add recommended aggregated api server options
This commit is contained in:
deads2k
@@ -45,10 +45,7 @@ import (
|
|||||||
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
|
const defaultEtcdPathPrefix = "/registry/kube-aggregator.kubernetes.io/"
|
||||||
|
|
||||||
type AggregatorOptions struct {
|
type AggregatorOptions struct {
|
||||||
Etcd *genericoptions.EtcdOptions
|
RecommendedOptions *genericoptions.RecommendedOptions
|
||||||
SecureServing *genericoptions.SecureServingOptions
|
|
||||||
Authentication *genericoptions.DelegatingAuthenticationOptions
|
|
||||||
Authorization *genericoptions.DelegatingAuthorizationOptions
|
|
||||||
|
|
||||||
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
||||||
// this to confirm the proxy's identity
|
// this to confirm the proxy's identity
|
||||||
@@ -62,18 +59,15 @@ type AggregatorOptions struct {
|
|||||||
// NewCommandStartMaster provides a CLI handler for 'start master' command
|
// NewCommandStartMaster provides a CLI handler for 'start master' command
|
||||||
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
||||||
o := &AggregatorOptions{
|
o := &AggregatorOptions{
|
||||||
Etcd: genericoptions.NewEtcdOptions(api.Scheme),
|
RecommendedOptions: genericoptions.NewRecommendedOptions(api.Scheme),
|
||||||
SecureServing: genericoptions.NewSecureServingOptions(),
|
|
||||||
Authentication: genericoptions.NewDelegatingAuthenticationOptions(),
|
|
||||||
Authorization: genericoptions.NewDelegatingAuthorizationOptions(),
|
|
||||||
|
|
||||||
StdOut: out,
|
StdOut: out,
|
||||||
StdErr: err,
|
StdErr: err,
|
||||||
}
|
}
|
||||||
o.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
o.RecommendedOptions.Etcd.StorageConfig.Type = storagebackend.StorageTypeETCD3
|
||||||
o.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
o.RecommendedOptions.Etcd.StorageConfig.Prefix = defaultEtcdPathPrefix
|
||||||
o.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
o.RecommendedOptions.Etcd.StorageConfig.Codec = api.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)
|
||||||
o.SecureServing.ServingOptions.BindPort = 443
|
o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
|
||||||
|
|
||||||
cmd := &cobra.Command{
|
cmd := &cobra.Command{
|
||||||
Short: "Launch a API aggregator and proxy server",
|
Short: "Launch a API aggregator and proxy server",
|
||||||
@@ -86,10 +80,7 @@ func NewCommandStartAggregator(out, err io.Writer) *cobra.Command {
|
|||||||
}
|
}
|
||||||
|
|
||||||
flags := cmd.Flags()
|
flags := cmd.Flags()
|
||||||
o.Etcd.AddFlags(flags)
|
o.RecommendedOptions.AddFlags(flags)
|
||||||
o.SecureServing.AddFlags(flags)
|
|
||||||
o.Authentication.AddFlags(flags)
|
|
||||||
o.Authorization.AddFlags(flags)
|
|
||||||
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
flags.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
||||||
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
flags.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
||||||
|
|
||||||
@@ -106,30 +97,24 @@ func (o *AggregatorOptions) Complete() error {
|
|||||||
|
|
||||||
func (o AggregatorOptions) RunAggregator() error {
|
func (o AggregatorOptions) RunAggregator() error {
|
||||||
// TODO have a "real" external address
|
// TODO have a "real" external address
|
||||||
if err := o.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost"); err != nil {
|
||||||
return fmt.Errorf("error creating self-signed certificates: %v", err)
|
return fmt.Errorf("error creating self-signed certificates: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
genericAPIServerConfig := genericapiserver.NewConfig().
|
serverConfig := genericapiserver.NewConfig().
|
||||||
WithSerializer(api.Codecs)
|
WithSerializer(api.Codecs)
|
||||||
|
|
||||||
if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil {
|
if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
|
||||||
return fmt.Errorf("failed to configure https: %s", err)
|
|
||||||
}
|
|
||||||
if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
|
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil {
|
serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
||||||
return err
|
|
||||||
}
|
|
||||||
genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
|
|
||||||
sets.NewString("watch", "proxy"),
|
sets.NewString("watch", "proxy"),
|
||||||
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
||||||
)
|
)
|
||||||
|
|
||||||
var err error
|
var err error
|
||||||
privilegedLoopbackToken := uuid.NewRandom().String()
|
privilegedLoopbackToken := uuid.NewRandom().String()
|
||||||
if genericAPIServerConfig.LoopbackClientConfig, err = genericAPIServerConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
if serverConfig.LoopbackClientConfig, err = serverConfig.SecureServingInfo.NewSelfClientConfig(privilegedLoopbackToken); err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -143,8 +128,8 @@ func (o AggregatorOptions) RunAggregator() error {
|
|||||||
}
|
}
|
||||||
|
|
||||||
config := apiserver.Config{
|
config := apiserver.Config{
|
||||||
GenericConfig: genericAPIServerConfig,
|
GenericConfig: serverConfig,
|
||||||
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.Etcd.StorageConfig},
|
RESTOptionsGetter: &restOptionsFactory{storageConfig: &o.RecommendedOptions.Etcd.StorageConfig},
|
||||||
CoreAPIServerClient: coreAPIServerClient,
|
CoreAPIServerClient: coreAPIServerClient,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -0,0 +1,63 @@
|
|||||||
|
/*
|
||||||
|
Copyright 2016 The Kubernetes Authors.
|
||||||
|
|
||||||
|
Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
|
you may not use this file except in compliance with the License.
|
||||||
|
You may obtain a copy of the License at
|
||||||
|
|
||||||
|
http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
|
||||||
|
Unless required by applicable law or agreed to in writing, software
|
||||||
|
distributed under the License is distributed on an "AS IS" BASIS,
|
||||||
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||||
|
See the License for the specific language governing permissions and
|
||||||
|
limitations under the License.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package options
|
||||||
|
|
||||||
|
import (
|
||||||
|
"github.com/spf13/pflag"
|
||||||
|
|
||||||
|
"k8s.io/apimachinery/pkg/runtime"
|
||||||
|
"k8s.io/apiserver/pkg/server"
|
||||||
|
)
|
||||||
|
|
||||||
|
// RecommendedOptions contains the recommended options for running an API server
|
||||||
|
// If you add something to this list, it should be in a logical grouping
|
||||||
|
type RecommendedOptions struct {
|
||||||
|
Etcd *EtcdOptions
|
||||||
|
SecureServing *SecureServingOptions
|
||||||
|
Authentication *DelegatingAuthenticationOptions
|
||||||
|
Authorization *DelegatingAuthorizationOptions
|
||||||
|
}
|
||||||
|
|
||||||
|
func NewRecommendedOptions(scheme *runtime.Scheme) *RecommendedOptions {
|
||||||
|
return &RecommendedOptions{
|
||||||
|
Etcd: NewEtcdOptions(scheme),
|
||||||
|
SecureServing: NewSecureServingOptions(),
|
||||||
|
Authentication: NewDelegatingAuthenticationOptions(),
|
||||||
|
Authorization: NewDelegatingAuthorizationOptions(),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
|
||||||
|
o.Etcd.AddFlags(fs)
|
||||||
|
o.SecureServing.AddFlags(fs)
|
||||||
|
o.Authentication.AddFlags(fs)
|
||||||
|
o.Authorization.AddFlags(fs)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (o *RecommendedOptions) ApplyTo(config *server.Config) error {
|
||||||
|
if err := o.SecureServing.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Authentication.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
if err := o.Authorization.ApplyTo(config); err != nil {
|
||||||
|
return err
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
1
vendor/BUILD
vendored
1
vendor/BUILD
vendored
@@ -14093,6 +14093,7 @@ go_library(
|
|||||||
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
"k8s.io/apiserver/pkg/server/options/authorization.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/doc.go",
|
"k8s.io/apiserver/pkg/server/options/doc.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/etcd.go",
|
"k8s.io/apiserver/pkg/server/options/etcd.go",
|
||||||
|
"k8s.io/apiserver/pkg/server/options/recommended.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/server_run_options.go",
|
"k8s.io/apiserver/pkg/server/options/server_run_options.go",
|
||||||
"k8s.io/apiserver/pkg/server/options/serving.go",
|
"k8s.io/apiserver/pkg/server/options/serving.go",
|
||||||
],
|
],
|
||||||
|
|||||||
Reference in New Issue
Block a user