Dependency chain is now api -> api/rest -> apiserver. Makes the
interfaces much cleaner to read, and cleans up some inconsistenties
that crept in along the way.
In order to support graceful deletion, the resource object will
need access to the TTL value in etcd. Also, in the future we
may want to get the creation index (distinct from modifiedindex)
and expose it to clients. Change EtcdResourceVersioner to be
more type specific (objects vs lists) and provide a default
implementation that relies on the internal API convention.
Also, rename etcd_tools.go to etcd_helper.go and split a few
things up.
Allows POST to create a binding as a child. Also refactors internal
and v1beta3 Binding to be more generic (so that other resources can
support Bindings).
PUT /api/v1beta3/namespaces/default/pods/foo/status
{
"metadata": {...}, // allowed for valid values
"spec": {}, // ignored
"status": {...}, // allowed, except for Host
}
Exposes the simplest possibly change. Needs a slight refactoring
to RESTUpdateStrategy to split merging which can be done in a
follow up.
They will still show up in etcd. They never were available
through the API.
A subsequent PR(s) will rip out all BoundPods code.
Working in small increments.
This PR will cause users on lagging cloud providers
to not get env vars in their pods if they update to this code.
They have already been warned via email.
Removed unit tests of BasicBoundPodFactory.
There is adequate coverage in pkg/kubelet/kubelet_test.go.
* Rename a field to make it more obvious.
* Fix some comments and other minor artifacts.
Verified by hitting the service on 443, and by hitting the master on 8080,
6443, and 7080.
Allow the master to have pod/node cache timeouts controlled via a config
flag for integration tests.
Move integration test to '127.0.0.1' so that it correctly returns a health
check, and enable health check testing on the integration test.
Make pod status update every 5 seconds instead of every 30 to mask the issue #3952. I suspect (but haven't confirmed) that #3927 doesn't completely address the issue since it will still happily cache a Pending status for up to 30 seconds even though the pod may have transitioned to Running already.
The list of valid paths is computed from http.ServeMux and
restful.WebService.
Adding a mux helper - wrapper over mux, that keeps track of the paths
handled by mux.
Reduces some chatter in test suites where we are confident this code
already works. Also removed any logging which is obvious from swagger.
Finally, rolls up InstallREST related errors all the way back to master,
which will glog.Fatalf (coding errors).
- Separating out index, version and api handlers into independent web
services. Moved the index handler to /welcome, version handler to
/version and the api handler to /api,
This exposes the proper v1beta3 API endpoint when the user specifies
the --runtime_config=api/v1beta3 argument to the apiserver. v1beta3
is still considered experimental and subject to change.
--runtime_config is a map of string keys and values, that can be
specified by providing
--runtime_config=a=b,b=c,d,e
Only the key must be specified, the value can be omitted.
Enables v1beta3 in hack/local-up-cluster.sh and hack/test-cmd.sh
OpenShift would like to also enable swagger, but we need to register our
services as swagger services prior to the SwaggerAPI being started. I've
added a bool (default false) to master.Config to enable swagger, and split
the method in master out so that a downstream consumer can call it.
Replaces the client public interface but leaves old references to "minions"
for a later refactor. Selects the path "nodes" for v1beta3 and "minions"
for older versions.
Without this, tests which create a master
will panic with a nil pointer when the periodic
podCache update runs.
Deleted unused FakePodInfoGetter.
Added FakeKubeletClient.
Passed to master.New.
Required a KubeletClient in master.New.
Added basic interface for authorizer implementations.
Added default "authorize everything" and "authorize nothing
implementations.
Added authorization check immediately after authentication check.
Added an integration test of authorization at the HTTP level of
abstraction.
Callsites no longer allocate a mux.
Master now exposes method to install handlers
which use the master's auth code. Not used
but forks (openshift) are expected to use these
methods. These methods will later be a point
for additional plug-in functionality.
Integration tests now use the master-provided
handler which has auth, rather than using the mux,
which didn't. Fix TestWhoAmI now that /_whoami
sits behind auth.
Added new endpoint /_whoami for debugging authentication.
Added integration test which checks that a user is authenticated
using token authentication.
Rearranged initialization of authenticator to support preceeding.
Create a new MetadataAccessor interface that combines both
and use it where previously latest.ResourceVersioner and SelfLinker
were being used.
Adds Namespace to the get/set interface. Adds TODO about future
fast path for metadata (as per thockin's comment)
