This PR implements AdmissionOptions.ApplyTo

ApplyTo adds the admission chain to the server configuration the method lazily initializes a generic plugin that is appended to the list of pluginInitializers. apiserver.Config will hold an instance of SharedInformerFactory to ensure we only have once instance. The field will be initialized in apisever.SecureServingOptions
2017-05-01 15:07:46 +02:00
parent 4807e6cadf
commit 8cea69aa98
13 changed files with 135 additions and 37 deletions
--- a/cmd/kube-apiserver/app/options/options.go
+++ b/cmd/kube-apiserver/app/options/options.go
@@ -110,6 +110,8 @@ func NewServerRunOptions() *ServerRunOptions {
 	}
 	// Overwrite the default for storage data format.
 	s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
+	// Set the default for admission plugins names
+	s.Admission.PluginNames = []string{"AlwaysAdmit"}
 	return &s
 }

--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@@ -359,39 +359,41 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config,
 		genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName)
 	}

-	genericConfig.AdmissionControl, err = BuildAdmission(s,
-		s.Admission.Plugins,
+	pluginInitializer, err := BuildAdmissionPluginInitializer(
+		s,
 		client,
 		sharedInformers,
 		genericConfig.Authorizer,
 	)
 	if err != nil {
-		return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err)
+		return nil, nil, nil, fmt.Errorf("failed to create admission plugin initializer: %v", err)
 	}

+	err = s.Admission.ApplyTo(
+		genericConfig,
+		pluginInitializer)
+	if err != nil {
+		return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err)
+	}
 	return genericConfig, sharedInformers, insecureServingOptions, nil
 }

-// BuildAdmission constructs the admission chain
-func BuildAdmission(s *options.ServerRunOptions, plugins *admission.Plugins, client internalclientset.Interface, sharedInformers informers.SharedInformerFactory, apiAuthorizer authorizer.Authorizer) (admission.Interface, error) {
-	admissionControlPluginNames := strings.Split(s.Admission.Control, ",")
+// BuildAdmissionPluginInitializer constructs the admission plugin initializer
+func BuildAdmissionPluginInitializer(s *options.ServerRunOptions, client internalclientset.Interface, sharedInformers informers.SharedInformerFactory, apiAuthorizer authorizer.Authorizer) (admission.PluginInitializer, error) {
 	var cloudConfig []byte
-	var err error

 	if s.CloudProvider.CloudConfigFile != "" {
+		var err error
 		cloudConfig, err = ioutil.ReadFile(s.CloudProvider.CloudConfigFile)
 		if err != nil {
 			glog.Fatalf("Error reading from cloud configuration file %s: %#v", s.CloudProvider.CloudConfigFile, err)
 		}
 	}
+
 	// TODO: use a dynamic restmapper. See https://github.com/kubernetes/kubernetes/pull/42615.
 	restMapper := api.Registry.RESTMapper()
 	pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, restMapper)
-	admissionConfigProvider, err := admission.ReadAdmissionConfiguration(admissionControlPluginNames, s.Admission.ControlConfigFile)
-	if err != nil {
-		return nil, fmt.Errorf("failed to read plugin config: %v", err)
-	}
-	return plugins.NewFromPlugins(admissionControlPluginNames, admissionConfigProvider, pluginInitializer)
+	return pluginInitializer, nil
 }

 // BuildAuthenticator constructs the authenticator