Merge pull request #35501 from sttts/sttts-misc-master-cleanups
Automatic merge from submit-queue Misc master and federation cleanups - misc small cleanups - make ServerRunOption embeddings explicit in order to make the technical debt in our plumbing code visible.
This commit is contained in:
Kubernetes Submit Queue
GitHub
commit
09664dd26f
@ -24,7 +24,7 @@ import (
|
||||
// NewKubeAPIServer creates a new hyperkube Server object that includes the
|
||||
// description and flags.
|
||||
func NewKubeAPIServer() *Server {
|
||||
s := options.NewAPIServer()
|
||||
s := options.NewServerRunOptions()
|
||||
|
||||
hks := Server{
|
||||
SimpleUsage: "apiserver",
|
||||
|
||||
@ -38,7 +38,7 @@ import (
|
||||
func main() {
|
||||
rand.Seed(time.Now().UTC().UnixNano())
|
||||
|
||||
s := options.NewAPIServer()
|
||||
s := options.NewServerRunOptions()
|
||||
s.AddFlags(pflag.CommandLine)
|
||||
|
||||
flag.InitFlags()
|
||||
|
||||
@ -28,9 +28,9 @@ import (
|
||||
"github.com/spf13/pflag"
|
||||
)
|
||||
|
||||
// APIServer runs a kubernetes api server.
|
||||
type APIServer struct {
|
||||
*genericoptions.ServerRunOptions
|
||||
// ServerRunOptions runs a kubernetes api server.
|
||||
type ServerRunOptions struct {
|
||||
GenericServerRunOptions *genericoptions.ServerRunOptions
|
||||
AllowPrivileged bool
|
||||
EventTTL time.Duration
|
||||
KubeletConfig kubeletclient.KubeletClientConfig
|
||||
@ -43,10 +43,10 @@ type APIServer struct {
|
||||
WebhookTokenAuthnCacheTTL time.Duration
|
||||
}
|
||||
|
||||
// NewAPIServer creates a new APIServer object with default parameters
|
||||
func NewAPIServer() *APIServer {
|
||||
s := APIServer{
|
||||
ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
|
||||
// NewServerRunOptions creates a new ServerRunOptions object with default parameters
|
||||
func NewServerRunOptions() *ServerRunOptions {
|
||||
s := ServerRunOptions{
|
||||
GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
|
||||
EventTTL: 1 * time.Hour,
|
||||
KubeletConfig: kubeletclient.KubeletClientConfig{
|
||||
Port: ports.KubeletPort,
|
||||
@ -59,11 +59,11 @@ func NewAPIServer() *APIServer {
|
||||
}
|
||||
|
||||
// AddFlags adds flags for a specific APIServer to the specified FlagSet
|
||||
func (s *APIServer) AddFlags(fs *pflag.FlagSet) {
|
||||
func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
// Add the generic flags.
|
||||
s.ServerRunOptions.AddUniversalFlags(fs)
|
||||
s.GenericServerRunOptions.AddUniversalFlags(fs)
|
||||
//Add etcd specific flags.
|
||||
s.ServerRunOptions.AddEtcdStorageFlags(fs)
|
||||
s.GenericServerRunOptions.AddEtcdStorageFlags(fs)
|
||||
// Note: the weird ""+ in below lines seems to be the only way to get gofmt to
|
||||
// arrange these text blocks sensibly. Grrr.
|
||||
|
||||
|
||||
@ -26,9 +26,9 @@ func TestAddFlagsFlag(t *testing.T) {
|
||||
// TODO: This only tests the enable-swagger-ui flag for now.
|
||||
// Expand the test to include other flags as well.
|
||||
f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError)
|
||||
s := NewAPIServer()
|
||||
s := NewServerRunOptions()
|
||||
s.AddFlags(f)
|
||||
if s.EnableSwaggerUI {
|
||||
if s.GenericServerRunOptions.EnableSwaggerUI {
|
||||
t.Errorf("Expected s.EnableSwaggerUI to be false by default")
|
||||
}
|
||||
|
||||
@ -36,7 +36,7 @@ func TestAddFlagsFlag(t *testing.T) {
|
||||
"--enable-swagger-ui=true",
|
||||
}
|
||||
f.Parse(args)
|
||||
if !s.EnableSwaggerUI {
|
||||
if !s.GenericServerRunOptions.EnableSwaggerUI {
|
||||
t.Errorf("Expected s.EnableSwaggerUI to be true")
|
||||
}
|
||||
}
|
||||
|
||||
@ -63,7 +63,7 @@ import (
|
||||
|
||||
// NewAPIServerCommand creates a *cobra.Command object with default parameters
|
||||
func NewAPIServerCommand() *cobra.Command {
|
||||
s := options.NewAPIServer()
|
||||
s := options.NewServerRunOptions()
|
||||
s.AddFlags(pflag.CommandLine)
|
||||
cmd := &cobra.Command{
|
||||
Use: "kube-apiserver",
|
||||
@ -79,11 +79,11 @@ cluster's shared state through which all other components interact.`,
|
||||
}
|
||||
|
||||
// Run runs the specified APIServer. This should never exit.
|
||||
func Run(s *options.APIServer) error {
|
||||
genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
|
||||
genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
|
||||
func Run(s *options.ServerRunOptions) error {
|
||||
genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions)
|
||||
genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
|
||||
genericConfig := genericapiserver.NewConfig(). // create the new config
|
||||
ApplyOptions(s.ServerRunOptions). // apply the options selected
|
||||
ApplyOptions(s.GenericServerRunOptions). // apply the options selected
|
||||
Complete() // set default values based on the known values
|
||||
|
||||
if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
|
||||
@ -107,7 +107,7 @@ func Run(s *options.APIServer) error {
|
||||
if len(s.SSHUser) > 0 {
|
||||
// Get ssh key distribution func, if supported
|
||||
var installSSH genericapiserver.InstallSSHKey
|
||||
cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider, s.CloudConfigFile)
|
||||
cloud, err := cloudprovider.InitCloudProvider(s.GenericServerRunOptions.CloudProvider, s.GenericServerRunOptions.CloudConfigFile)
|
||||
if err != nil {
|
||||
glog.Fatalf("Cloud provider could not be initialized: %v", err)
|
||||
}
|
||||
@ -138,10 +138,10 @@ func Run(s *options.APIServer) error {
|
||||
// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
|
||||
proxyTLSClientConfig := &tls.Config{InsecureSkipVerify: true}
|
||||
|
||||
if s.StorageConfig.DeserializationCacheSize == 0 {
|
||||
if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 {
|
||||
// When size of cache is not explicitly set, estimate its size based on
|
||||
// target memory usage.
|
||||
glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.TargetRAMMB)
|
||||
glog.V(2).Infof("Initalizing deserialization cache size based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
|
||||
|
||||
// This is the heuristics that from memory capacity is trying to infer
|
||||
// the maximum number of nodes in the cluster and set cache sizes based
|
||||
@ -153,29 +153,29 @@ func Run(s *options.APIServer) error {
|
||||
// be used for the deserialization cache and divide it by the max object
|
||||
// size to compute its size. We may even go further and measure
|
||||
// collective sizes of the objects in the cache.
|
||||
clusterSize := s.TargetRAMMB / 60
|
||||
s.StorageConfig.DeserializationCacheSize = 25 * clusterSize
|
||||
if s.StorageConfig.DeserializationCacheSize < 1000 {
|
||||
s.StorageConfig.DeserializationCacheSize = 1000
|
||||
clusterSize := s.GenericServerRunOptions.TargetRAMMB / 60
|
||||
s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 25 * clusterSize
|
||||
if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize < 1000 {
|
||||
s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 1000
|
||||
}
|
||||
}
|
||||
|
||||
storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion()
|
||||
storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion()
|
||||
if err != nil {
|
||||
glog.Fatalf("error generating storage version map: %s", err)
|
||||
}
|
||||
storageFactory, err := genericapiserver.BuildDefaultStorageFactory(
|
||||
s.StorageConfig, s.DefaultStorageMediaType, api.Codecs,
|
||||
s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
||||
genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion,
|
||||
// FIXME: this GroupVersionResource override should be configurable
|
||||
[]unversioned.GroupVersionResource{batch.Resource("scheduledjobs").WithVersion("v2alpha1")},
|
||||
master.DefaultAPIResourceConfigSource(), s.RuntimeConfig)
|
||||
master.DefaultAPIResourceConfigSource(), s.GenericServerRunOptions.RuntimeConfig)
|
||||
if err != nil {
|
||||
glog.Fatalf("error in initializing storage factory: %s", err)
|
||||
}
|
||||
storageFactory.AddCohabitatingResources(batch.Resource("jobs"), extensions.Resource("jobs"))
|
||||
storageFactory.AddCohabitatingResources(autoscaling.Resource("horizontalpodautoscalers"), extensions.Resource("horizontalpodautoscalers"))
|
||||
for _, override := range s.EtcdServersOverrides {
|
||||
for _, override := range s.GenericServerRunOptions.EtcdServersOverrides {
|
||||
tokens := strings.Split(override, "#")
|
||||
if len(tokens) != 2 {
|
||||
glog.Errorf("invalid value of etcd server overrides: %s", override)
|
||||
@ -196,9 +196,9 @@ func Run(s *options.APIServer) error {
|
||||
}
|
||||
|
||||
// Default to the private server key for service account token signing
|
||||
if len(s.ServiceAccountKeyFiles) == 0 && s.TLSPrivateKeyFile != "" {
|
||||
if authenticator.IsValidServiceAccountKeyFile(s.TLSPrivateKeyFile) {
|
||||
s.ServiceAccountKeyFiles = []string{s.TLSPrivateKeyFile}
|
||||
if len(s.ServiceAccountKeyFiles) == 0 && s.GenericServerRunOptions.TLSPrivateKeyFile != "" {
|
||||
if authenticator.IsValidServiceAccountKeyFile(s.GenericServerRunOptions.TLSPrivateKeyFile) {
|
||||
s.ServiceAccountKeyFiles = []string{s.GenericServerRunOptions.TLSPrivateKeyFile}
|
||||
} else {
|
||||
glog.Warning("No TLS key provided, service account token authentication disabled")
|
||||
}
|
||||
@ -216,23 +216,23 @@ func Run(s *options.APIServer) error {
|
||||
}
|
||||
|
||||
apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
|
||||
Anonymous: s.AnonymousAuth,
|
||||
AnyToken: s.EnableAnyToken,
|
||||
BasicAuthFile: s.BasicAuthFile,
|
||||
ClientCAFile: s.ClientCAFile,
|
||||
TokenAuthFile: s.TokenAuthFile,
|
||||
OIDCIssuerURL: s.OIDCIssuerURL,
|
||||
OIDCClientID: s.OIDCClientID,
|
||||
OIDCCAFile: s.OIDCCAFile,
|
||||
OIDCUsernameClaim: s.OIDCUsernameClaim,
|
||||
OIDCGroupsClaim: s.OIDCGroupsClaim,
|
||||
Anonymous: s.GenericServerRunOptions.AnonymousAuth,
|
||||
AnyToken: s.GenericServerRunOptions.EnableAnyToken,
|
||||
BasicAuthFile: s.GenericServerRunOptions.BasicAuthFile,
|
||||
ClientCAFile: s.GenericServerRunOptions.ClientCAFile,
|
||||
TokenAuthFile: s.GenericServerRunOptions.TokenAuthFile,
|
||||
OIDCIssuerURL: s.GenericServerRunOptions.OIDCIssuerURL,
|
||||
OIDCClientID: s.GenericServerRunOptions.OIDCClientID,
|
||||
OIDCCAFile: s.GenericServerRunOptions.OIDCCAFile,
|
||||
OIDCUsernameClaim: s.GenericServerRunOptions.OIDCUsernameClaim,
|
||||
OIDCGroupsClaim: s.GenericServerRunOptions.OIDCGroupsClaim,
|
||||
ServiceAccountKeyFiles: s.ServiceAccountKeyFiles,
|
||||
ServiceAccountLookup: s.ServiceAccountLookup,
|
||||
ServiceAccountTokenGetter: serviceAccountGetter,
|
||||
KeystoneURL: s.KeystoneURL,
|
||||
KeystoneURL: s.GenericServerRunOptions.KeystoneURL,
|
||||
WebhookTokenAuthnConfigFile: s.WebhookTokenAuthnConfigFile,
|
||||
WebhookTokenAuthnCacheTTL: s.WebhookTokenAuthnCacheTTL,
|
||||
RequestHeaderConfig: s.AuthenticationRequestHeaderConfig(),
|
||||
RequestHeaderConfig: s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(),
|
||||
})
|
||||
|
||||
if err != nil {
|
||||
@ -240,31 +240,31 @@ func Run(s *options.APIServer) error {
|
||||
}
|
||||
|
||||
privilegedLoopbackToken := uuid.NewRandom().String()
|
||||
selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken)
|
||||
selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken)
|
||||
if err != nil {
|
||||
glog.Fatalf("Failed to create clientset: %v", err)
|
||||
}
|
||||
client, err := s.NewSelfClient(privilegedLoopbackToken)
|
||||
client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken)
|
||||
if err != nil {
|
||||
glog.Errorf("Failed to create clientset: %v", err)
|
||||
}
|
||||
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
|
||||
|
||||
authorizationConfig := authorizer.AuthorizationConfig{
|
||||
PolicyFile: s.AuthorizationPolicyFile,
|
||||
WebhookConfigFile: s.AuthorizationWebhookConfigFile,
|
||||
WebhookCacheAuthorizedTTL: s.AuthorizationWebhookCacheAuthorizedTTL,
|
||||
WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL,
|
||||
RBACSuperUser: s.AuthorizationRBACSuperUser,
|
||||
PolicyFile: s.GenericServerRunOptions.AuthorizationPolicyFile,
|
||||
WebhookConfigFile: s.GenericServerRunOptions.AuthorizationWebhookConfigFile,
|
||||
WebhookCacheAuthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL,
|
||||
WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL,
|
||||
RBACSuperUser: s.GenericServerRunOptions.AuthorizationRBACSuperUser,
|
||||
InformerFactory: sharedInformers,
|
||||
}
|
||||
authorizationModeNames := strings.Split(s.AuthorizationMode, ",")
|
||||
authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",")
|
||||
apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig)
|
||||
if err != nil {
|
||||
glog.Fatalf("Invalid Authorization Config: %v", err)
|
||||
}
|
||||
|
||||
admissionControlPluginNames := strings.Split(s.AdmissionControl, ",")
|
||||
admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",")
|
||||
|
||||
// TODO(dims): We probably need to add an option "EnableLoopbackToken"
|
||||
if apiAuthenticator != nil {
|
||||
@ -285,7 +285,7 @@ func Run(s *options.APIServer) error {
|
||||
|
||||
pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer)
|
||||
|
||||
admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer)
|
||||
admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer)
|
||||
if err != nil {
|
||||
glog.Fatalf("Failed to initialize plugins: %v", err)
|
||||
}
|
||||
@ -299,12 +299,9 @@ func Run(s *options.APIServer) error {
|
||||
genericConfig.Version = &kubeVersion
|
||||
genericConfig.LoopbackClientConfig = selfClientConfig
|
||||
genericConfig.Authenticator = apiAuthenticator
|
||||
genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
|
||||
genericConfig.Authorizer = apiAuthorizer
|
||||
genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser
|
||||
genericConfig.AdmissionControl = admissionController
|
||||
genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource
|
||||
genericConfig.MasterServiceNamespace = s.MasterServiceNamespace
|
||||
genericConfig.OpenAPIConfig.Info.Title = "Kubernetes"
|
||||
genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions
|
||||
genericConfig.EnableOpenAPISupport = true
|
||||
@ -314,9 +311,9 @@ func Run(s *options.APIServer) error {
|
||||
GenericConfig: genericConfig.Config,
|
||||
|
||||
StorageFactory: storageFactory,
|
||||
EnableWatchCache: s.EnableWatchCache,
|
||||
EnableWatchCache: s.GenericServerRunOptions.EnableWatchCache,
|
||||
EnableCoreControllers: true,
|
||||
DeleteCollectionWorkers: s.DeleteCollectionWorkers,
|
||||
DeleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
|
||||
EventTTL: s.EventTTL,
|
||||
KubeletClientConfig: s.KubeletConfig,
|
||||
EnableUISupport: true,
|
||||
@ -326,10 +323,10 @@ func Run(s *options.APIServer) error {
|
||||
Tunneler: tunneler,
|
||||
}
|
||||
|
||||
if s.EnableWatchCache {
|
||||
glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.TargetRAMMB)
|
||||
cachesize.InitializeWatchCacheSizes(s.TargetRAMMB)
|
||||
cachesize.SetWatchCacheSizes(s.WatchCacheSizes)
|
||||
if s.GenericServerRunOptions.EnableWatchCache {
|
||||
glog.V(2).Infof("Initalizing cache sizes based on %dMB limit", s.GenericServerRunOptions.TargetRAMMB)
|
||||
cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB)
|
||||
cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes)
|
||||
}
|
||||
|
||||
m, err := config.Complete().New()
|
||||
|
||||
@ -24,7 +24,7 @@ import (
|
||||
)
|
||||
|
||||
func TestLongRunningRequestRegexp(t *testing.T) {
|
||||
regexp := regexp.MustCompile(options.NewAPIServer().LongRunningRequestRE)
|
||||
regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE)
|
||||
dontMatch := []string{
|
||||
"/api/v1/watch-namespace/",
|
||||
"/api/v1/namespace-proxy/",
|
||||
|
||||
@ -27,14 +27,14 @@ import (
|
||||
|
||||
// Runtime options for the federation-apiserver.
|
||||
type ServerRunOptions struct {
|
||||
*genericoptions.ServerRunOptions
|
||||
GenericServerRunOptions *genericoptions.ServerRunOptions
|
||||
EventTTL time.Duration
|
||||
}
|
||||
|
||||
// NewServerRunOptions creates a new ServerRunOptions object with default values.
|
||||
func NewServerRunOptions() *ServerRunOptions {
|
||||
s := ServerRunOptions{
|
||||
ServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
|
||||
GenericServerRunOptions: genericoptions.NewServerRunOptions().WithEtcdOptions(),
|
||||
EventTTL: 1 * time.Hour,
|
||||
}
|
||||
return &s
|
||||
@ -43,9 +43,9 @@ func NewServerRunOptions() *ServerRunOptions {
|
||||
// AddFlags adds flags for ServerRunOptions fields to be specified via FlagSet.
|
||||
func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
// Add the generic flags.
|
||||
s.ServerRunOptions.AddUniversalFlags(fs)
|
||||
s.GenericServerRunOptions.AddUniversalFlags(fs)
|
||||
//Add etcd specific flags.
|
||||
s.ServerRunOptions.AddEtcdStorageFlags(fs)
|
||||
s.GenericServerRunOptions.AddEtcdStorageFlags(fs)
|
||||
|
||||
fs.DurationVar(&s.EventTTL, "event-ttl", s.EventTTL,
|
||||
"Amount of time to retain events. Default is 1h.")
|
||||
|
||||
@ -67,10 +67,10 @@ cluster's shared state through which all other components interact.`,
|
||||
|
||||
// Run runs the specified APIServer. This should never exit.
|
||||
func Run(s *options.ServerRunOptions) error {
|
||||
genericvalidation.VerifyEtcdServersList(s.ServerRunOptions)
|
||||
genericapiserver.DefaultAndValidateRunOptions(s.ServerRunOptions)
|
||||
genericvalidation.VerifyEtcdServersList(s.GenericServerRunOptions)
|
||||
genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
|
||||
genericConfig := genericapiserver.NewConfig(). // create the new config
|
||||
ApplyOptions(s.ServerRunOptions). // apply the options selected
|
||||
ApplyOptions(s.GenericServerRunOptions). // apply the options selected
|
||||
Complete() // set default values based on the known values
|
||||
|
||||
if err := genericConfig.MaybeGenerateServingCerts(); err != nil {
|
||||
@ -80,23 +80,23 @@ func Run(s *options.ServerRunOptions) error {
|
||||
// TODO: register cluster federation resources here.
|
||||
resourceConfig := genericapiserver.NewResourceConfig()
|
||||
|
||||
if s.StorageConfig.DeserializationCacheSize == 0 {
|
||||
if s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize == 0 {
|
||||
// When size of cache is not explicitly set, set it to 50000
|
||||
s.StorageConfig.DeserializationCacheSize = 50000
|
||||
s.GenericServerRunOptions.StorageConfig.DeserializationCacheSize = 50000
|
||||
}
|
||||
storageGroupsToEncodingVersion, err := s.StorageGroupsToEncodingVersion()
|
||||
storageGroupsToEncodingVersion, err := s.GenericServerRunOptions.StorageGroupsToEncodingVersion()
|
||||
if err != nil {
|
||||
glog.Fatalf("error generating storage version map: %s", err)
|
||||
}
|
||||
storageFactory, err := genericapiserver.BuildDefaultStorageFactory(
|
||||
s.StorageConfig, s.DefaultStorageMediaType, api.Codecs,
|
||||
s.GenericServerRunOptions.StorageConfig, s.GenericServerRunOptions.DefaultStorageMediaType, api.Codecs,
|
||||
genericapiserver.NewDefaultResourceEncodingConfig(), storageGroupsToEncodingVersion,
|
||||
[]unversioned.GroupVersionResource{}, resourceConfig, s.RuntimeConfig)
|
||||
[]unversioned.GroupVersionResource{}, resourceConfig, s.GenericServerRunOptions.RuntimeConfig)
|
||||
if err != nil {
|
||||
glog.Fatalf("error in initializing storage factory: %s", err)
|
||||
}
|
||||
|
||||
for _, override := range s.EtcdServersOverrides {
|
||||
for _, override := range s.GenericServerRunOptions.EtcdServersOverrides {
|
||||
tokens := strings.Split(override, "#")
|
||||
if len(tokens) != 2 {
|
||||
glog.Errorf("invalid value of etcd server overrides: %s", override)
|
||||
@ -117,49 +117,49 @@ func Run(s *options.ServerRunOptions) error {
|
||||
}
|
||||
|
||||
apiAuthenticator, securityDefinitions, err := authenticator.New(authenticator.AuthenticatorConfig{
|
||||
Anonymous: s.AnonymousAuth,
|
||||
AnyToken: s.EnableAnyToken,
|
||||
BasicAuthFile: s.BasicAuthFile,
|
||||
ClientCAFile: s.ClientCAFile,
|
||||
TokenAuthFile: s.TokenAuthFile,
|
||||
OIDCIssuerURL: s.OIDCIssuerURL,
|
||||
OIDCClientID: s.OIDCClientID,
|
||||
OIDCCAFile: s.OIDCCAFile,
|
||||
OIDCUsernameClaim: s.OIDCUsernameClaim,
|
||||
OIDCGroupsClaim: s.OIDCGroupsClaim,
|
||||
KeystoneURL: s.KeystoneURL,
|
||||
RequestHeaderConfig: s.AuthenticationRequestHeaderConfig(),
|
||||
Anonymous: s.GenericServerRunOptions.AnonymousAuth,
|
||||
AnyToken: s.GenericServerRunOptions.EnableAnyToken,
|
||||
BasicAuthFile: s.GenericServerRunOptions.BasicAuthFile,
|
||||
ClientCAFile: s.GenericServerRunOptions.ClientCAFile,
|
||||
TokenAuthFile: s.GenericServerRunOptions.TokenAuthFile,
|
||||
OIDCIssuerURL: s.GenericServerRunOptions.OIDCIssuerURL,
|
||||
OIDCClientID: s.GenericServerRunOptions.OIDCClientID,
|
||||
OIDCCAFile: s.GenericServerRunOptions.OIDCCAFile,
|
||||
OIDCUsernameClaim: s.GenericServerRunOptions.OIDCUsernameClaim,
|
||||
OIDCGroupsClaim: s.GenericServerRunOptions.OIDCGroupsClaim,
|
||||
KeystoneURL: s.GenericServerRunOptions.KeystoneURL,
|
||||
RequestHeaderConfig: s.GenericServerRunOptions.AuthenticationRequestHeaderConfig(),
|
||||
})
|
||||
if err != nil {
|
||||
glog.Fatalf("Invalid Authentication Config: %v", err)
|
||||
}
|
||||
|
||||
privilegedLoopbackToken := uuid.NewRandom().String()
|
||||
selfClientConfig, err := s.NewSelfClientConfig(privilegedLoopbackToken)
|
||||
selfClientConfig, err := s.GenericServerRunOptions.NewSelfClientConfig(privilegedLoopbackToken)
|
||||
if err != nil {
|
||||
glog.Fatalf("Failed to create clientset: %v", err)
|
||||
}
|
||||
client, err := s.NewSelfClient(privilegedLoopbackToken)
|
||||
client, err := s.GenericServerRunOptions.NewSelfClient(privilegedLoopbackToken)
|
||||
if err != nil {
|
||||
glog.Errorf("Failed to create clientset: %v", err)
|
||||
}
|
||||
sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute)
|
||||
|
||||
authorizationConfig := authorizer.AuthorizationConfig{
|
||||
PolicyFile: s.AuthorizationPolicyFile,
|
||||
WebhookConfigFile: s.AuthorizationWebhookConfigFile,
|
||||
WebhookCacheAuthorizedTTL: s.AuthorizationWebhookCacheAuthorizedTTL,
|
||||
WebhookCacheUnauthorizedTTL: s.AuthorizationWebhookCacheUnauthorizedTTL,
|
||||
RBACSuperUser: s.AuthorizationRBACSuperUser,
|
||||
PolicyFile: s.GenericServerRunOptions.AuthorizationPolicyFile,
|
||||
WebhookConfigFile: s.GenericServerRunOptions.AuthorizationWebhookConfigFile,
|
||||
WebhookCacheAuthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheAuthorizedTTL,
|
||||
WebhookCacheUnauthorizedTTL: s.GenericServerRunOptions.AuthorizationWebhookCacheUnauthorizedTTL,
|
||||
RBACSuperUser: s.GenericServerRunOptions.AuthorizationRBACSuperUser,
|
||||
InformerFactory: sharedInformers,
|
||||
}
|
||||
authorizationModeNames := strings.Split(s.AuthorizationMode, ",")
|
||||
authorizationModeNames := strings.Split(s.GenericServerRunOptions.AuthorizationMode, ",")
|
||||
apiAuthorizer, err := authorizer.NewAuthorizerFromAuthorizationConfig(authorizationModeNames, authorizationConfig)
|
||||
if err != nil {
|
||||
glog.Fatalf("Invalid Authorization Config: %v", err)
|
||||
}
|
||||
|
||||
admissionControlPluginNames := strings.Split(s.AdmissionControl, ",")
|
||||
admissionControlPluginNames := strings.Split(s.GenericServerRunOptions.AdmissionControl, ",")
|
||||
|
||||
// TODO(dims): We probably need to add an option "EnableLoopbackToken"
|
||||
if apiAuthenticator != nil {
|
||||
@ -180,7 +180,7 @@ func Run(s *options.ServerRunOptions) error {
|
||||
|
||||
pluginInitializer := admission.NewPluginInitializer(sharedInformers, apiAuthorizer)
|
||||
|
||||
admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.AdmissionControlConfigFile, pluginInitializer)
|
||||
admissionController, err := admission.NewFromPlugins(client, admissionControlPluginNames, s.GenericServerRunOptions.AdmissionControlConfigFile, pluginInitializer)
|
||||
if err != nil {
|
||||
glog.Fatalf("Failed to initialize plugins: %v", err)
|
||||
}
|
||||
@ -189,20 +189,17 @@ func Run(s *options.ServerRunOptions) error {
|
||||
genericConfig.Version = &kubeVersion
|
||||
genericConfig.LoopbackClientConfig = selfClientConfig
|
||||
genericConfig.Authenticator = apiAuthenticator
|
||||
genericConfig.SupportsBasicAuth = len(s.BasicAuthFile) > 0
|
||||
genericConfig.Authorizer = apiAuthorizer
|
||||
genericConfig.AuthorizerRBACSuperUser = s.AuthorizationRBACSuperUser
|
||||
genericConfig.AdmissionControl = admissionController
|
||||
genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource
|
||||
genericConfig.MasterServiceNamespace = s.MasterServiceNamespace
|
||||
genericConfig.OpenAPIConfig.Definitions = openapi.OpenAPIDefinitions
|
||||
genericConfig.EnableOpenAPISupport = true
|
||||
genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions
|
||||
|
||||
// TODO: Move this to generic api server (Need to move the command line flag).
|
||||
if s.EnableWatchCache {
|
||||
cachesize.InitializeWatchCacheSizes(s.TargetRAMMB)
|
||||
cachesize.SetWatchCacheSizes(s.WatchCacheSizes)
|
||||
if s.GenericServerRunOptions.EnableWatchCache {
|
||||
cachesize.InitializeWatchCacheSizes(s.GenericServerRunOptions.TargetRAMMB)
|
||||
cachesize.SetWatchCacheSizes(s.GenericServerRunOptions.WatchCacheSizes)
|
||||
}
|
||||
|
||||
m, err := genericConfig.New()
|
||||
@ -215,9 +212,9 @@ func Run(s *options.ServerRunOptions) error {
|
||||
|
||||
restOptionsFactory := restOptionsFactory{
|
||||
storageFactory: storageFactory,
|
||||
deleteCollectionWorkers: s.DeleteCollectionWorkers,
|
||||
deleteCollectionWorkers: s.GenericServerRunOptions.DeleteCollectionWorkers,
|
||||
}
|
||||
if s.EnableWatchCache {
|
||||
if s.GenericServerRunOptions.EnableWatchCache {
|
||||
restOptionsFactory.storageDecorator = registry.StorageWithCacher
|
||||
} else {
|
||||
restOptionsFactory.storageDecorator = generic.UndecoratedStorage
|
||||
|
||||
@ -84,14 +84,12 @@ type Config struct {
|
||||
EnableGarbageCollection bool
|
||||
|
||||
Version *version.Info
|
||||
APIGroupPrefix string
|
||||
CorsAllowedOriginList []string
|
||||
Authenticator authenticator.Request
|
||||
// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
|
||||
SupportsBasicAuth bool
|
||||
Authorizer authorizer.Authorizer
|
||||
AdmissionControl admission.Interface
|
||||
MasterServiceNamespace string
|
||||
// TODO(ericchiang): Determine if policy escalation checks should be an admission controller.
|
||||
AuthorizerRBACSuperUser string
|
||||
|
||||
@ -275,6 +273,7 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
|
||||
c.InsecureServingInfo = insecureServingInfo
|
||||
}
|
||||
|
||||
c.AuthorizerRBACSuperUser = options.AuthorizationRBACSuperUser
|
||||
c.CorsAllowedOriginList = options.CorsAllowedOriginList
|
||||
c.EnableGarbageCollection = options.EnableGarbageCollection
|
||||
c.EnableProfiling = options.EnableProfiling
|
||||
@ -282,11 +281,12 @@ func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
|
||||
c.ExternalHost = options.ExternalHost
|
||||
c.KubernetesServiceNodePort = options.KubernetesServiceNodePort
|
||||
c.MasterCount = options.MasterCount
|
||||
c.MaxRequestsInFlight = options.MaxRequestsInFlight
|
||||
c.MinRequestTimeout = options.MinRequestTimeout
|
||||
c.PublicAddress = options.AdvertiseAddress
|
||||
c.ServiceClusterIPRange = &options.ServiceClusterIPRange
|
||||
c.ServiceNodePortRange = options.ServiceNodePortRange
|
||||
c.MaxRequestsInFlight = options.MaxRequestsInFlight
|
||||
c.SupportsBasicAuth = len(options.BasicAuthFile) > 0
|
||||
|
||||
return c
|
||||
}
|
||||
|
||||
@ -393,7 +393,7 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
|
||||
"The number of apiservers running in the cluster.")
|
||||
|
||||
fs.StringVar(&s.MasterServiceNamespace, "master-service-namespace", s.MasterServiceNamespace, ""+
|
||||
"The namespace from which the kubernetes master services should be injected into pods.")
|
||||
"DEPRECATED: the namespace from which the kubernetes master services should be injected into pods.")
|
||||
|
||||
fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", s.MaxRequestsInFlight, ""+
|
||||
"The maximum number of requests in flight at a given time. When the server exceeds this, "+
|
||||
|
||||
@ -40,13 +40,13 @@ func NewAPIServer() *APIServer {
|
||||
|
||||
// Start starts the apiserver, returns when apiserver is ready.
|
||||
func (a *APIServer) Start() error {
|
||||
config := options.NewAPIServer()
|
||||
config.StorageConfig.ServerList = []string{getEtcdClientURL()}
|
||||
config := options.NewServerRunOptions()
|
||||
config.GenericServerRunOptions.StorageConfig.ServerList = []string{getEtcdClientURL()}
|
||||
_, ipnet, err := net.ParseCIDR(clusterIPRange)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
config.ServiceClusterIPRange = *ipnet
|
||||
config.GenericServerRunOptions.ServiceClusterIPRange = *ipnet
|
||||
config.AllowPrivileged = true
|
||||
errCh := make(chan error)
|
||||
go func() {
|
||||
|
||||
@ -37,7 +37,7 @@ import (
|
||||
)
|
||||
|
||||
func TestLongRunningRequestRegexp(t *testing.T) {
|
||||
regexp := regexp.MustCompile(options.NewServerRunOptions().LongRunningRequestRE)
|
||||
regexp := regexp.MustCompile(options.NewServerRunOptions().GenericServerRunOptions.LongRunningRequestRE)
|
||||
dontMatch := []string{
|
||||
"/api/v1/watch-namespace/",
|
||||
"/api/v1/namespace-proxy/",
|
||||
@ -86,10 +86,10 @@ var groupVersions = []unversioned.GroupVersion{
|
||||
|
||||
func TestRun(t *testing.T) {
|
||||
s := options.NewServerRunOptions()
|
||||
s.InsecurePort = insecurePort
|
||||
s.GenericServerRunOptions.InsecurePort = insecurePort
|
||||
_, ipNet, _ := net.ParseCIDR("10.10.10.0/24")
|
||||
s.ServiceClusterIPRange = *ipNet
|
||||
s.StorageConfig.ServerList = []string{"http://localhost:2379"}
|
||||
s.GenericServerRunOptions.ServiceClusterIPRange = *ipNet
|
||||
s.GenericServerRunOptions.StorageConfig.ServerList = []string{"http://localhost:2379"}
|
||||
go func() {
|
||||
if err := app.Run(s); err != nil {
|
||||
t.Fatalf("Error in bringing up the server: %v", err)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user