github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
bc7aa13bf7
kubernetes/hack/update-openapi-spec.sh
Tim Hockin 8288c06b2b
Make hack scripts use go install and assume PATH 
Now that they all call setup_env, we don't need find-binary (I think).
That was originally meant to hide the diff between docker and local
builds but all these tools do local builds anyway.
2024-02-29 22:07:32 -08:00

147 lines
5.3 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Copyright 2016 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Script to fetch latest openapi spec.
# Puts the updated spec at api/openapi-spec/
set -o errexit
set -o nounset
set -o pipefail
KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
DISCOVERY_ROOT_DIR="${KUBE_ROOT}/api/discovery"
OPENAPI_ROOT_DIR="${KUBE_ROOT}/api/openapi-spec"
source "${KUBE_ROOT}/hack/lib/init.sh"
kube::util::require-jq
kube::golang::setup_env
kube::etcd::install
# We need to call `make` here because that includes all of the compile and link
# flags that we use for a production build, which we need for this script.
make -C "${KUBE_ROOT}" WHAT=cmd/kube-apiserver
function cleanup()
{
if [[ -n ${APISERVER_PID-} ]]; then
kill "${APISERVER_PID}" 1>&2 2>/dev/null
wait "${APISERVER_PID}" || true
fi
unset APISERVER_PID
kube::etcd::cleanup
kube::log::status "Clean up complete"
}
trap cleanup EXIT SIGINT
TMP_DIR=${TMP_DIR:-$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")}
ETCD_HOST=${ETCD_HOST:-127.0.0.1}
ETCD_PORT=${ETCD_PORT:-2379}
API_PORT=${API_PORT:-8050}
API_HOST=${API_HOST:-127.0.0.1}
API_LOGFILE=${API_LOGFILE:-${TMP_DIR}/openapi-api-server.log}
kube::etcd::start
echo "dummy_token,admin,admin" > "${TMP_DIR}/tokenauth.csv"
# setup envs for TokenRequest required flags
SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true}
SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-${TMP_DIR}/kube-serviceaccount.key}
# Generate ServiceAccount key if needed
if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
mkdir -p "$(dirname "${SERVICE_ACCOUNT_KEY}")"
openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
fi
# Start kube-apiserver
# omit enums from static openapi snapshots used to generate clients until #109177 is resolved
kube::log::status "Starting kube-apiserver"
kube-apiserver \
--bind-address="${API_HOST}" \
--secure-port="${API_PORT}" \
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
--advertise-address="10.10.10.10" \
--cert-dir="${TMP_DIR}/certs" \
--feature-gates=AllAlpha=true,OpenAPIEnums=false \
--runtime-config="api/all=true" \
--token-auth-file="${TMP_DIR}/tokenauth.csv" \
--authorization-mode=RBAC \
--service-account-key-file="${SERVICE_ACCOUNT_KEY}" \
--service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \
--service-account-issuer="https://kubernetes.default.svc" \
--service-account-signing-key-file="${SERVICE_ACCOUNT_KEY}" \
--v=2 \
--service-cluster-ip-range="10.0.0.0/24" >"${API_LOGFILE}" 2>&1 &
APISERVER_PID=$!
if ! kube::util::wait_for_url "https://${API_HOST}:${API_PORT}/healthz" "apiserver: "; then
kube::log::error "Here are the last 10 lines from kube-apiserver (${API_LOGFILE})"
kube::log::error "=== BEGIN OF LOG ==="
tail -10 "${API_LOGFILE}" >&2 || :
kube::log::error "=== END OF LOG ==="
exit 1
fi
kube::log::status "Updating aggregated discovery"
rm -fr "${DISCOVERY_ROOT_DIR}"
mkdir -p "${DISCOVERY_ROOT_DIR}"
curl -kfsS -H 'Authorization: Bearer dummy_token' -H 'Accept: application/json;g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList' "https://${API_HOST}:${API_PORT}/apis" | jq -S . > "${DISCOVERY_ROOT_DIR}/aggregated_v2beta1.json"
kube::log::status "Updating " "${OPENAPI_ROOT_DIR} for OpenAPI v2"
rm -f "${OPENAPI_ROOT_DIR}/swagger.json"
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
"https://${API_HOST}:${API_PORT}/openapi/v2" \
| jq -S '.info.version="unversioned"' \
> "${OPENAPI_ROOT_DIR}/swagger.json"
kube::log::status "Updating " "${OPENAPI_ROOT_DIR}/v3 for OpenAPI v3"
mkdir -p "${OPENAPI_ROOT_DIR}/v3"
# clean up folder, note that some files start with dot like
# ".well-known__openid-configuration_openapi.json"
rm -r "${OPENAPI_ROOT_DIR}"/v3/{*,.*} || true
rm -rf "${OPENAPI_ROOT_DIR}/v3/*"
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
"https://${API_HOST}:${API_PORT}/openapi/v3" \
| jq -r '.paths | to_entries | .[].key' \
| while read -r group; do
kube::log::status "Updating OpenAPI spec and discovery for group ${group}"
OPENAPI_FILENAME="${group}_openapi.json"
OPENAPI_FILENAME_ESCAPED="${OPENAPI_FILENAME//\//__}"
OPENAPI_PATH="${OPENAPI_ROOT_DIR}/v3/${OPENAPI_FILENAME_ESCAPED}"
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
"https://${API_HOST}:${API_PORT}/openapi/v3/{$group}" \
| jq -S '.info.version="unversioned"' \
> "$OPENAPI_PATH"
if [[ "${group}" == "api"* ]]; then
DISCOVERY_FILENAME="${group}.json"
DISCOVERY_FILENAME_ESCAPED="${DISCOVERY_FILENAME//\//__}"
DISCOVERY_PATH="${DISCOVERY_ROOT_DIR}/${DISCOVERY_FILENAME_ESCAPED}"
curl -kfsS -H 'Authorization: Bearer dummy_token' "https://${API_HOST}:${API_PORT}/{$group}" | jq -S . > "$DISCOVERY_PATH"
fi
done
kube::log::status "SUCCESS"
# ex: ts=2 sw=2 et filetype=sh
Reference in New Issue View Git Blame Copy Permalink