From d6dc0e561f5c6de6e73b1a6a5eedeb5ee471b2ec Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 25 Oct 2016 08:08:01 +0200 Subject: [PATCH 1/3] Apiserver cleanups - remove unused genericapiserver Config.MasterServiceNamespace - move init code into ApplyOptions - initialize genericapiserver Config.MaxRequestsInFlight - move ServiceReadWritePort to master --- cmd/kube-apiserver/app/server.go | 3 --- federation/cmd/federation-apiserver/app/server.go | 3 --- pkg/genericapiserver/config.go | 12 ++++++------ pkg/genericapiserver/options/server_run_options.go | 2 +- 4 files changed, 7 insertions(+), 13 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 33d1fdc6f93..e0017c835c2 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -299,12 +299,9 @@ func Run(s *options.APIServer) error { genericConfig.Version = &kubeVersion genericConfig.LoopbackClientConfig = selfClientConfig genericConfig.Authenticator = apiAuthenticator - genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0 genericConfig.Authorizer = apiAuthorizer - genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser genericConfig.AdmissionControl = admissionController genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource - genericConfig.MasterServiceNamespace = s.MasterServiceNamespace genericConfig.OpenAPIConfig.Info.Title = "Kubernetes" genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions genericConfig.EnableOpenAPISupport = true diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 1b8806b9dd3..68165162691 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -189,12 +189,9 @@ func Run(s *options.ServerRunOptions) error { genericConfig.Version = &kubeVersion genericConfig.LoopbackClientConfig = selfClientConfig genericConfig.Authenticator = apiAuthenticator - genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0 genericConfig.Authorizer = apiAuthorizer - genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser genericConfig.AdmissionControl = admissionController genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource - genericConfig.MasterServiceNamespace = s.MasterServiceNamespace genericConfig.OpenAPIConfig.Definitions = openapi.OpenAPIDefinitions genericConfig.EnableOpenAPISupport = true genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions diff --git a/pkg/genericapiserver/config.go b/pkg/genericapiserver/config.go index 13eb00fad85..0a3e7c20a53 100644 --- a/pkg/genericapiserver/config.go +++ b/pkg/genericapiserver/config.go @@ -84,14 +84,12 @@ type Config struct { EnableGarbageCollection bool Version *version.Info - APIGroupPrefix string CorsAllowedOriginList []string Authenticator authenticator.Request // TODO(roberthbailey): Remove once the server no longer supports http basic auth. - SupportsBasicAuth bool - Authorizer authorizer.Authorizer - AdmissionControl admission.Interface - MasterServiceNamespace string + SupportsBasicAuth bool + Authorizer authorizer.Authorizer + AdmissionControl admission.Interface // TODO(ericchiang): Determine if policy escalation checks should be an admission controller. AuthorizerRBACSuperUser string @@ -275,6 +273,7 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config { c.InsecureServingInfo = insecureServingInfo } + c.AuthorizerRBACSuperUser = options.AuthorizationRBACSuperUser c.CorsAllowedOriginList = options.CorsAllowedOriginList c.EnableGarbageCollection = options.EnableGarbageCollection c.EnableProfiling = options.EnableProfiling @@ -282,11 +281,12 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config { c.ExternalHost = options.ExternalHost c.KubernetesServiceNodePort = options.KubernetesServiceNodePort c.MasterCount = options.MasterCount + c.MaxRequestsInFlight = options.MaxRequestsInFlight c.MinRequestTimeout = options.MinRequestTimeout c.PublicAddress = options.AdvertiseAddress c.ServiceClusterIPRange = &options.ServiceClusterIPRange c.ServiceNodePortRange = options.ServiceNodePortRange - c.MaxRequestsInFlight = options.MaxRequestsInFlight + c.SupportsBasicAuth = len(options.BasicAuthFile) > 0 return c } diff --git a/pkg/genericapiserver/options/server_run_options.go b/pkg/genericapiserver/options/server_run_options.go index 69de738403d..79c4d25bb69 100644 --- a/pkg/genericapiserver/options/server_run_options.go +++ b/pkg/genericapiserver/options/server_run_options.go @@ -393,7 +393,7 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) { "The number of apiservers running in the cluster.") fs.StringVar(&s.MasterServiceNamespace, "master-service-namespace", s.MasterServiceNamespace, ""+ - "The namespace from which the kubernetes master services should be injected into pods.") + "DEPRECATED: the namespace from which the kubernetes master services should be injected into pods.") fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", s.MaxRequestsInFlight, ""+ "The maximum number of requests in flight at a given time. When the server exceeds this, "+ From b7985277938fcfc2a8e46def2872c95278df0098 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 25 Oct 2016 09:18:05 +0200 Subject: [PATCH 2/3] Rename master/options/{APIServer -> ServerRunOptions} --- cmd/hyperkube/kube-apiserver.go | 2 +- cmd/kube-apiserver/apiserver.go | 2 +- cmd/kube-apiserver/app/options/options.go | 12 ++++++------ cmd/kube-apiserver/app/options/options_test.go | 2 +- cmd/kube-apiserver/app/server.go | 4 ++-- cmd/kube-apiserver/app/server_test.go | 2 +- test/e2e_node/services/apiserver.go | 2 +- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/cmd/hyperkube/kube-apiserver.go b/cmd/hyperkube/kube-apiserver.go index 61041e1d99c..423d1f51efa 100644 --- a/cmd/hyperkube/kube-apiserver.go +++ b/cmd/hyperkube/kube-apiserver.go @@ -24,7 +24,7 @@ import ( // NewKubeAPIServer creates a new hyperkube Server object that includes the // description and flags. func NewKubeAPIServer() *Server { - s := options.NewAPIServer() + s := options.NewServerRunOptions() hks := Server{ SimpleUsage: "apiserver", diff --git a/cmd/kube-apiserver/apiserver.go b/cmd/kube-apiserver/apiserver.go index ab0524737c7..4b06d11363c 100644 --- a/cmd/kube-apiserver/apiserver.go +++ b/cmd/kube-apiserver/apiserver.go @@ -38,7 +38,7 @@ import ( func main() { rand.Seed(time.Now().UTC().UnixNano()) - s := options.NewAPIServer() + s := options.NewServerRunOptions() s.AddFlags(pflag.CommandLine) flag.InitFlags() diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 6305b25cdd2..3a08d50ade7 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -28,8 +28,8 @@ import ( "github.com/spf13/pflag" ) -// APIServer runs a kubernetes api server. -type APIServer struct { +// ServerRunOptions runs a kubernetes api server. +type ServerRunOptions struct { *genericoptions.ServerRunOptions AllowPrivileged bool EventTTL time.Duration @@ -43,9 +43,9 @@ type APIServer struct { WebhookTokenAuthnCacheTTL time.Duration } -// NewAPIServer creates a new APIServer object with default parameters -func NewAPIServer() *APIServer { - s := APIServer{ +// NewServerRunOptions creates a new ServerRunOptions object with default parameters +func NewServerRunOptions() *ServerRunOptions { + s := ServerRunOptions{ ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(), EventTTL: 1 * time.Hour, KubeletConfig: kubeletclient.KubeletClientConfig{ @@ -59,7 +59,7 @@ func NewAPIServer() *APIServer { } // AddFlags adds flags for a specific APIServer to the specified FlagSet -func (s *APIServer) AddFlags(fs *pflag.FlagSet) { +func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) { // Add the generic flags. s.ServerRunOptions.AddUniversalFlags(fs) //Add etcd specific flags. diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go index 4cb47c3edfe..6642256c265 100644 --- a/cmd/kube-apiserver/app/options/options_test.go +++ b/cmd/kube-apiserver/app/options/options_test.go @@ -26,7 +26,7 @@ func TestAddFlagsFlag(t *testing.T) { // TODO: This only tests the enable-swagger-ui flag for now. // Expand the test to include other flags as well. f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError) - s := NewAPIServer() + s := NewServerRunOptions() s.AddFlags(f) if s.EnableSwaggerUI { t.Errorf("Expected s.EnableSwaggerUI to be false by default") diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index e0017c835c2..b23765f5252 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -63,7 +63,7 @@ import ( // NewAPIServerCommand creates a *cobra.Command object with default parameters func NewAPIServerCommand() *cobra.Command { - s := options.NewAPIServer() + s := options.NewServerRunOptions() s.AddFlags(pflag.CommandLine) cmd := &cobra.Command{ Use: "kube-apiserver", @@ -79,7 +79,7 @@ cluster's shared state through which all other components interact.`, } // Run runs the specified APIServer. This should never exit. -func Run(s *options.APIServer) error { +func Run(s *options.ServerRunOptions) error { genericvalidation.VerifyEtcdServersList(s.ServerRunOptions) genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions) genericConfig := genericapiserver.NewConfig(). // create the new config diff --git a/cmd/kube-apiserver/app/server_test.go b/cmd/kube-apiserver/app/server_test.go index 6335fe7cc2e..ca8d12dc0b9 100644 --- a/cmd/kube-apiserver/app/server_test.go +++ b/cmd/kube-apiserver/app/server_test.go @@ -24,7 +24,7 @@ import ( ) func TestLongRunningRequestRegexp(t *testing.T) { - regexp := regexp.MustCompile(options.NewAPIServer().LongRunningRequestRE) + regexp := regexp.MustCompile(options.NewServerRunOptions().LongRunningRequestRE) dontMatch := []string{ "/api/v1/watch-namespace/", "/api/v1/namespace-proxy/", diff --git a/test/e2e_node/services/apiserver.go b/test/e2e_node/services/apiserver.go index dd7069fa79e..330434cf2e4 100644 --- a/test/e2e_node/services/apiserver.go +++ b/test/e2e_node/services/apiserver.go @@ -40,7 +40,7 @@ func NewAPIServer() *APIServer { // Start starts the apiserver, returns when apiserver is ready. func (a *APIServer) Start() error { - config := options.NewAPIServer() + config := options.NewServerRunOptions() config.StorageConfig.ServerList = []string{getEtcdClientURL()} _, ipnet, err := net.ParseCIDR(clusterIPRange) if err != nil { From ab3ce27f0198491ef37137535910a06f59fc47d9 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Tue, 25 Oct 2016 09:28:11 +0200 Subject: [PATCH 3/3] Make master+federation ServerRunOptions embeddings explicit --- cmd/kube-apiserver/app/options/options.go | 10 +- .../app/options/options_test.go | 4 +- cmd/kube-apiserver/app/server.go | 92 +++++++++---------- cmd/kube-apiserver/app/server_test.go | 2 +- .../app/options/options.go | 12 +-- .../cmd/federation-apiserver/app/server.go | 74 +++++++-------- test/e2e_node/services/apiserver.go | 4 +- test/integration/federation/server_test.go | 8 +- 8 files changed, 103 insertions(+), 103 deletions(-) diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 3a08d50ade7..5a763950745 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -30,7 +30,7 @@ import ( // ServerRunOptions runs a kubernetes api server. type ServerRunOptions struct { - *genericoptions.ServerRunOptions + GenericServerRunOptions *genericoptions.ServerRunOptions AllowPrivileged bool EventTTL time.Duration KubeletConfig kubeletclient.KubeletClientConfig @@ -46,8 +46,8 @@ type ServerRunOptions struct { // NewServerRunOptions creates a new ServerRunOptions object with default parameters func NewServerRunOptions() *ServerRunOptions { s := ServerRunOptions{ - ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(), - EventTTL: 1 * time.Hour, + GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(), + EventTTL: 1 * time.Hour, KubeletConfig: kubeletclient.KubeletClientConfig{ Port: ports.KubeletPort, EnableHttps: true, @@ -61,9 +61,9 @@ func NewServerRunOptions() *ServerRunOptions { // AddFlags adds flags for a specific APIServer to the specified FlagSet func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) { // Add the generic flags. - s.ServerRunOptions.AddUniversalFlags(fs) + s.GenericServerRunOptions.AddUniversalFlags(fs) //Add etcd specific flags. - s.ServerRunOptions.AddEtcdStorageFlags(fs) + s.GenericServerRunOptions.AddEtcdStorageFlags(fs) // Note: the weird ""+ in below lines seems to be the only way to get gofmt to // arrange these text blocks sensibly. Grrr. diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go index 6642256c265..021bdb1370c 100644 --- a/cmd/kube-apiserver/app/options/options_test.go +++ b/cmd/kube-apiserver/app/options/options_test.go @@ -28,7 +28,7 @@ func TestAddFlagsFlag(t *testing.T) { f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError) s := NewServerRunOptions() s.AddFlags(f) - if s.EnableSwaggerUI { + if s.GenericServerRunOptions.EnableSwaggerUI { t.Errorf("Expected s.EnableSwaggerUI to be false by default") } @@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) { "--enable-swagger-ui=true", } f.Parse(args) - if !s.EnableSwaggerUI { + if !s.GenericServerRunOptions.EnableSwaggerUI { t.Errorf("Expected s.EnableSwaggerUI to be true") } } diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index b23765f5252..0bdb71e485a 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -80,11 +80,11 @@ cluster's shared state through which all other components interact.`, // Run runs the specified APIServer. This should never exit. func Run(s *options.ServerRunOptions) error { - genericvalidation.VerifyEtcdServersList(s.ServerRunOptions) - genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions) + genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions) + genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions) genericConfig := genericapiserver.NewConfig(). // create the new config - ApplyOptions(s.ServerRunOptions). // apply the options selected - Complete() // set default values based on the known values + ApplyOptions(s.GenericServerRunOptions). // apply the options selected + Complete() // set default values based on the known values if err := genericConfig.MaybeGenerateServingCerts(); err != nil { glog.Fatalf("Failed to generate service certificate: %v", err) @@ -107,7 +107,7 @@ func Run(s *options.ServerRunOptions) error { if len(s.SSHUser) > 0 { // Get ssh key distribution func, if supported var installSSH genericapiserver.InstallSSHKey - cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile) + cloud, err := cloudprovider.InitCloudProvider(s.GenericServerRunOptions.CloudProvider, s.GenericServerRunOptions.CloudConfigFile) if err != nil { glog.Fatalf("Cloud provider could not be initialized: %v", err) } @@ -138,10 +138,10 @@ func Run(s *options.ServerRunOptions) error { // Proxying to pods and services is IP-based... don't expect to be able to verify the hostname proxyTLSClientConfig := &tls.Config{InsecureSkipVerify: true} - if s.StorageConfig.DeserializationCacheSize == 0 { + if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 { // When size of cache is not explicitly set, estimate its size based on // target memory usage. - glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.TargetRAMMB) + glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB) // This is the heuristics that from memory capacity is trying to infer // the maximum number of nodes in the cluster and set cache sizes based @@ -153,29 +153,29 @@ func Run(s *options.ServerRunOptions) error { // be used for the deserialization cache and divide it by the max object // size to compute its size. We may even go further and measure // collective sizes of the objects in the cache. - clusterSize := s.TargetRAMMB / 60 - s.StorageConfig.DeserializationCacheSize = 25 * clusterSize - if s.StorageConfig.DeserializationCacheSize < 1000 { - s.StorageConfig.DeserializationCacheSize = 1000 + clusterSize := s.GenericServerRunOptions.TargetRAMMB / 60 + s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 25 * clusterSize + if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize < 1000 { + s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 1000 } } - storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion() + storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion() if err != nil { glog.Fatalf("error generating storage version map: %s", err) } storageFactory, err := genericapiserver.BuildDefaultStorageFactory( - s.StorageConfig, s.DefaultStorageMediaType, api.Codecs, + s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs, genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion, // FIXME: this GroupVersionResource override should be configurable []unversioned.GroupVersionResource{batch.Resource("scheduledjobs").WithVersion("v2alpha1")}, - master.DefaultAPIResourceConfigSource(), s.RuntimeConfig) + master.DefaultAPIResourceConfigSource(), s.GenericServerRunOptions.RuntimeConfig) if err != nil { glog.Fatalf("error in initializing storage factory: %s", err) } storageFactory.AddCohabitatingResources(batch.Resource("jobs"), extensions.Resource("jobs")) storageFactory.AddCohabitatingResources(autoscaling.Resource("horizontalpodautoscalers"), extensions.Resource("horizontalpodautoscalers")) - for _, override := range s.EtcdServersOverrides { + for _, override := range s.GenericServerRunOptions.EtcdServersOverrides { tokens := strings.Split(override, "#") if len(tokens) != 2 { glog.Errorf("invalid value of etcd server overrides: %s", override) @@ -196,9 +196,9 @@ func Run(s *options.ServerRunOptions) error { } // Default to the private server key for service account token signing - if len(s.ServiceAccountKeyFiles) == 0 && s.TLSPrivateKeyFile != "" { - if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) { - s.ServiceAccountKeyFiles = []string{s.TLSPrivateKeyFile} + if len(s.ServiceAccountKeyFiles) == 0 && s.GenericServerRunOptions.TLSPrivateKeyFile != "" { + if authenticator.IsValidServiceAccountKeyFile(s.GenericServerRunOptions.TLSPrivateKeyFile) { + s.ServiceAccountKeyFiles = []string{s.GenericServerRunOptions.TLSPrivateKeyFile} } else { glog.Warning("No TLS key provided, service account token authentication disabled") } @@ -216,23 +216,23 @@ func Run(s *options.ServerRunOptions) error { } apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{ - Anonymous: s.AnonymousAuth, - AnyToken: s.EnableAnyToken, - BasicAuthFile: s.BasicAuthFile, - ClientCAFile: s.ClientCAFile, - TokenAuthFile: s.TokenAuthFile, - OIDCIssuerURL: s.OIDCIssuerURL, - OIDCClientID: s.OIDCClientID, - OIDCCAFile: s.OIDCCAFile, - OIDCUsernameClaim: s.OIDCUsernameClaim, - OIDCGroupsClaim: s.OIDCGroupsClaim, + Anonymous: s.GenericServerRunOptions.AnonymousAuth, + AnyToken: s.GenericServerRunOptions.EnableAnyToken, + BasicAuthFile: s.GenericServerRunOptions.BasicAuthFile, + ClientCAFile: s.GenericServerRunOptions.ClientCAFile, + TokenAuthFile: s.GenericServerRunOptions.TokenAuthFile, + OIDCIssuerURL: s.GenericServerRunOptions.OIDCIssuerURL, + OIDCClientID: s.GenericServerRunOptions.OIDCClientID, + OIDCCAFile: s.GenericServerRunOptions.OIDCCAFile, + OIDCUsernameClaim: s.GenericServerRunOptions.OIDCUsernameClaim, + OIDCGroupsClaim: s.GenericServerRunOptions.OIDCGroupsClaim, ServiceAccountKeyFiles: s.ServiceAccountKeyFiles, ServiceAccountLookup: s.ServiceAccountLookup, ServiceAccountTokenGetter: serviceAccountGetter, - KeystoneURL: s.KeystoneURL, + KeystoneURL: s.GenericServerRunOptions.KeystoneURL, WebhookTokenAuthnConfigFile: s.WebhookTokenAuthnConfigFile, WebhookTokenAuthnCacheTTL: s.WebhookTokenAuthnCacheTTL, - RequestHeaderConfig: s.AuthenticationRequestHeaderConfig(), + RequestHeaderConfig: s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(), }) if err != nil { @@ -240,31 +240,31 @@ func Run(s *options.ServerRunOptions) error { } privilegedLoopbackToken := uuid.NewRandom().String() - selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken) + selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken) if err != nil { glog.Fatalf("Failed to create clientset: %v", err) } - client, err := s.NewSelfClient(privilegedLoopbackToken) + client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken) if err != nil { glog.Errorf("Failed to create clientset: %v", err) } sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) authorizationConfig := authorizer.AuthorizationConfig{ - PolicyFile: s.AuthorizationPolicyFile, - WebhookConfigFile: s.AuthorizationWebhookConfigFile, - WebhookCacheAuthorizedTTL: s.AuthorizationWebhookCacheAuthorizedTTL, - WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL, - RBACSuperUser: s.AuthorizationRBACSuperUser, + PolicyFile: s.GenericServerRunOptions.AuthorizationPolicyFile, + WebhookConfigFile: s.GenericServerRunOptions.AuthorizationWebhookConfigFile, + WebhookCacheAuthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL, + WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL, + RBACSuperUser: s.GenericServerRunOptions.AuthorizationRBACSuperUser, InformerFactory: sharedInformers, } - authorizationModeNames := strings.Split(s.AuthorizationMode, ",") + authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",") apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig) if err != nil { glog.Fatalf("Invalid Authorization Config: %v", err) } - admissionControlPluginNames := strings.Split(s.AdmissionControl, ",") + admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",") // TODO(dims): We probably need to add an option "EnableLoopbackToken" if apiAuthenticator != nil { @@ -285,7 +285,7 @@ func Run(s *options.ServerRunOptions) error { pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer) - admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer) + admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer) if err != nil { glog.Fatalf("Failed to initialize plugins: %v", err) } @@ -311,9 +311,9 @@ func Run(s *options.ServerRunOptions) error { GenericConfig: genericConfig.Config, StorageFactory: storageFactory, - EnableWatchCache: s.EnableWatchCache, + EnableWatchCache: s.GenericServerRunOptions.EnableWatchCache, EnableCoreControllers: true, - DeleteCollectionWorkers: s.DeleteCollectionWorkers, + DeleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers, EventTTL: s.EventTTL, KubeletClientConfig: s.KubeletConfig, EnableUISupport: true, @@ -323,10 +323,10 @@ func Run(s *options.ServerRunOptions) error { Tunneler: tunneler, } - if s.EnableWatchCache { - glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.TargetRAMMB) - cachesize.InitializeWatchCacheSizes(s.TargetRAMMB) - cachesize.SetWatchCacheSizes(s.WatchCacheSizes) + if s.GenericServerRunOptions.EnableWatchCache { + glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB) + cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB) + cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes) } m, err := config.Complete().New() diff --git a/cmd/kube-apiserver/app/server_test.go b/cmd/kube-apiserver/app/server_test.go index ca8d12dc0b9..637adcaf678 100644 --- a/cmd/kube-apiserver/app/server_test.go +++ b/cmd/kube-apiserver/app/server_test.go @@ -24,7 +24,7 @@ import ( ) func TestLongRunningRequestRegexp(t *testing.T) { - regexp := regexp.MustCompile(options.NewServerRunOptions().LongRunningRequestRE) + regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE) dontMatch := []string{ "/api/v1/watch-namespace/", "/api/v1/namespace-proxy/", diff --git a/federation/cmd/federation-apiserver/app/options/options.go b/federation/cmd/federation-apiserver/app/options/options.go index 56fee8ace63..b1bfafb5071 100644 --- a/federation/cmd/federation-apiserver/app/options/options.go +++ b/federation/cmd/federation-apiserver/app/options/options.go @@ -27,15 +27,15 @@ import ( // Runtime options for the federation-apiserver. type ServerRunOptions struct { - *genericoptions.ServerRunOptions - EventTTL time.Duration + GenericServerRunOptions *genericoptions.ServerRunOptions + EventTTL time.Duration } // NewServerRunOptions creates a new ServerRunOptions object with default values. func NewServerRunOptions() *ServerRunOptions { s := ServerRunOptions{ - ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(), - EventTTL: 1 * time.Hour, + GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(), + EventTTL: 1 * time.Hour, } return &s } @@ -43,9 +43,9 @@ func NewServerRunOptions() *ServerRunOptions { // AddFlags adds flags for ServerRunOptions fields to be specified via FlagSet. func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) { // Add the generic flags. - s.ServerRunOptions.AddUniversalFlags(fs) + s.GenericServerRunOptions.AddUniversalFlags(fs) //Add etcd specific flags. - s.ServerRunOptions.AddEtcdStorageFlags(fs) + s.GenericServerRunOptions.AddEtcdStorageFlags(fs) fs.DurationVar(&s.EventTTL, "event-ttl", s.EventTTL, "Amount of time to retain events. Default is 1h.") diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 68165162691..3ee53be4002 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -67,11 +67,11 @@ cluster's shared state through which all other components interact.`, // Run runs the specified APIServer. This should never exit. func Run(s *options.ServerRunOptions) error { - genericvalidation.VerifyEtcdServersList(s.ServerRunOptions) - genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions) + genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions) + genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions) genericConfig := genericapiserver.NewConfig(). // create the new config - ApplyOptions(s.ServerRunOptions). // apply the options selected - Complete() // set default values based on the known values + ApplyOptions(s.GenericServerRunOptions). // apply the options selected + Complete() // set default values based on the known values if err := genericConfig.MaybeGenerateServingCerts(); err != nil { glog.Fatalf("Failed to generate service certificate: %v", err) @@ -80,23 +80,23 @@ func Run(s *options.ServerRunOptions) error { // TODO: register cluster federation resources here. resourceConfig := genericapiserver.NewResourceConfig() - if s.StorageConfig.DeserializationCacheSize == 0 { + if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 { // When size of cache is not explicitly set, set it to 50000 - s.StorageConfig.DeserializationCacheSize = 50000 + s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 50000 } - storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion() + storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion() if err != nil { glog.Fatalf("error generating storage version map: %s", err) } storageFactory, err := genericapiserver.BuildDefaultStorageFactory( - s.StorageConfig, s.DefaultStorageMediaType, api.Codecs, + s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs, genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion, - []unversioned.GroupVersionResource{}, resourceConfig, s.RuntimeConfig) + []unversioned.GroupVersionResource{}, resourceConfig, s.GenericServerRunOptions.RuntimeConfig) if err != nil { glog.Fatalf("error in initializing storage factory: %s", err) } - for _, override := range s.EtcdServersOverrides { + for _, override := range s.GenericServerRunOptions.EtcdServersOverrides { tokens := strings.Split(override, "#") if len(tokens) != 2 { glog.Errorf("invalid value of etcd server overrides: %s", override) @@ -117,49 +117,49 @@ func Run(s *options.ServerRunOptions) error { } apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{ - Anonymous: s.AnonymousAuth, - AnyToken: s.EnableAnyToken, - BasicAuthFile: s.BasicAuthFile, - ClientCAFile: s.ClientCAFile, - TokenAuthFile: s.TokenAuthFile, - OIDCIssuerURL: s.OIDCIssuerURL, - OIDCClientID: s.OIDCClientID, - OIDCCAFile: s.OIDCCAFile, - OIDCUsernameClaim: s.OIDCUsernameClaim, - OIDCGroupsClaim: s.OIDCGroupsClaim, - KeystoneURL: s.KeystoneURL, - RequestHeaderConfig: s.AuthenticationRequestHeaderConfig(), + Anonymous: s.GenericServerRunOptions.AnonymousAuth, + AnyToken: s.GenericServerRunOptions.EnableAnyToken, + BasicAuthFile: s.GenericServerRunOptions.BasicAuthFile, + ClientCAFile: s.GenericServerRunOptions.ClientCAFile, + TokenAuthFile: s.GenericServerRunOptions.TokenAuthFile, + OIDCIssuerURL: s.GenericServerRunOptions.OIDCIssuerURL, + OIDCClientID: s.GenericServerRunOptions.OIDCClientID, + OIDCCAFile: s.GenericServerRunOptions.OIDCCAFile, + OIDCUsernameClaim: s.GenericServerRunOptions.OIDCUsernameClaim, + OIDCGroupsClaim: s.GenericServerRunOptions.OIDCGroupsClaim, + KeystoneURL: s.GenericServerRunOptions.KeystoneURL, + RequestHeaderConfig: s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(), }) if err != nil { glog.Fatalf("Invalid Authentication Config: %v", err) } privilegedLoopbackToken := uuid.NewRandom().String() - selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken) + selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken) if err != nil { glog.Fatalf("Failed to create clientset: %v", err) } - client, err := s.NewSelfClient(privilegedLoopbackToken) + client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken) if err != nil { glog.Errorf("Failed to create clientset: %v", err) } sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) authorizationConfig := authorizer.AuthorizationConfig{ - PolicyFile: s.AuthorizationPolicyFile, - WebhookConfigFile: s.AuthorizationWebhookConfigFile, - WebhookCacheAuthorizedTTL: s.AuthorizationWebhookCacheAuthorizedTTL, - WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL, - RBACSuperUser: s.AuthorizationRBACSuperUser, + PolicyFile: s.GenericServerRunOptions.AuthorizationPolicyFile, + WebhookConfigFile: s.GenericServerRunOptions.AuthorizationWebhookConfigFile, + WebhookCacheAuthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL, + WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL, + RBACSuperUser: s.GenericServerRunOptions.AuthorizationRBACSuperUser, InformerFactory: sharedInformers, } - authorizationModeNames := strings.Split(s.AuthorizationMode, ",") + authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",") apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig) if err != nil { glog.Fatalf("Invalid Authorization Config: %v", err) } - admissionControlPluginNames := strings.Split(s.AdmissionControl, ",") + admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",") // TODO(dims): We probably need to add an option "EnableLoopbackToken" if apiAuthenticator != nil { @@ -180,7 +180,7 @@ func Run(s *options.ServerRunOptions) error { pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer) - admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer) + admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer) if err != nil { glog.Fatalf("Failed to initialize plugins: %v", err) } @@ -197,9 +197,9 @@ func Run(s *options.ServerRunOptions) error { genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions // TODO: Move this to generic api server (Need to move the command line flag). - if s.EnableWatchCache { - cachesize.InitializeWatchCacheSizes(s.TargetRAMMB) - cachesize.SetWatchCacheSizes(s.WatchCacheSizes) + if s.GenericServerRunOptions.EnableWatchCache { + cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB) + cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes) } m, err := genericConfig.New() @@ -212,9 +212,9 @@ func Run(s *options.ServerRunOptions) error { restOptionsFactory := restOptionsFactory{ storageFactory: storageFactory, - deleteCollectionWorkers: s.DeleteCollectionWorkers, + deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers, } - if s.EnableWatchCache { + if s.GenericServerRunOptions.EnableWatchCache { restOptionsFactory.storageDecorator = registry.StorageWithCacher } else { restOptionsFactory.storageDecorator = generic.UndecoratedStorage diff --git a/test/e2e_node/services/apiserver.go b/test/e2e_node/services/apiserver.go index 330434cf2e4..6b5b66bab26 100644 --- a/test/e2e_node/services/apiserver.go +++ b/test/e2e_node/services/apiserver.go @@ -41,12 +41,12 @@ func NewAPIServer() *APIServer { // Start starts the apiserver, returns when apiserver is ready. func (a *APIServer) Start() error { config := options.NewServerRunOptions() - config.StorageConfig.ServerList = []string{getEtcdClientURL()} + config.GenericServerRunOptions.StorageConfig.ServerList = []string{getEtcdClientURL()} _, ipnet, err := net.ParseCIDR(clusterIPRange) if err != nil { return err } - config.ServiceClusterIPRange = *ipnet + config.GenericServerRunOptions.ServiceClusterIPRange = *ipnet config.AllowPrivileged = true errCh := make(chan error) go func() { diff --git a/test/integration/federation/server_test.go b/test/integration/federation/server_test.go index 90d12c45e4d..0bd5e56e698 100644 --- a/test/integration/federation/server_test.go +++ b/test/integration/federation/server_test.go @@ -37,7 +37,7 @@ import ( ) func TestLongRunningRequestRegexp(t *testing.T) { - regexp := regexp.MustCompile(options.NewServerRunOptions().LongRunningRequestRE) + regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE) dontMatch := []string{ "/api/v1/watch-namespace/", "/api/v1/namespace-proxy/", @@ -86,10 +86,10 @@ var groupVersions = []unversioned.GroupVersion{ func TestRun(t *testing.T) { s := options.NewServerRunOptions() - s.InsecurePort = insecurePort + s.GenericServerRunOptions.InsecurePort = insecurePort _, ipNet, _ := net.ParseCIDR("10.10.10.0/24") - s.ServiceClusterIPRange = *ipNet - s.StorageConfig.ServerList = []string{"http://localhost:2379"} + s.GenericServerRunOptions.ServiceClusterIPRange = *ipNet + s.GenericServerRunOptions.StorageConfig.ServerList = []string{"http://localhost:2379"} go func() { if err := app.Run(s); err != nil { t.Fatalf("Error in bringing up the server: %v", err)