Support service port other than 443 for kube-aggregator
This commit is contained in:
		| @@ -607,6 +607,8 @@ staging/src/k8s.io/code-generator/cmd/lister-gen/generators | ||||
| staging/src/k8s.io/component-base/cli/flag | ||||
| staging/src/k8s.io/component-base/config/v1alpha1 | ||||
| staging/src/k8s.io/cri-api/pkg/apis/testing | ||||
| staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 | ||||
| staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 | ||||
| staging/src/k8s.io/kube-aggregator/pkg/controllers/autoregister | ||||
| staging/src/k8s.io/kube-proxy/config/v1alpha1 | ||||
| staging/src/k8s.io/kubelet/config/v1beta1 | ||||
|   | ||||
| @@ -34,6 +34,11 @@ type ServiceReference struct { | ||||
| 	Namespace string | ||||
| 	// Name is the name of the service | ||||
| 	Name string | ||||
| 	// If specified, the port on the service that hosting the service. | ||||
| 	// Default to 443 for backward compatibility. | ||||
| 	// `Port` should be a valid port number (1-65535, inclusive). | ||||
| 	// +optional | ||||
| 	Port int32 | ||||
| } | ||||
|  | ||||
| // APIServiceSpec contains information for locating and communicating with a server. | ||||
|   | ||||
| @@ -0,0 +1,33 @@ | ||||
| /* | ||||
| Copyright 2019 The Kubernetes Authors. | ||||
|  | ||||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| you may not use this file except in compliance with the License. | ||||
| You may obtain a copy of the License at | ||||
|  | ||||
|     http://www.apache.org/licenses/LICENSE-2.0 | ||||
|  | ||||
| Unless required by applicable law or agreed to in writing, software | ||||
| distributed under the License is distributed on an "AS IS" BASIS, | ||||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| See the License for the specific language governing permissions and | ||||
| limitations under the License. | ||||
| */ | ||||
|  | ||||
| package v1 | ||||
|  | ||||
| import ( | ||||
| 	"k8s.io/apimachinery/pkg/runtime" | ||||
| 	utilpointer "k8s.io/utils/pointer" | ||||
| ) | ||||
|  | ||||
| func addDefaultingFuncs(scheme *runtime.Scheme) error { | ||||
| 	return RegisterDefaults(scheme) | ||||
| } | ||||
|  | ||||
| // SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference | ||||
| func SetDefaults_ServiceReference(obj *ServiceReference) { | ||||
| 	if obj.Port == nil { | ||||
| 		obj.Port = utilpointer.Int32Ptr(443) | ||||
| 	} | ||||
| } | ||||
| @@ -19,6 +19,7 @@ limitations under the License. | ||||
| // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration | ||||
| // +k8s:openapi-gen=true | ||||
| // +groupName=apiregistration.k8s.io | ||||
| // +k8s:defaulter-gen=TypeMeta | ||||
|  | ||||
| // Package v1 contains the API Registration API, which is responsible for | ||||
| // registering an API `Group`/`Version` with another kubernetes like API server. | ||||
|   | ||||
| @@ -47,7 +47,7 @@ func init() { | ||||
| 	// We only register manually written functions here. The registration of the | ||||
| 	// generated functions takes place in the generated files. The separation | ||||
| 	// makes the code compile even when the generated files are missing. | ||||
| 	localSchemeBuilder.Register(addKnownTypes) | ||||
| 	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) | ||||
| } | ||||
|  | ||||
| // Adds the list of known types to the given scheme. | ||||
|   | ||||
| @@ -34,6 +34,11 @@ type ServiceReference struct { | ||||
| 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` | ||||
| 	// Name is the name of the service | ||||
| 	Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` | ||||
| 	// If specified, the port on the service that hosting webhook. | ||||
| 	// Default to 443 for backward compatibility. | ||||
| 	// `Port` should be a valid port number (1-65535, inclusive). | ||||
| 	// +optional | ||||
| 	Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"` | ||||
| } | ||||
|  | ||||
| // APIServiceSpec contains information for locating and communicating with a server. | ||||
|   | ||||
| @@ -0,0 +1,33 @@ | ||||
| /* | ||||
| Copyright 2019 The Kubernetes Authors. | ||||
|  | ||||
| Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| you may not use this file except in compliance with the License. | ||||
| You may obtain a copy of the License at | ||||
|  | ||||
|     http://www.apache.org/licenses/LICENSE-2.0 | ||||
|  | ||||
| Unless required by applicable law or agreed to in writing, software | ||||
| distributed under the License is distributed on an "AS IS" BASIS, | ||||
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| See the License for the specific language governing permissions and | ||||
| limitations under the License. | ||||
| */ | ||||
|  | ||||
| package v1beta1 | ||||
|  | ||||
| import ( | ||||
| 	"k8s.io/apimachinery/pkg/runtime" | ||||
| 	utilpointer "k8s.io/utils/pointer" | ||||
| ) | ||||
|  | ||||
| func addDefaultingFuncs(scheme *runtime.Scheme) error { | ||||
| 	return RegisterDefaults(scheme) | ||||
| } | ||||
|  | ||||
| // SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference | ||||
| func SetDefaults_ServiceReference(obj *ServiceReference) { | ||||
| 	if obj.Port == nil { | ||||
| 		obj.Port = utilpointer.Int32Ptr(443) | ||||
| 	} | ||||
| } | ||||
| @@ -19,6 +19,7 @@ limitations under the License. | ||||
| // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration | ||||
| // +k8s:openapi-gen=true | ||||
| // +groupName=apiregistration.k8s.io | ||||
| // +k8s:defaulter-gen=TypeMeta | ||||
|  | ||||
| // Package v1beta1 contains the API Registration API, which is responsible for | ||||
| // registering an API `Group`/`Version` with another kubernetes like API server. | ||||
|   | ||||
| @@ -47,7 +47,7 @@ func init() { | ||||
| 	// We only register manually written functions here. The registration of the | ||||
| 	// generated functions takes place in the generated files. The separation | ||||
| 	// makes the code compile even when the generated files are missing. | ||||
| 	localSchemeBuilder.Register(addKnownTypes) | ||||
| 	localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) | ||||
| } | ||||
|  | ||||
| // Adds the list of known types to the given scheme. | ||||
|   | ||||
| @@ -34,6 +34,11 @@ type ServiceReference struct { | ||||
| 	Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` | ||||
| 	// Name is the name of the service | ||||
| 	Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` | ||||
| 	// If specified, the port on the service that hosting webhook. | ||||
| 	// Default to 443 for backward compatibility. | ||||
| 	// `Port` should be a valid port number (1-65535, inclusive). | ||||
| 	// +optional | ||||
| 	Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"` | ||||
| } | ||||
|  | ||||
| // APIServiceSpec contains information for locating and communicating with a server. | ||||
|   | ||||
| @@ -18,6 +18,7 @@ package validation | ||||
|  | ||||
| import ( | ||||
| 	"fmt" | ||||
| 	"strings" | ||||
|  | ||||
| 	"k8s.io/apimachinery/pkg/api/validation" | ||||
| 	"k8s.io/apimachinery/pkg/api/validation/path" | ||||
| @@ -82,6 +83,9 @@ func ValidateAPIService(apiService *apiregistration.APIService) field.ErrorList | ||||
| 	if len(apiService.Spec.Service.Name) == 0 { | ||||
| 		allErrs = append(allErrs, field.Required(field.NewPath("spec", "service", "name"), "")) | ||||
| 	} | ||||
| 	if errs := utilvalidation.IsValidPortNum(int(apiService.Spec.Service.Port)); errs != nil { | ||||
| 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "service", "port"), apiService.Spec.Service.Port, "port is not valid: "+strings.Join(errs, ", "))) | ||||
| 	} | ||||
| 	if apiService.Spec.InsecureSkipTLSVerify && len(apiService.Spec.CABundle) > 0 { | ||||
| 		allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "insecureSkipTLSVerify"), apiService.Spec.InsecureSkipTLSVerify, "may not be true if caBundle is present")) | ||||
| 	} | ||||
|   | ||||
| @@ -78,6 +78,8 @@ type proxyHandlingInfo struct { | ||||
| 	serviceNamespace string | ||||
| 	// serviceAvailable indicates this APIService is available or not | ||||
| 	serviceAvailable bool | ||||
| 	// servicePort is the port of the service this handler proxies to | ||||
| 	servicePort int32 | ||||
| } | ||||
|  | ||||
| func proxyError(w http.ResponseWriter, req *http.Request, error string, code int) { | ||||
| @@ -128,7 +130,7 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { | ||||
| 	// write a new location based on the existing request pointed at the target service | ||||
| 	location := &url.URL{} | ||||
| 	location.Scheme = "https" | ||||
| 	rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, 443) | ||||
| 	rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, handlingInfo.servicePort) | ||||
| 	if err != nil { | ||||
| 		klog.Errorf("error resolving %s/%s: %v", handlingInfo.serviceNamespace, handlingInfo.serviceName, err) | ||||
| 		proxyError(w, req, "service unavailable", http.StatusServiceUnavailable) | ||||
| @@ -226,6 +228,7 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationapi.APIServic | ||||
| 		}, | ||||
| 		serviceName:      apiService.Spec.Service.Name, | ||||
| 		serviceNamespace: apiService.Spec.Service.Namespace, | ||||
| 		servicePort:      apiService.Spec.Service.Port, | ||||
| 		serviceAvailable: apiregistrationapi.IsAPIServiceConditionTrue(apiService, apiregistrationapi.Available), | ||||
| 	} | ||||
| 	if r.proxyTransport != nil && r.proxyTransport.DialContext != nil { | ||||
|   | ||||
| @@ -172,7 +172,7 @@ func TestProxyHandler(t *testing.T) { | ||||
| 			apiService: &apiregistration.APIService{ | ||||
| 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, | ||||
| 				Spec: apiregistration.APIServiceSpec{ | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, | ||||
| 					Group:    "foo", | ||||
| 					Version:  "v1", | ||||
| 					CABundle: testCACrt, | ||||
| @@ -204,7 +204,7 @@ func TestProxyHandler(t *testing.T) { | ||||
| 			apiService: &apiregistration.APIService{ | ||||
| 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, | ||||
| 				Spec: apiregistration.APIServiceSpec{ | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, | ||||
| 					Group:    "foo", | ||||
| 					Version:  "v1", | ||||
| 					CABundle: testCACrt, | ||||
| @@ -227,7 +227,7 @@ func TestProxyHandler(t *testing.T) { | ||||
| 			apiService: &apiregistration.APIService{ | ||||
| 				ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, | ||||
| 				Spec: apiregistration.APIServiceSpec{ | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns"}, | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns", Port: 443}, | ||||
| 					Group:    "foo", | ||||
| 					Version:  "v1", | ||||
| 					CABundle: testCACrt, | ||||
| @@ -336,7 +336,7 @@ func TestProxyUpgrade(t *testing.T) { | ||||
| 					CABundle: testCACrt, | ||||
| 					Group:    "mygroup", | ||||
| 					Version:  "v1", | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, | ||||
| 				}, | ||||
| 				Status: apiregistration.APIServiceStatus{ | ||||
| 					Conditions: []apiregistration.APIServiceCondition{ | ||||
| @@ -353,7 +353,7 @@ func TestProxyUpgrade(t *testing.T) { | ||||
| 					InsecureSkipTLSVerify: true, | ||||
| 					Group:                 "mygroup", | ||||
| 					Version:               "v1", | ||||
| 					Service:               &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"}, | ||||
| 					Service:               &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443}, | ||||
| 				}, | ||||
| 				Status: apiregistration.APIServiceStatus{ | ||||
| 					Conditions: []apiregistration.APIServiceCondition{ | ||||
| @@ -370,7 +370,7 @@ func TestProxyUpgrade(t *testing.T) { | ||||
| 					CABundle: testCACrt, | ||||
| 					Group:    "mygroup", | ||||
| 					Version:  "v1", | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"}, | ||||
| 					Service:  &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443}, | ||||
| 				}, | ||||
| 				Status: apiregistration.APIServiceStatus{ | ||||
| 					Conditions: []apiregistration.APIServiceCondition{ | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Mehdy Bohlool
					Mehdy Bohlool