re-organize and document genericapiserver config

2025-08-14 14:23:37 +00:00 · 2016-12-05 10:47:41 -05:00 · 2016-12-05 10:47:41 -05:00 · 05b1074d0e
commit 05b1074d0e
parent 2c63b6f5ca
1 changed files with 66 additions and 59 deletions
--- a/pkg/genericapiserver/config.go
+++ b/pkg/genericapiserver/config.go
@ -74,87 +74,94 @@ const (
 )
 // Config is a structure used to configure a GenericAPIServer.
 // It's members are sorted rougly in order of importance for composers.
 type Config struct {
-	// Destination for audit logs
+	// SecureServingInfo is required to serve https
-	AuditWriter io.Writer
+	SecureServingInfo *SecureServingInfo
 	// Allow downstream consumers to disable swagger.
 	// This includes returning the generated swagger spec at /swaggerapi and swagger ui at /swagger-ui.
 	EnableSwaggerSupport bool
 	// Allow downstream consumers to disable swagger ui.
 	// Note that this is ignored if EnableSwaggerSupport is false
 	EnableSwaggerUI bool
 	// Allows api group versions or specific resources to be conditionally enabled/disabled.
 	APIResourceConfigSource APIResourceConfigSource
 	// allow downstream consumers to disable the index route
 	EnableIndex     bool
 	EnableProfiling bool
 	// Requires generic profiling enabled
 	EnableContentionProfiling bool
 	EnableMetrics             bool
 	EnableGarbageCollection   bool
 	Version               *version.Info
 	CorsAllowedOriginList []string
 	Authenticator         authenticator.Request
 	// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
 	SupportsBasicAuth bool
 	Authorizer        authorizer.Authorizer
 	AdmissionControl  admission.Interface
 	// LoopbackClientConfig is a config for a privileged loopback connection to the API server
 	// This is required for proper functioning of the PostStartHooks on a GenericAPIServer
 	LoopbackClientConfig *restclient.Config
 	// Authenticator determines which subject is making the request
 	Authenticator authenticator.Request
 	// Authorizer determines whether the subject is allowed to make the request based only
 	// on the RequestURI
 	Authorizer authorizer.Authorizer
 	// AdmissionControl performs deep inspection of a given request (including content)
 	// to set values and determine whether its allowed
 	AdmissionControl      admission.Interface
 	CorsAllowedOriginList []string
-	// Map requests to contexts. Exported so downstream consumers can provider their own mappers
+	EnableSwaggerSupport bool
-	RequestContextMapper api.RequestContextMapper
+	EnableSwaggerUI      bool
 	EnableIndex          bool
 	EnableProfiling      bool
 	// Requires generic profiling enabled
 	EnableContentionProfiling bool
 	EnableGarbageCollection   bool
 	EnableMetrics             bool
 	EnableOpenAPISupport      bool
-	// Required, the interface for serializing and converting objects to and from the wire
+	// Version will enable the /version endpoint if non-nil
-	Serializer runtime.NegotiatedSerializer
+	Version *version.Info
 	// AuditWriter is the destination for audit logs.  If nil, they will not be written.
 	AuditWriter io.Writer
 	// SupportsBasicAuth indicates that's at least one Authenticator supports basic auth
 	// If this is true, a basic auth challenge is returned on authentication failure
 	// TODO(roberthbailey): Remove once the server no longer supports http basic auth.
 	SupportsBasicAuth bool
 	// ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger)
 	// Will default to a value based on secure serving info and available ipv4 IPs.
 	ExternalAddress string
-	// If specified, requests will be allocated a random timeout between this value, and twice this value.
+	//===========================================================================
-	// Note that it is up to the request handlers to ignore or honor this timeout. In seconds.
+	// Fields you probably don't care about changing
-	MinRequestTimeout int
+	//===========================================================================
 	SecureServingInfo   *SecureServingInfo
 	InsecureServingInfo *ServingInfo
 	// BuildHandlerChainsFunc allows you to build custom handler chains by decorating the apiHandler.
 	BuildHandlerChainsFunc func(apiHandler http.Handler, c *Config) (secure, insecure http.Handler)
 	// DiscoveryAddresses is used to build the IPs pass to discovery.  If nil, the ExternalAddress is
 	// always reported
 	DiscoveryAddresses DiscoveryAddresses
-
+	// LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests
-	// The port on PublicAddress where a read-write server will be installed.
+	// to InstallLegacyAPIGroup.  New API servers don't generally have legacy groups at all.
-	// Defaults to 6443 if not set.
+	LegacyAPIGroupPrefixes sets.String
-	ReadWritePort int
+	// RequestContextMapper maps requests to contexts. Exported so downstream consumers can provider their own mappers
-
+	// TODO confirm that anyone downstream actually uses this and doesn't just need an accessor
-	// ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger)
+	RequestContextMapper api.RequestContextMapper
-	ExternalAddress string
+	// Serializer is required and provides the interface for serializing and converting objects to and from the wire
-
+	// The default (api.Codecs) usually works fine.
-	// PublicAddress is the IP address where members of the cluster (kubelet,
+	Serializer runtime.NegotiatedSerializer
-	// kube-proxy, services, etc.) can reach the GenericAPIServer.
+	// OpenAPIConfig will be used in generating OpenAPI spec.  This has "working" defaults.
 	// If nil or 0.0.0.0, the host's default interface will be used.
 	PublicAddress net.IP
 	// EnableOpenAPISupport enables OpenAPI support. Allow downstream customers to disable OpenAPI spec.
 	EnableOpenAPISupport bool
 	// OpenAPIConfig will be used in generating OpenAPI spec.
 	OpenAPIConfig *common.Config
-
+	// If specified, requests will be allocated a random timeout between this value, and twice this value.
 	// Note that it is up to the request handlers to ignore or honor this timeout. In seconds.
 	MinRequestTimeout int
 	// MaxRequestsInFlight is the maximum number of parallel non-long-running requests. Every further
 	// request has to wait. Applies only to non-mutating requests.
 	MaxRequestsInFlight int
 	// MaxMutatingRequestsInFlight is the maximum number of parallel mutating requests. Every further
 	// request has to wait.
 	MaxMutatingRequestsInFlight int
 	// Predicate which is true for paths of long-running http requests
 	LongRunningFunc genericfilters.LongRunningRequestCheck
-	// Build the handler chains by decorating the apiHandler.
+	// InsecureServingInfo is required to serve http.  HTTP does NOT include authentication or authorization.
-	BuildHandlerChainsFunc func(apiHandler http.Handler, c *Config) (secure, insecure http.Handler)
+	// You shouldn't be using this.  It makes sig-auth sad.
 	InsecureServingInfo *ServingInfo
-	// LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests
+	//===========================================================================
-	// to InstallLegacyAPIGroup
+	// values below here are targets for removal
-	LegacyAPIGroupPrefixes sets.String
+	//===========================================================================
 	APIResourceConfigSource APIResourceConfigSource
 	// The port on PublicAddress where a read-write server will be installed.
 	// Defaults to 6443 if not set.
 	ReadWritePort int
 	// PublicAddress is the IP address where members of the cluster (kubelet,
 	// kube-proxy, services, etc.) can reach the GenericAPIServer.
 	// If nil or 0.0.0.0, the host's default interface will be used.
 	PublicAddress net.IP
 }
 type ServingInfo struct {