
  29.     if len(suggestion) == 1 && suggestion[0] != nil {
  30.         span.LogFields(log.Object("suggestion[0]", suggestion[0]))
  31.         origState, err = s.getStateFromObject(suggestion[0])
  32.         span.LogFields(log.Object("origState", origState))
  33.         if err != nil {
  34.             return err
  35.         }
  36.         mustCheckData = true
  37.     } else {
  38.         origState, err = getCurrentState()
  39.         if err != nil {
  40.             return err
  41.         }
  42.     }
  43.     trace.Step("initial value restored")
  45.     transformContext := authenticatedDataString(key)
  46.     for {
  47.         // 检查 origState.obj 的 UID、 ResourceVersion 是否与 preconditions 一致
  48.         // PATCH 和 PUT 请求都不做检查!!!
  49.         if err := preconditions.Check(key, origState.obj); err != nil {
  50.             // If our data is already up to date, return the error
  51.             // 如果 origState 已经是最新的状态了,则返回错误
  52.             if !mustCheckData {
  53.                 return err
  54.             }
  56.             // 可能 origState 不是最新的状态,从 Etcd 获取最新的状态
  57.             // It's possible we were working with stale data
  58.             // Actually fetch
  59.             origState, err = getCurrentState()
  60.             if err != nil {
  61.                 return err
  62.             }
  63.             mustCheckData = false
  64.             // Retry
  65.             continue
  66.         }
  68.         // 在 origState.obj 的基础上进行修改.
  69.         // 比如patch的apply,是在这里执行的。调用tryUpdate。
  70.         ret, ttl, err := s.updateState(origState, tryUpdate)
  71.         if err != nil {
  72.             // origState 可能不是最新的状态,会从 Etcd 中获取最新的状态,再尝试更新一次
  73.             // If our data is already up to date, return the error
  74.             if !mustCheckData {
  75.                 return err
  76.             }
  78.             // It's possible we were working with stale data
  79.             // Actually fetch
  80.             origState, err = getCurrentState()
  81.             if err != nil {
  82.                 return err
  83.             }
  84.             mustCheckData = false
  85.             // Retry
  86.             continue
  87.         }
  89.         data, err := runtime.Encode(s.codec, ret)
  90.         if err != nil {
  91.             return err
  92.         }
  93.         // 目前 origState.stale 始终为 false
  94.         // 判断修改后的资源对象是否有变化
  95.         if !origState.stale && bytes.Equal(data, origState.data) {
  96.             // if we skipped the original Get in this loop, we must refresh from
  97.             // etcd in order to be sure the data in the store is equivalent to
  98.             // our desired serialization
  99.             // mustCheckData = true 说明 origState 有可能不是最新的
  100.             // 必须再确认一遍
  101.             if mustCheckData {
  102.                 origState, err = getCurrentState()
  103.                 if err != nil {
  104.                     return err
  105.                 }
  106.                 mustCheckData = false
  107.                 if !bytes.Equal(data, origState.data) {
  108.                     // original data changed, restart loop
  109.                     continue
  110.                 }
  111.             }
  112.             // recheck that the data from etcd is not stale before short-circuiting a write
  113.             if !origState.stale {
  114.                 return decode(s.codec, s.versioner, origState.data, out, origState.rev)
  115.             }
  116.         }
  118.         // 将对象序列化为二进制数据存储到 Etcd
  119.         newData, err := s.transformer.TransformToStorage(data, transformContext)
  120.         if err != nil {
  121.             return storage.NewInternalError(err.Error())
  122.         }
  124.         // 设置 key 的过期时间
  125.         opts, err := s.ttlOpts(ctx, int64(ttl))
  126.         if err != nil {
  127.             return err
  128.         }
  129.         trace.Step("Transaction prepared")
  131.         span.LogFields(log.Uint64("ttl", ttl), log.Int64("origState.rev", origState.rev))
  133.         // Etcd 事务
  134.         // 注意这里会比较 Etcd 中的资源对象版本跟 origState.rev 是否一致
  135.         // 如果一致,则更新
  136.         // 否则,更新失败并获取当前最新的资源对象
  137.         startTime := time.Now()
  138.         txnResp, err := s.client.KV.Txn(ctx).If(
  139.             clientv3.Compare(clientv3.ModRevision(key), "=", origState.rev),
  140.         ).Then(
  141.             clientv3.OpPut(key, string(newData), opts...),
  142.         ).Else(
  143.             clientv3.OpGet(key),
  144.         ).Commit()
  145.         metrics.RecordEtcdRequestLatency("update", getTypeName(out), startTime)
  146.         if err != nil {
  147.             return err
  148.         }
  149.         trace.Step("Transaction committed")
  150.         if !txnResp.Succeeded {
  151.             // 事务执行失败
  152.             getResp := (*clientv3.GetResponse)(txnResp.Responses[0].GetResponseRange())
  153.             klog.V(4).Infof("GuaranteedUpdate of %s failed because of a conflict, going to retry", key)
  154.             // 获取最新的状态,并重试
  155.             origState, err = s.getState(getResp, key, v, ignoreNotFound)
  156.             if err != nil {
  157.                 return err
  158.             }
  159.             trace.Step("Retry value restored")
  160.             mustCheckData = false
  161.             continue
  162.         }
  163.         // 事务执行成功
  164.         putResp := txnResp.Responses[0].GetResponsePut()
  166.         return decode(s.codec, s.versioner, data, out, putResp.Header.Revision)
  167.     }
  168. }

分析总结

etcd中并发更新是如何确保更新不丢失的?

在将更新后的对象持久化到 Etcd 中时,通过事务保证的,当事务执行失败时会不断重试,事务的伪代码逻辑如下:

  1. // oldObj = FromMemCache(key) or EtcdGet(key)
  2. if inEtcd(key).rev == inMemory(oldObj).rev:
  3.     EtcdSet(key) = newObj
  4.     transaction = success
  5. else:
  6.     EtcdGet(key)
  7.     transaction = fail

并发更新是如何做冲突检测的?

在上面的分析中,可以看到有两处冲突检测的判断:

  1. Preconditions
  2. tryUpdate 中的 resourceVersion != version

对于 kubectl apply 和 edit (发送的都是 PATCH 请求),默认创建的 Preconditions 是零值,所以不会通过 Preconditions 进行冲突检测,而在 tryUpdate 中调用 objInfo.UpdatedObject(ctx, existing) 得到的 newObj.rv 始终是等于 existing.rv 的,所以也不会进行冲突检测。
那什么时候会进行冲突检测?其实 kubectl 还有个 replace 的命令,通过抓包发现 replace 命令发送的是 PUT 请求,并且请求中会带有 resourceVersion:

  1. PUT /apis/extensions/v1beta1/namespaces/default/deployments/nginx HTTP/1.1
  2. Host: localhost:8080
  3. User-Agent: kubectl/v0.0.0 (linux/amd64) kubernetes/$Format
  4. Content-Length: 866
  5. Accept: application/json
  6. Content-Type: application/json
  7. Uber-Trace-Id: 6e685772cc06fc16:2514dc54a474fe88:4f488c05a7cef9c8:1
  8. Accept-Encoding: gzip
  10. {"apiVersion":"extensions/v1beta1","kind":"Deployment","metadata":{"labels":{"app":"nginx"},"name":"nginx","namespace":"default","resourceVersion":"744603"},"spec":{"progressDeadlineSeconds":600,"replicas":1,"revisionHistoryLimit":10,"selector":{"matchLabels":{"app":"nginx"}},"strategy":{"rollingUpdate":{"maxSurge":"25%","maxUnavailable":"25%"},"type":"RollingUpdate"},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"nginx"}},"spec":{"containers":[{"env":[{"name":"DEMO_GREETING","value":"Hello from the environment#kubectl replace"}],"image":"nginx","imagePullPolicy":"IfNotPresent","name":"nginx","resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}}}

PUT 请求在 ApiServer 中的处理与 PATCH 请求类似,都是调用 k8s.io/apiserver/pkg/registry/generic/registry.(*Store).Update,创建的 rest.UpdatedObjectInfo 为 rest.DefaultUpdatedObjectInfo(obj, transformers…),注意这里传了 obj 参数值(通过 decode 请求 body 得到),而不是 nil。
在 PUT 请求处理中,创建的 Preconditions 也是零值,不会通过 Preconditions 做检查。但是在 tryUpdate 中,resourceVersion, err := e.Storage.Versioner().ObjectResourceVersion(obj) 得到的 resourceVersion 是请求 body 中的值,而不像 PATCH 请求一样,来自 existing(看下 defaultUpdatedObjectInfo.UpdatedObject 方法就明白了)。
所以在 PUT 请求处理中,会通过 tryUpdate 中的 resourceVersion != version,检测是否发生了并发写冲突。