Merge pull request #35501 from sttts/sttts-misc-master-cleanups

Automatic merge from submit-queue

Misc master and federation cleanups

- misc small cleanups
- make ServerRunOption embeddings explicit in order to make the technical debt in our plumbing code visible.

cmd/hyperkube/kube-apiserver.go

@@ -24,7 +24,7 @@ import (
 // NewKubeAPIServer creates a new hyperkube Server object that includes the
 // description and flags.
 func NewKubeAPIServer() *Server {
-	s := options.NewAPIServer()
+	s := options.NewServerRunOptions()
 
 	hks := Server{
 		SimpleUsage: "apiserver",

cmd/kube-apiserver/apiserver.go

@@ -38,7 +38,7 @@ import (
 func main() {
 	rand.Seed(time.Now().UTC().UnixNano())
 
-	s := options.NewAPIServer()
+	s := options.NewServerRunOptions()
 	s.AddFlags(pflag.CommandLine)
 
 	flag.InitFlags()

cmd/kube-apiserver/app/options/options.go

@@ -28,9 +28,9 @@ import (
 	"github.com/spf13/pflag"
 )
 
-// APIServer runs a kubernetes api server.
+// ServerRunOptions runs a kubernetes api server.
-type APIServer struct {
+type ServerRunOptions struct {
-	*genericoptions.ServerRunOptions
+	GenericServerRunOptions     *genericoptions.ServerRunOptions
 	AllowPrivileged             bool
 	EventTTL                    time.Duration
 	KubeletConfig               kubeletclient.KubeletClientConfig
@@ -43,10 +43,10 @@ type APIServer struct {
 	WebhookTokenAuthnCacheTTL   time.Duration
 }
 
-// NewAPIServer creates a new APIServer object with default parameters
+// NewServerRunOptions creates a new ServerRunOptions object with default parameters
-func NewAPIServer() *APIServer {
+func NewServerRunOptions() *ServerRunOptions {
-	s := APIServer{
+	s := ServerRunOptions{
-		ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
+		GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
 		EventTTL:                1 * time.Hour,
 		KubeletConfig: kubeletclient.KubeletClientConfig{
 			Port:        ports.KubeletPort,
@@ -59,11 +59,11 @@ func NewAPIServer() *APIServer {
 }
 
 // AddFlags adds flags for a specific APIServer to the specified FlagSet
-func (s *APIServer) AddFlags(fs *pflag.FlagSet) {
+func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	// Add the generic flags.
-	s.ServerRunOptions.AddUniversalFlags(fs)
+	s.GenericServerRunOptions.AddUniversalFlags(fs)
 	//Add etcd specific flags.
-	s.ServerRunOptions.AddEtcdStorageFlags(fs)
+	s.GenericServerRunOptions.AddEtcdStorageFlags(fs)
 	// Note: the weird ""+ in below lines seems to be the only way to get gofmt to
 	// arrange these text blocks sensibly. Grrr.
 

cmd/kube-apiserver/app/options/options_test.go

@@ -26,9 +26,9 @@ func TestAddFlagsFlag(t *testing.T) {
 	// TODO: This only tests the enable-swagger-ui flag for now.
 	// Expand the test to include other flags as well.
 	f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
-	s := NewAPIServer()
+	s := NewServerRunOptions()
 	s.AddFlags(f)
-	if s.EnableSwaggerUI {
+	if s.GenericServerRunOptions.EnableSwaggerUI {
 		t.Errorf("Expected s.EnableSwaggerUI to be false by default")
 	}
 
@@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
 		"--enable-swagger-ui=true",
 	}
 	f.Parse(args)
-	if !s.EnableSwaggerUI {
+	if !s.GenericServerRunOptions.EnableSwaggerUI {
 		t.Errorf("Expected s.EnableSwaggerUI to be true")
 	}
 }

cmd/kube-apiserver/app/server.go

@@ -63,7 +63,7 @@ import (
 
 // NewAPIServerCommand creates a *cobra.Command object with default parameters
 func NewAPIServerCommand() *cobra.Command {
-	s := options.NewAPIServer()
+	s := options.NewServerRunOptions()
 	s.AddFlags(pflag.CommandLine)
 	cmd := &cobra.Command{
 		Use: "kube-apiserver",
@@ -79,11 +79,11 @@ cluster's shared state through which all other components interact.`,
 }
 
 // Run runs the specified APIServer.  This should never exit.
-func Run(s *options.APIServer) error {
+func Run(s *options.ServerRunOptions) error {
-	genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
+	genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions)
-	genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
+	genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
 	genericConfig := genericapiserver.NewConfig(). // create the new config
-							ApplyOptions(s.ServerRunOptions). // apply the options selected
+							ApplyOptions(s.GenericServerRunOptions). // apply the options selected
 							Complete()                               // set default values based on the known values
 
 	if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
@@ -107,7 +107,7 @@ func Run(s *options.APIServer) error {
 	if len(s.SSHUser) > 0 {
 		// Get ssh key distribution func, if supported
 		var installSSH genericapiserver.InstallSSHKey
-		cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile)
+		cloud, err := cloudprovider.InitCloudProvider(s.GenericServerRunOptions.CloudProvider, s.GenericServerRunOptions.CloudConfigFile)
 		if err != nil {
 			glog.Fatalf("Cloud provider could not be initialized: %v", err)
 		}
@@ -138,10 +138,10 @@ func Run(s *options.APIServer) error {
 	// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
 	proxyTLSClientConfig := &tls.Config{InsecureSkipVerify: true}
 
-	if s.StorageConfig.DeserializationCacheSize == 0 {
+	if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 {
 		// When size of cache is not explicitly set, estimate its size based on
 		// target memory usage.
-		glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.TargetRAMMB)
+		glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
 
 		// This is the heuristics that from memory capacity is trying to infer
 		// the maximum number of nodes in the cluster and set cache sizes based
@@ -153,29 +153,29 @@ func Run(s *options.APIServer) error {
 		// be used for the deserialization cache and divide it by the max object
 		// size to compute its size. We may even go further and measure
 		// collective sizes of the objects in the cache.
-		clusterSize := s.TargetRAMMB / 60
+		clusterSize := s.GenericServerRunOptions.TargetRAMMB / 60
-		s.StorageConfig.DeserializationCacheSize = 25 * clusterSize
+		s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 25 * clusterSize
-		if s.StorageConfig.DeserializationCacheSize < 1000 {
+		if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize < 1000 {
-			s.StorageConfig.DeserializationCacheSize = 1000
+			s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 1000
 		}
 	}
 
-	storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion()
+	storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion()
 	if err != nil {
 		glog.Fatalf("error generating storage version map: %s", err)
 	}
 	storageFactory, err := genericapiserver.BuildDefaultStorageFactory(
-		s.StorageConfig, s.DefaultStorageMediaType, api.Codecs,
+		s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
 		genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion,
 		// FIXME: this GroupVersionResource override should be configurable
 		[]unversioned.GroupVersionResource{batch.Resource("scheduledjobs").WithVersion("v2alpha1")},
-		master.DefaultAPIResourceConfigSource(), s.RuntimeConfig)
+		master.DefaultAPIResourceConfigSource(), s.GenericServerRunOptions.RuntimeConfig)
 	if err != nil {
 		glog.Fatalf("error in initializing storage factory: %s", err)
 	}
 	storageFactory.AddCohabitatingResources(batch.Resource("jobs"), extensions.Resource("jobs"))
 	storageFactory.AddCohabitatingResources(autoscaling.Resource("horizontalpodautoscalers"), extensions.Resource("horizontalpodautoscalers"))
-	for _, override := range s.EtcdServersOverrides {
+	for _, override := range s.GenericServerRunOptions.EtcdServersOverrides {
 		tokens := strings.Split(override, "#")
 		if len(tokens) != 2 {
 			glog.Errorf("invalid value of etcd server overrides: %s", override)
@@ -196,9 +196,9 @@ func Run(s *options.APIServer) error {
 	}
 
 	// Default to the private server key for service account token signing
-	if len(s.ServiceAccountKeyFiles) == 0 && s.TLSPrivateKeyFile != "" {
+	if len(s.ServiceAccountKeyFiles) == 0 && s.GenericServerRunOptions.TLSPrivateKeyFile != "" {
-		if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
+		if authenticator.IsValidServiceAccountKeyFile(s.GenericServerRunOptions.TLSPrivateKeyFile) {
-			s.ServiceAccountKeyFiles = []string{s.TLSPrivateKeyFile}
+			s.ServiceAccountKeyFiles = []string{s.GenericServerRunOptions.TLSPrivateKeyFile}
 		} else {
 			glog.Warning("No TLS key provided, service account token authentication disabled")
 		}
@@ -216,23 +216,23 @@ func Run(s *options.APIServer) error {
 	}
 
 	apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
-		Anonymous:                   s.AnonymousAuth,
+		Anonymous:                   s.GenericServerRunOptions.AnonymousAuth,
-		AnyToken:                    s.EnableAnyToken,
+		AnyToken:                    s.GenericServerRunOptions.EnableAnyToken,
-		BasicAuthFile:               s.BasicAuthFile,
+		BasicAuthFile:               s.GenericServerRunOptions.BasicAuthFile,
-		ClientCAFile:                s.ClientCAFile,
+		ClientCAFile:                s.GenericServerRunOptions.ClientCAFile,
-		TokenAuthFile:               s.TokenAuthFile,
+		TokenAuthFile:               s.GenericServerRunOptions.TokenAuthFile,
-		OIDCIssuerURL:               s.OIDCIssuerURL,
+		OIDCIssuerURL:               s.GenericServerRunOptions.OIDCIssuerURL,
-		OIDCClientID:                s.OIDCClientID,
+		OIDCClientID:                s.GenericServerRunOptions.OIDCClientID,
-		OIDCCAFile:                  s.OIDCCAFile,
+		OIDCCAFile:                  s.GenericServerRunOptions.OIDCCAFile,
-		OIDCUsernameClaim:           s.OIDCUsernameClaim,
+		OIDCUsernameClaim:           s.GenericServerRunOptions.OIDCUsernameClaim,
-		OIDCGroupsClaim:             s.OIDCGroupsClaim,
+		OIDCGroupsClaim:             s.GenericServerRunOptions.OIDCGroupsClaim,
 		ServiceAccountKeyFiles:      s.ServiceAccountKeyFiles,
 		ServiceAccountLookup:        s.ServiceAccountLookup,
 		ServiceAccountTokenGetter:   serviceAccountGetter,
-		KeystoneURL:                 s.KeystoneURL,
+		KeystoneURL:                 s.GenericServerRunOptions.KeystoneURL,
 		WebhookTokenAuthnConfigFile: s.WebhookTokenAuthnConfigFile,
 		WebhookTokenAuthnCacheTTL:   s.WebhookTokenAuthnCacheTTL,
-		RequestHeaderConfig:         s.AuthenticationRequestHeaderConfig(),
+		RequestHeaderConfig:         s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(),
 	})
 
 	if err != nil {
@@ -240,31 +240,31 @@ func Run(s *options.APIServer) error {
 	}
 
 	privilegedLoopbackToken := uuid.NewRandom().String()
-	selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken)
+	selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken)
 	if err != nil {
 		glog.Fatalf("Failed to create clientset: %v", err)
 	}
-	client, err := s.NewSelfClient(privilegedLoopbackToken)
+	client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken)
 	if err != nil {
 		glog.Errorf("Failed to create clientset: %v", err)
 	}
 	sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
 
 	authorizationConfig := authorizer.AuthorizationConfig{
-		PolicyFile:                  s.AuthorizationPolicyFile,
+		PolicyFile:                  s.GenericServerRunOptions.AuthorizationPolicyFile,
-		WebhookConfigFile:           s.AuthorizationWebhookConfigFile,
+		WebhookConfigFile:           s.GenericServerRunOptions.AuthorizationWebhookConfigFile,
-		WebhookCacheAuthorizedTTL:   s.AuthorizationWebhookCacheAuthorizedTTL,
+		WebhookCacheAuthorizedTTL:   s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL,
-		WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL,
+		WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL,
-		RBACSuperUser:               s.AuthorizationRBACSuperUser,
+		RBACSuperUser:               s.GenericServerRunOptions.AuthorizationRBACSuperUser,
 		InformerFactory:             sharedInformers,
 	}
-	authorizationModeNames := strings.Split(s.AuthorizationMode, ",")
+	authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",")
 	apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig)
 	if err != nil {
 		glog.Fatalf("Invalid Authorization Config: %v", err)
 	}
 
-	admissionControlPluginNames := strings.Split(s.AdmissionControl, ",")
+	admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",")
 
 	// TODO(dims): We probably need to add an option "EnableLoopbackToken"
 	if apiAuthenticator != nil {
@@ -285,7 +285,7 @@ func Run(s *options.APIServer) error {
 
 	pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer)
 
-	admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer)
+	admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer)
 	if err != nil {
 		glog.Fatalf("Failed to initialize plugins: %v", err)
 	}
@@ -299,12 +299,9 @@ func Run(s *options.APIServer) error {
 	genericConfig.Version = &kubeVersion
 	genericConfig.LoopbackClientConfig = selfClientConfig
 	genericConfig.Authenticator = apiAuthenticator
-	genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
 	genericConfig.Authorizer = apiAuthorizer
-	genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser
 	genericConfig.AdmissionControl = admissionController
 	genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource
-	genericConfig.MasterServiceNamespace = s.MasterServiceNamespace
 	genericConfig.OpenAPIConfig.Info.Title = "Kubernetes"
 	genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions
 	genericConfig.EnableOpenAPISupport = true
@@ -314,9 +311,9 @@ func Run(s *options.APIServer) error {
 		GenericConfig: genericConfig.Config,
 
 		StorageFactory:          storageFactory,
-		EnableWatchCache:        s.EnableWatchCache,
+		EnableWatchCache:        s.GenericServerRunOptions.EnableWatchCache,
 		EnableCoreControllers:   true,
-		DeleteCollectionWorkers: s.DeleteCollectionWorkers,
+		DeleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
 		EventTTL:                s.EventTTL,
 		KubeletClientConfig:     s.KubeletConfig,
 		EnableUISupport:         true,
@@ -326,10 +323,10 @@ func Run(s *options.APIServer) error {
 		Tunneler: tunneler,
 	}
 
-	if s.EnableWatchCache {
+	if s.GenericServerRunOptions.EnableWatchCache {
-		glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.TargetRAMMB)
+		glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
-		cachesize.InitializeWatchCacheSizes(s.TargetRAMMB)
+		cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB)
-		cachesize.SetWatchCacheSizes(s.WatchCacheSizes)
+		cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes)
 	}
 
 	m, err := config.Complete().New()

cmd/kube-apiserver/app/server_test.go

@@ -24,7 +24,7 @@ import (
 )
 
 func TestLongRunningRequestRegexp(t *testing.T) {
-	regexp := regexp.MustCompile(options.NewAPIServer().LongRunningRequestRE)
+	regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE)
 	dontMatch := []string{
 		"/api/v1/watch-namespace/",
 		"/api/v1/namespace-proxy/",

federation/cmd/federation-apiserver/app/options/options.go

@@ -27,14 +27,14 @@ import (
 
 // Runtime options for the federation-apiserver.
 type ServerRunOptions struct {
-	*genericoptions.ServerRunOptions
+	GenericServerRunOptions *genericoptions.ServerRunOptions
 	EventTTL                time.Duration
 }
 
 // NewServerRunOptions creates a new ServerRunOptions object with default values.
 func NewServerRunOptions() *ServerRunOptions {
 	s := ServerRunOptions{
-		ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
+		GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
 		EventTTL:                1 * time.Hour,
 	}
 	return &s
@@ -43,9 +43,9 @@ func NewServerRunOptions() *ServerRunOptions {
 // AddFlags adds flags for ServerRunOptions fields to be specified via FlagSet.
 func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 	// Add the generic flags.
-	s.ServerRunOptions.AddUniversalFlags(fs)
+	s.GenericServerRunOptions.AddUniversalFlags(fs)
 	//Add etcd specific flags.
-	s.ServerRunOptions.AddEtcdStorageFlags(fs)
+	s.GenericServerRunOptions.AddEtcdStorageFlags(fs)
 
 	fs.DurationVar(&s.EventTTL, "event-ttl", s.EventTTL,
 		"Amount of time to retain events. Default is 1h.")

federation/cmd/federation-apiserver/app/server.go

@@ -67,10 +67,10 @@ cluster's shared state through which all other components interact.`,
 
 // Run runs the specified APIServer.  This should never exit.
 func Run(s *options.ServerRunOptions) error {
-	genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
+	genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions)
-	genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
+	genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
 	genericConfig := genericapiserver.NewConfig(). // create the new config
-							ApplyOptions(s.ServerRunOptions). // apply the options selected
+							ApplyOptions(s.GenericServerRunOptions). // apply the options selected
 							Complete()                               // set default values based on the known values
 
 	if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
@@ -80,23 +80,23 @@ func Run(s *options.ServerRunOptions) error {
 	// TODO: register cluster federation resources here.
 	resourceConfig := genericapiserver.NewResourceConfig()
 
-	if s.StorageConfig.DeserializationCacheSize == 0 {
+	if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 {
 		// When size of cache is not explicitly set, set it to 50000
-		s.StorageConfig.DeserializationCacheSize = 50000
+		s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 50000
 	}
-	storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion()
+	storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion()
 	if err != nil {
 		glog.Fatalf("error generating storage version map: %s", err)
 	}
 	storageFactory, err := genericapiserver.BuildDefaultStorageFactory(
-		s.StorageConfig, s.DefaultStorageMediaType, api.Codecs,
+		s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
 		genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion,
-		[]unversioned.GroupVersionResource{}, resourceConfig, s.RuntimeConfig)
+		[]unversioned.GroupVersionResource{}, resourceConfig, s.GenericServerRunOptions.RuntimeConfig)
 	if err != nil {
 		glog.Fatalf("error in initializing storage factory: %s", err)
 	}
 
-	for _, override := range s.EtcdServersOverrides {
+	for _, override := range s.GenericServerRunOptions.EtcdServersOverrides {
 		tokens := strings.Split(override, "#")
 		if len(tokens) != 2 {
 			glog.Errorf("invalid value of etcd server overrides: %s", override)
@@ -117,49 +117,49 @@ func Run(s *options.ServerRunOptions) error {
 	}
 
 	apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
-		Anonymous:           s.AnonymousAuth,
+		Anonymous:           s.GenericServerRunOptions.AnonymousAuth,
-		AnyToken:            s.EnableAnyToken,
+		AnyToken:            s.GenericServerRunOptions.EnableAnyToken,
-		BasicAuthFile:       s.BasicAuthFile,
+		BasicAuthFile:       s.GenericServerRunOptions.BasicAuthFile,
-		ClientCAFile:        s.ClientCAFile,
+		ClientCAFile:        s.GenericServerRunOptions.ClientCAFile,
-		TokenAuthFile:       s.TokenAuthFile,
+		TokenAuthFile:       s.GenericServerRunOptions.TokenAuthFile,
-		OIDCIssuerURL:       s.OIDCIssuerURL,
+		OIDCIssuerURL:       s.GenericServerRunOptions.OIDCIssuerURL,
-		OIDCClientID:        s.OIDCClientID,
+		OIDCClientID:        s.GenericServerRunOptions.OIDCClientID,
-		OIDCCAFile:          s.OIDCCAFile,
+		OIDCCAFile:          s.GenericServerRunOptions.OIDCCAFile,
-		OIDCUsernameClaim:   s.OIDCUsernameClaim,
+		OIDCUsernameClaim:   s.GenericServerRunOptions.OIDCUsernameClaim,
-		OIDCGroupsClaim:     s.OIDCGroupsClaim,
+		OIDCGroupsClaim:     s.GenericServerRunOptions.OIDCGroupsClaim,
-		KeystoneURL:         s.KeystoneURL,
+		KeystoneURL:         s.GenericServerRunOptions.KeystoneURL,
-		RequestHeaderConfig: s.AuthenticationRequestHeaderConfig(),
+		RequestHeaderConfig: s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(),
 	})
 	if err != nil {
 		glog.Fatalf("Invalid Authentication Config: %v", err)
 	}
 
 	privilegedLoopbackToken := uuid.NewRandom().String()
-	selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken)
+	selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken)
 	if err != nil {
 		glog.Fatalf("Failed to create clientset: %v", err)
 	}
-	client, err := s.NewSelfClient(privilegedLoopbackToken)
+	client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken)
 	if err != nil {
 		glog.Errorf("Failed to create clientset: %v", err)
 	}
 	sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
 
 	authorizationConfig := authorizer.AuthorizationConfig{
-		PolicyFile:                  s.AuthorizationPolicyFile,
+		PolicyFile:                  s.GenericServerRunOptions.AuthorizationPolicyFile,
-		WebhookConfigFile:           s.AuthorizationWebhookConfigFile,
+		WebhookConfigFile:           s.GenericServerRunOptions.AuthorizationWebhookConfigFile,
-		WebhookCacheAuthorizedTTL:   s.AuthorizationWebhookCacheAuthorizedTTL,
+		WebhookCacheAuthorizedTTL:   s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL,
-		WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL,
+		WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL,
-		RBACSuperUser:               s.AuthorizationRBACSuperUser,
+		RBACSuperUser:               s.GenericServerRunOptions.AuthorizationRBACSuperUser,
 		InformerFactory:             sharedInformers,
 	}
-	authorizationModeNames := strings.Split(s.AuthorizationMode, ",")
+	authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",")
 	apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig)
 	if err != nil {
 		glog.Fatalf("Invalid Authorization Config: %v", err)
 	}
 
-	admissionControlPluginNames := strings.Split(s.AdmissionControl, ",")
+	admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",")
 
 	// TODO(dims): We probably need to add an option "EnableLoopbackToken"
 	if apiAuthenticator != nil {
@@ -180,7 +180,7 @@ func Run(s *options.ServerRunOptions) error {
 
 	pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer)
 
-	admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer)
+	admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer)
 	if err != nil {
 		glog.Fatalf("Failed to initialize plugins: %v", err)
 	}
@@ -189,20 +189,17 @@ func Run(s *options.ServerRunOptions) error {
 	genericConfig.Version = &kubeVersion
 	genericConfig.LoopbackClientConfig = selfClientConfig
 	genericConfig.Authenticator = apiAuthenticator
-	genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
 	genericConfig.Authorizer = apiAuthorizer
-	genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser
 	genericConfig.AdmissionControl = admissionController
 	genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource
-	genericConfig.MasterServiceNamespace = s.MasterServiceNamespace
 	genericConfig.OpenAPIConfig.Definitions = openapi.OpenAPIDefinitions
 	genericConfig.EnableOpenAPISupport = true
 	genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
 
 	// TODO: Move this to generic api server (Need to move the command line flag).
-	if s.EnableWatchCache {
+	if s.GenericServerRunOptions.EnableWatchCache {
-		cachesize.InitializeWatchCacheSizes(s.TargetRAMMB)
+		cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB)
-		cachesize.SetWatchCacheSizes(s.WatchCacheSizes)
+		cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes)
 	}
 
 	m, err := genericConfig.New()
@@ -215,9 +212,9 @@ func Run(s *options.ServerRunOptions) error {
 
 	restOptionsFactory := restOptionsFactory{
 		storageFactory:          storageFactory,
-		deleteCollectionWorkers: s.DeleteCollectionWorkers,
+		deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
 	}
-	if s.EnableWatchCache {
+	if s.GenericServerRunOptions.EnableWatchCache {
 		restOptionsFactory.storageDecorator = registry.StorageWithCacher
 	} else {
 		restOptionsFactory.storageDecorator = generic.UndecoratedStorage

pkg/genericapiserver/config.go

@@ -84,14 +84,12 @@ type Config struct {
 	EnableGarbageCollection bool
 
 	Version               *version.Info
-	APIGroupPrefix        string
 	CorsAllowedOriginList []string
 	Authenticator         authenticator.Request
 	// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
 	SupportsBasicAuth bool
 	Authorizer        authorizer.Authorizer
 	AdmissionControl  admission.Interface
-	MasterServiceNamespace string
 	// TODO(ericchiang): Determine if policy escalation checks should be an admission controller.
 	AuthorizerRBACSuperUser string
 
@@ -275,6 +273,7 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
 		c.InsecureServingInfo = insecureServingInfo
 	}
 
+	c.AuthorizerRBACSuperUser = options.AuthorizationRBACSuperUser
 	c.CorsAllowedOriginList = options.CorsAllowedOriginList
 	c.EnableGarbageCollection = options.EnableGarbageCollection
 	c.EnableProfiling = options.EnableProfiling
@@ -282,11 +281,12 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
 	c.ExternalHost = options.ExternalHost
 	c.KubernetesServiceNodePort = options.KubernetesServiceNodePort
 	c.MasterCount = options.MasterCount
+	c.MaxRequestsInFlight = options.MaxRequestsInFlight
 	c.MinRequestTimeout = options.MinRequestTimeout
 	c.PublicAddress = options.AdvertiseAddress
 	c.ServiceClusterIPRange = &options.ServiceClusterIPRange
 	c.ServiceNodePortRange = options.ServiceNodePortRange
-	c.MaxRequestsInFlight = options.MaxRequestsInFlight
+	c.SupportsBasicAuth = len(options.BasicAuthFile) > 0
 
 	return c
 }

pkg/genericapiserver/options/server_run_options.go

@@ -393,7 +393,7 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 		"The number of apiservers running in the cluster.")
 
 	fs.StringVar(&s.MasterServiceNamespace, "master-service-namespace", s.MasterServiceNamespace, ""+
-		"The namespace from which the kubernetes master services should be injected into pods.")
+		"DEPRECATED: the namespace from which the kubernetes master services should be injected into pods.")
 
 	fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", s.MaxRequestsInFlight, ""+
 		"The maximum number of requests in flight at a given time. When the server exceeds this, "+

test/e2e_node/services/apiserver.go

@@ -40,13 +40,13 @@ func NewAPIServer() *APIServer {
 
 // Start starts the apiserver, returns when apiserver is ready.
 func (a *APIServer) Start() error {
-	config := options.NewAPIServer()
+	config := options.NewServerRunOptions()
-	config.StorageConfig.ServerList = []string{getEtcdClientURL()}
+	config.GenericServerRunOptions.StorageConfig.ServerList = []string{getEtcdClientURL()}
 	_, ipnet, err := net.ParseCIDR(clusterIPRange)
 	if err != nil {
 		return err
 	}
-	config.ServiceClusterIPRange = *ipnet
+	config.GenericServerRunOptions.ServiceClusterIPRange = *ipnet
 	config.AllowPrivileged = true
 	errCh := make(chan error)
 	go func() {

test/integration/federation/server_test.go

@@ -37,7 +37,7 @@ import (
 )
 
 func TestLongRunningRequestRegexp(t *testing.T) {
-	regexp := regexp.MustCompile(options.NewServerRunOptions().LongRunningRequestRE)
+	regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE)
 	dontMatch := []string{
 		"/api/v1/watch-namespace/",
 		"/api/v1/namespace-proxy/",
@@ -86,10 +86,10 @@ var groupVersions = []unversioned.GroupVersion{
 
 func TestRun(t *testing.T) {
 	s := options.NewServerRunOptions()
-	s.InsecurePort = insecurePort
+	s.GenericServerRunOptions.InsecurePort = insecurePort
 	_, ipNet, _ := net.ParseCIDR("10.10.10.0/24")
-	s.ServiceClusterIPRange = *ipNet
+	s.GenericServerRunOptions.ServiceClusterIPRange = *ipNet
-	s.StorageConfig.ServerList = []string{"http://localhost:2379"}
+	s.GenericServerRunOptions.StorageConfig.ServerList = []string{"http://localhost:2379"}
 	go func() {
 		if err := app.Run(s); err != nil {
 			t.Fatalf("Error in bringing up the server: %v", err)