Merge pull request #38191 from sttts/sttts-move-master-options

Automatic merge from submit-queue

Move non-generic apiserver code out of the generic packages

cmd/kube-apiserver/app/BUILD

@@ -21,7 +21,6 @@ go_library(
         "//pkg/apis/autoscaling:go_default_library",
         "//pkg/apis/batch:go_default_library",
         "//pkg/apis/extensions:go_default_library",
-        "//pkg/apiserver:go_default_library",
         "//pkg/apiserver/authenticator:go_default_library",
         "//pkg/capabilities:go_default_library",
         "//pkg/client/clientset_generated/internalclientset:go_default_library",

cmd/kube-apiserver/app/options/BUILD

@@ -10,7 +10,10 @@ load(
 
 go_library(
     name = "go_default_library",
-    srcs = ["options.go"],
+    srcs = [
+        "options.go",
+        "validation.go",
+    ],
     tags = ["automanaged"],
     deps = [
         "//pkg/api:go_default_library",
@@ -18,6 +21,7 @@ go_library(
         "//pkg/genericapiserver/options:go_default_library",
         "//pkg/kubelet/client:go_default_library",
         "//pkg/master/ports:go_default_library",
+        "//pkg/util/net:go_default_library",
         "//vendor:github.com/spf13/pflag",
     ],
 )

cmd/kube-apiserver/app/options/options.go

@@ -18,6 +18,7 @@ limitations under the License.
 package options
 
 import (
+	"net"
 	"time"
 
 	"k8s.io/kubernetes/pkg/api"
@@ -25,10 +26,14 @@ import (
 	genericoptions "k8s.io/kubernetes/pkg/genericapiserver/options"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
 	"k8s.io/kubernetes/pkg/master/ports"
+	utilnet "k8s.io/kubernetes/pkg/util/net"
 
 	"github.com/spf13/pflag"
 )
 
+// DefaultServiceNodePortRange is the default port range for NodePort services.
+var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
+
 // ServerRunOptions runs a kubernetes api server.
 type ServerRunOptions struct {
 	GenericServerRunOptions *genericoptions.ServerRunOptions
@@ -38,12 +43,16 @@ type ServerRunOptions struct {
 	Authentication          *genericoptions.BuiltInAuthenticationOptions
 	Authorization           *genericoptions.BuiltInAuthorizationOptions
 
-	AllowPrivileged          bool
+	AllowPrivileged           bool
-	EventTTL                 time.Duration
+	EventTTL                  time.Duration
-	KubeletConfig            kubeletclient.KubeletClientConfig
+	KubeletConfig             kubeletclient.KubeletClientConfig
-	MaxConnectionBytesPerSec int64
+	KubernetesServiceNodePort int
-	SSHKeyfile               string
+	MasterCount               int
-	SSHUser                  string
+	MaxConnectionBytesPerSec  int64
+	ServiceClusterIPRange     net.IPNet // TODO: make this a list
+	ServiceNodePortRange      utilnet.PortRange
+	SSHKeyfile                string
+	SSHUser                   string
 }
 
 // NewServerRunOptions creates a new ServerRunOptions object with default parameters
@@ -56,7 +65,8 @@ func NewServerRunOptions() *ServerRunOptions {
 		Authentication:  genericoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		Authorization:   genericoptions.NewBuiltInAuthorizationOptions(),
 
-		EventTTL: 1 * time.Hour,
+		EventTTL:    1 * time.Hour,
+		MasterCount: 1,
 		KubeletConfig: kubeletclient.KubeletClientConfig{
 			Port: ports.KubeletPort,
 			PreferredAddressTypes: []string{
@@ -68,6 +78,7 @@ func NewServerRunOptions() *ServerRunOptions {
 			EnableHttps: true,
 			HTTPTimeout: time.Duration(5) * time.Second,
 		},
+		ServiceNodePortRange: DefaultServiceNodePortRange,
 	}
 	return &s
 }
@@ -104,6 +115,30 @@ func (s *ServerRunOptions) AddFlags(fs *pflag.FlagSet) {
 		"If non-zero, throttle each user connection to this number of bytes/sec. "+
 		"Currently only applies to long-running requests.")
 
+	fs.IntVar(&s.MasterCount, "apiserver-count", s.MasterCount,
+		"The number of apiservers running in the cluster.")
+
+	// See #14282 for details on how to test/try this option out.
+	// TODO: remove this comment once this option is tested in CI.
+	fs.IntVar(&s.KubernetesServiceNodePort, "kubernetes-service-node-port", s.KubernetesServiceNodePort, ""+
+		"If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be "+
+		"of type NodePort, using this as the value of the port. If zero, the Kubernetes master "+
+		"service will be of type ClusterIP.")
+
+	fs.IPNetVar(&s.ServiceClusterIPRange, "service-cluster-ip-range", s.ServiceClusterIPRange, ""+
+		"A CIDR notation IP range from which to assign service cluster IPs. This must not "+
+		"overlap with any IP ranges assigned to nodes for pods.")
+
+	fs.IPNetVar(&s.ServiceClusterIPRange, "portal-net", s.ServiceClusterIPRange,
+		"DEPRECATED: see --service-cluster-ip-range instead.")
+	fs.MarkDeprecated("portal-net", "see --service-cluster-ip-range instead")
+
+	fs.Var(&s.ServiceNodePortRange, "service-node-port-range", ""+
+		"A port range to reserve for services with NodePort visibility. "+
+		"Example: '30000-32767'. Inclusive at both ends of the range.")
+	fs.Var(&s.ServiceNodePortRange, "service-node-ports", "DEPRECATED: see --service-node-port-range instead")
+	fs.MarkDeprecated("service-node-ports", "see --service-node-port-range instead")
+
 	// Kubelet related flags:
 	fs.BoolVar(&s.KubeletConfig.EnableHttps, "kubelet-https", s.KubeletConfig.EnableHttps,
 		"Use https for kubelet connections.")

cmd/kube-apiserver/app/options/validation.go

@@ -14,50 +14,54 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package validation
+package options
 
 import (
 	"fmt"
-
-	"github.com/golang/glog"
-	"k8s.io/kubernetes/pkg/genericapiserver/options"
-	utilerrors "k8s.io/kubernetes/pkg/util/errors"
 )
 
 // TODO: Longer term we should read this from some config store, rather than a flag.
-func verifyClusterIPFlags(options *options.ServerRunOptions) []error {
+func validateClusterIPFlags(options *ServerRunOptions) []error {
 	errors := []error{}
 	if options.ServiceClusterIPRange.IP == nil {
-		errors = append(errors, fmt.Errorf("No --service-cluster-ip-range specified"))
+		errors = append(errors, fmt.Errorf("no --service-cluster-ip-range specified"))
 	}
 	var ones, bits = options.ServiceClusterIPRange.Mask.Size()
 	if bits-ones > 20 {
-		errors = append(errors, fmt.Errorf("Specified --service-cluster-ip-range is too large"))
+		errors = append(errors, fmt.Errorf("specified --service-cluster-ip-range is too large"))
 	}
 	return errors
 }
 
-func verifyServiceNodePort(options *options.ServerRunOptions) []error {
+func validateServiceNodePort(options *ServerRunOptions) []error {
 	errors := []error{}
 	if options.KubernetesServiceNodePort < 0 || options.KubernetesServiceNodePort > 65535 {
-		errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP.", options.KubernetesServiceNodePort))
+		errors = append(errors, fmt.Errorf("--kubernetes-service-node-port %v must be between 0 and 65535, inclusive. If 0, the Kubernetes master service will be of type ClusterIP", options.KubernetesServiceNodePort))
 	}
 
 	if options.KubernetesServiceNodePort > 0 && !options.ServiceNodePortRange.Contains(options.KubernetesServiceNodePort) {
-		errors = append(errors, fmt.Errorf("Kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
+		errors = append(errors, fmt.Errorf("kubernetes service port range %v doesn't contain %v", options.ServiceNodePortRange, (options.KubernetesServiceNodePort)))
 	}
 	return errors
 }
 
-func ValidateRunOptions(options *options.ServerRunOptions) {
+// Validate checks ServerRunOptions and return a slice of found errors.
-	errors := []error{}
+func (options *ServerRunOptions) Validate() []error {
-	if errs := verifyClusterIPFlags(options); len(errs) > 0 {
+	var errors []error
+	if errs := options.Etcd.Validate(); len(errs) > 0 {
 		errors = append(errors, errs...)
 	}
-	if errs := verifyServiceNodePort(options); len(errs) > 0 {
+	if errs := validateClusterIPFlags(options); len(errs) > 0 {
 		errors = append(errors, errs...)
 	}
-	if err := utilerrors.NewAggregate(errors); err != nil {
+	if errs := validateServiceNodePort(options); len(errs) > 0 {
-		glog.Fatalf("Validate server run options failed: %v", err)
+		errors = append(errors, errs...)
 	}
+	if errs := options.SecureServing.Validate(); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
+	if errs := options.InsecureServing.Validate("insecure-port"); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
+	return errors
 }

cmd/kube-apiserver/app/server.go

@@ -41,7 +41,6 @@ import (
 	"k8s.io/kubernetes/pkg/apis/autoscaling"
 	"k8s.io/kubernetes/pkg/apis/batch"
 	"k8s.io/kubernetes/pkg/apis/extensions"
-	"k8s.io/kubernetes/pkg/apiserver"
 	"k8s.io/kubernetes/pkg/apiserver/authenticator"
 	"k8s.io/kubernetes/pkg/capabilities"
 	"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
@@ -81,27 +80,30 @@ cluster's shared state through which all other components interact.`,
 
 // Run runs the specified APIServer.  This should never exit.
 func Run(s *options.ServerRunOptions) error {
-	if errs := s.Etcd.Validate(); len(errs) > 0 {
+	// set defaults
-		return utilerrors.NewAggregate(errs)
+	if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing, s.InsecureServing); err != nil {
-	}
-	if err := s.GenericServerRunOptions.DefaultExternalAddress(s.SecureServing, s.InsecureServing); err != nil {
 		return err
 	}
-
+	serviceIPRange, apiServerServiceIP, err := master.DefaultServiceIPRange(s.ServiceClusterIPRange)
-	serviceIPRange, apiServerServiceIP, err := master.DefaultServiceIPRange(s.GenericServerRunOptions.ServiceClusterIPRange)
 	if err != nil {
 		return fmt.Errorf("error determining service IP ranges: %v", err)
 	}
-
 	if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String(), apiServerServiceIP); err != nil {
 		return fmt.Errorf("error creating self-signed certificates: %v", err)
 	}
+	if err := s.GenericServerRunOptions.DefaultExternalHost(); err != nil {
+		return fmt.Errorf("error setting the external host value: %v", err)
+	}
 
-	genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
+	// validate options
+	if errs := s.Validate(); len(errs) != 0 {
+		return utilerrors.NewAggregate(errs)
+	}
 
-	genericConfig := genericapiserver.NewConfig(). // create the new config
+	// create config from options
-							ApplyOptions(s.GenericServerRunOptions). // apply the options selected
+	genericConfig := genericapiserver.NewConfig().
-							ApplyInsecureServingOptions(s.InsecureServing)
+		ApplyOptions(s.GenericServerRunOptions).
+		ApplyInsecureServingOptions(s.InsecureServing)
 
 	if _, err := genericConfig.ApplySecureServingOptions(s.SecureServing); err != nil {
 		return fmt.Errorf("failed to configure https: %s", err)
@@ -123,7 +125,7 @@ func Run(s *options.ServerRunOptions) error {
 
 	// Setup tunneler if needed
 	var tunneler genericapiserver.Tunneler
-	var proxyDialerFn apiserver.ProxyDialerFunc
+	var proxyDialerFn utilnet.DialFunc
 	if len(s.SSHUser) > 0 {
 		// Get ssh key distribution func, if supported
 		var installSSH genericapiserver.InstallSSHKey
@@ -312,10 +314,10 @@ func Run(s *options.ServerRunOptions) error {
 		APIServerServiceIP:   apiServerServiceIP,
 		APIServerServicePort: 443,
 
-		ServiceNodePortRange:      s.GenericServerRunOptions.ServiceNodePortRange,
+		ServiceNodePortRange:      s.ServiceNodePortRange,
-		KubernetesServiceNodePort: s.GenericServerRunOptions.KubernetesServiceNodePort,
+		KubernetesServiceNodePort: s.KubernetesServiceNodePort,
 
-		MasterCount: s.GenericServerRunOptions.MasterCount,
+		MasterCount: s.MasterCount,
 	}
 
 	if s.GenericServerRunOptions.EnableWatchCache {

examples/apiserver/BUILD

@@ -21,7 +21,6 @@ go_library(
         "//pkg/genericapiserver:go_default_library",
         "//pkg/genericapiserver/authorizer:go_default_library",
         "//pkg/genericapiserver/options:go_default_library",
-        "//pkg/genericapiserver/validation:go_default_library",
         "//pkg/registry/generic:go_default_library",
         "//pkg/runtime/schema:go_default_library",
         "//pkg/storage/storagebackend:go_default_library",

examples/apiserver/apiserver.go

@@ -18,7 +18,6 @@ package apiserver
 
 import (
 	"fmt"
-	"net"
 
 	"k8s.io/kubernetes/cmd/libs/go2idl/client-gen/test_apis/testgroup/v1"
 	testgroupetcd "k8s.io/kubernetes/examples/apiserver/rest"
@@ -28,7 +27,6 @@ import (
 	"k8s.io/kubernetes/pkg/genericapiserver"
 	"k8s.io/kubernetes/pkg/genericapiserver/authorizer"
 	genericoptions "k8s.io/kubernetes/pkg/genericapiserver/options"
-	genericvalidation "k8s.io/kubernetes/pkg/genericapiserver/validation"
 	"k8s.io/kubernetes/pkg/registry/generic"
 	"k8s.io/kubernetes/pkg/runtime/schema"
 	"k8s.io/kubernetes/pkg/storage/storagebackend"
@@ -80,12 +78,17 @@ func NewServerRunOptions() *ServerRunOptions {
 }
 
 func (serverOptions *ServerRunOptions) Run(stopCh <-chan struct{}) error {
-	// Set ServiceClusterIPRange
-	_, serviceClusterIPRange, _ := net.ParseCIDR("10.0.0.0/24")
-	serverOptions.GenericServerRunOptions.ServiceClusterIPRange = *serviceClusterIPRange
 	serverOptions.Etcd.StorageConfig.ServerList = []string{"http://127.0.0.1:2379"}
 
-	genericvalidation.ValidateRunOptions(serverOptions.GenericServerRunOptions)
+	// set defaults
+	if err := serverOptions.GenericServerRunOptions.DefaultExternalHost(); err != nil {
+		return err
+	}
+	if err := serverOptions.SecureServing.MaybeDefaultWithSelfSignedCerts(serverOptions.GenericServerRunOptions.AdvertiseAddress.String()); err != nil {
+		glog.Fatalf("Error creating self-signed certificates: %v", err)
+	}
+
+	// validate options
 	if errs := serverOptions.Etcd.Validate(); len(errs) > 0 {
 		return utilerrors.NewAggregate(errs)
 	}
@@ -95,10 +98,8 @@ func (serverOptions *ServerRunOptions) Run(stopCh <-chan struct{}) error {
 	if errs := serverOptions.InsecureServing.Validate("insecure-port"); len(errs) > 0 {
 		return utilerrors.NewAggregate(errs)
 	}
-	if err := serverOptions.SecureServing.MaybeDefaultWithSelfSignedCerts(serverOptions.GenericServerRunOptions.AdvertiseAddress.String()); err != nil {
-		glog.Fatalf("Error creating self-signed certificates: %v", err)
-	}
 
+	// create config from options
 	config := genericapiserver.NewConfig().
 		ApplyOptions(serverOptions.GenericServerRunOptions).
 		ApplyInsecureServingOptions(serverOptions.InsecureServing)

federation/cmd/federation-apiserver/app/options/BUILD

@@ -9,7 +9,10 @@ load(
 
 go_library(
     name = "go_default_library",
-    srcs = ["options.go"],
+    srcs = [
+        "options.go",
+        "validation.go",
+    ],
     tags = ["automanaged"],
     deps = [
         "//pkg/genericapiserver/options:go_default_library",

federation/cmd/federation-apiserver/app/options/validation.go

@@ -0,0 +1,32 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package options
+
+func (options *ServerRunOptions) Validate() []error {
+	var errors []error
+	if errs := options.Etcd.Validate(); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
+	if errs := options.SecureServing.Validate(); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
+	if errs := options.InsecureServing.Validate("insecure-port"); len(errs) > 0 {
+		errors = append(errors, errs...)
+	}
+	// TODO: add more checks
+	return errors
+}

federation/cmd/federation-apiserver/app/server.go

@@ -68,18 +68,23 @@ cluster's shared state through which all other components interact.`,
 
 // Run runs the specified APIServer.  This should never exit.
 func Run(s *options.ServerRunOptions) error {
-	if errs := s.Etcd.Validate(); len(errs) > 0 {
+	// set defaults
-		utilerrors.NewAggregate(errs)
+	if err := s.GenericServerRunOptions.DefaultAdvertiseAddress(s.SecureServing, s.InsecureServing); err != nil {
-	}
-	if err := s.GenericServerRunOptions.DefaultExternalAddress(s.SecureServing, s.InsecureServing); err != nil {
 		return err
 	}
-
 	if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String()); err != nil {
 		return fmt.Errorf("error creating self-signed certificates: %v", err)
 	}
+	if err := s.GenericServerRunOptions.DefaultExternalHost(); err != nil {
+		return fmt.Errorf("error setting the external host value: %v", err)
+	}
 
-	genericapiserver.DefaultAndValidateRunOptions(s.GenericServerRunOptions)
+	// validate options
+	if errs := s.Validate(); len(errs) != 0 {
+		return utilerrors.NewAggregate(errs)
+	}
+
+	// create config from options
 	genericConfig := genericapiserver.NewConfig(). // create the new config
 							ApplyOptions(s.GenericServerRunOptions). // apply the options selected
 							ApplyInsecureServingOptions(s.InsecureServing)

hack/update-federation-openapi-spec.sh

@@ -61,8 +61,7 @@ kube::log::status "Starting federation-apiserver"
   --etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
   --advertise-address="10.10.10.10" \
   --cert-dir="${TMP_DIR}/certs" \
-  --token-auth-file=$TMP_DIR/tokenauth.csv \
+  --token-auth-file=$TMP_DIR/tokenauth.csv >/tmp/openapi-federation-api-server.log 2>&1 &
-  --service-cluster-ip-range="10.0.0.0/24" >/tmp/openapi-federation-api-server.log 2>&1 &
 APISERVER_PID=$!
 kube::util::wait_for_url "${API_HOST}:${API_PORT}/" "apiserver: "
 

pkg/apiserver/BUILD

@@ -19,7 +19,6 @@ go_library(
         "proxy.go",
         "resthandler.go",
         "serviceerror.go",
-        "validator.go",
         "watch.go",
     ],
     tags = ["automanaged"],
@@ -36,8 +35,6 @@ go_library(
         "//pkg/conversion:go_default_library",
         "//pkg/fields:go_default_library",
         "//pkg/httplog:go_default_library",
-        "//pkg/probe:go_default_library",
-        "//pkg/probe/http:go_default_library",
         "//pkg/runtime:go_default_library",
         "//pkg/runtime/schema:go_default_library",
         "//pkg/runtime/serializer/streaming:go_default_library",
@@ -73,7 +70,6 @@ go_test(
         "negotiate_test.go",
         "proxy_test.go",
         "resthandler_test.go",
-        "validator_test.go",
         "watch_test.go",
     ],
     library = "go_default_library",
@@ -93,7 +89,6 @@ go_test(
         "//pkg/apiserver/testing:go_default_library",
         "//pkg/fields:go_default_library",
         "//pkg/labels:go_default_library",
-        "//pkg/probe:go_default_library",
         "//pkg/runtime:go_default_library",
         "//pkg/runtime/schema:go_default_library",
         "//pkg/runtime/serializer/streaming:go_default_library",

pkg/apiserver/apiserver.go

@@ -22,7 +22,6 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
-	"net"
 	"net/http"
 	"path"
 	rt "runtime"
@@ -106,16 +105,6 @@ type APIGroupVersion struct {
 	ResourceLister APIResourceLister
 }
 
-type ProxyDialerFunc func(network, addr string) (net.Conn, error)
-
-// TODO: Pipe these in through the apiserver cmd line
-const (
-	// Minimum duration before timing out read/write requests
-	MinTimeoutSecs = 300
-	// Maximum duration before timing out read/write requests
-	MaxTimeoutSecs = 600
-)
-
 // staticLister implements the APIResourceLister interface
 type staticLister struct {
 	list []metav1.APIResource

pkg/genericapiserver/BUILD

@@ -30,7 +30,6 @@ go_library(
         "//pkg/admission:go_default_library",
         "//pkg/api:go_default_library",
         "//pkg/api/rest:go_default_library",
-        "//pkg/api/v1:go_default_library",
         "//pkg/apimachinery:go_default_library",
         "//pkg/apimachinery/registered:go_default_library",
         "//pkg/apis/meta/v1:go_default_library",
@@ -45,14 +44,12 @@ go_library(
         "//pkg/auth/handlers:go_default_library",
         "//pkg/auth/user:go_default_library",
         "//pkg/client/restclient:go_default_library",
-        "//pkg/cloudprovider:go_default_library",
         "//pkg/genericapiserver/authorizer:go_default_library",
         "//pkg/genericapiserver/filters:go_default_library",
         "//pkg/genericapiserver/mux:go_default_library",
         "//pkg/genericapiserver/openapi/common:go_default_library",
         "//pkg/genericapiserver/options:go_default_library",
         "//pkg/genericapiserver/routes:go_default_library",
-        "//pkg/genericapiserver/validation:go_default_library",
         "//pkg/healthz:go_default_library",
         "//pkg/runtime:go_default_library",
         "//pkg/runtime/schema:go_default_library",

pkg/genericapiserver/config.go

@@ -25,7 +25,6 @@ import (
 	"io/ioutil"
 	"net"
 	"net/http"
-	"os"
 	goruntime "runtime"
 	"sort"
 	"strconv"
@@ -34,13 +33,11 @@ import (
 
 	"github.com/emicklei/go-restful/swagger"
 	"github.com/go-openapi/spec"
-	"github.com/golang/glog"
 	"github.com/pborman/uuid"
 	"gopkg.in/natefinch/lumberjack.v2"
 
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
-	"k8s.io/kubernetes/pkg/api/v1"
 	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
 	apiserverauthenticator "k8s.io/kubernetes/pkg/apiserver/authenticator"
 	apiserverfilters "k8s.io/kubernetes/pkg/apiserver/filters"
@@ -52,14 +49,12 @@ import (
 	authhandlers "k8s.io/kubernetes/pkg/auth/handlers"
 	"k8s.io/kubernetes/pkg/auth/user"
 	"k8s.io/kubernetes/pkg/client/restclient"
-	"k8s.io/kubernetes/pkg/cloudprovider"
 	apiserverauthorizer "k8s.io/kubernetes/pkg/genericapiserver/authorizer"
 	genericfilters "k8s.io/kubernetes/pkg/genericapiserver/filters"
 	"k8s.io/kubernetes/pkg/genericapiserver/mux"
 	openapicommon "k8s.io/kubernetes/pkg/genericapiserver/openapi/common"
 	"k8s.io/kubernetes/pkg/genericapiserver/options"
 	"k8s.io/kubernetes/pkg/genericapiserver/routes"
-	genericvalidation "k8s.io/kubernetes/pkg/genericapiserver/validation"
 	"k8s.io/kubernetes/pkg/healthz"
 	"k8s.io/kubernetes/pkg/runtime"
 	certutil "k8s.io/kubernetes/pkg/util/cert"
@@ -632,45 +627,6 @@ func (s *GenericAPIServer) installAPI(c *Config) {
 	s.HandlerContainer.Add(s.DynamicApisDiscovery())
 }
 
-func DefaultAndValidateRunOptions(options *options.ServerRunOptions) {
-	genericvalidation.ValidateRunOptions(options)
-
-	glog.Infof("Will report %v as public IP address.", options.AdvertiseAddress)
-
-	// Set default value for ExternalAddress if not specified.
-	if len(options.ExternalHost) == 0 {
-		// TODO: extend for other providers
-		if options.CloudProvider == "gce" || options.CloudProvider == "aws" {
-			cloud, err := cloudprovider.InitCloudProvider(options.CloudProvider, options.CloudConfigFile)
-			if err != nil {
-				glog.Fatalf("Cloud provider could not be initialized: %v", err)
-			}
-			instances, supported := cloud.Instances()
-			if !supported {
-				glog.Fatalf("%q cloud provider has no instances.  this shouldn't happen. exiting.", options.CloudProvider)
-			}
-			hostname, err := os.Hostname()
-			if err != nil {
-				glog.Fatalf("Failed to get hostname: %v", err)
-			}
-			nodeName, err := instances.CurrentNodeName(hostname)
-			if err != nil {
-				glog.Fatalf("Failed to get NodeName: %v", err)
-			}
-			addrs, err := instances.NodeAddresses(nodeName)
-			if err != nil {
-				glog.Warningf("Unable to obtain external host address from cloud provider: %v", err)
-			} else {
-				for _, addr := range addrs {
-					if addr.Type == v1.NodeExternalIP {
-						options.ExternalHost = addr.Address
-					}
-				}
-			}
-		}
-	}
-}
-
 func NewRequestInfoResolver(c *Config) *request.RequestInfoFactory {
 	apiPrefixes := sets.NewString(strings.Trim(APIGroupPrefix, "/")) // all possible API prefixes
 	legacyAPIPrefixes := sets.String{}                               // APIPrefixes that won't have groups (legacy)

pkg/genericapiserver/options/BUILD

@@ -21,12 +21,14 @@ go_library(
     deps = [
         "//pkg/admission:go_default_library",
         "//pkg/api:go_default_library",
+        "//pkg/api/v1:go_default_library",
         "//pkg/apimachinery/registered:go_default_library",
         "//pkg/apiserver/authenticator:go_default_library",
         "//pkg/client/clientset_generated/clientset/typed/authentication/v1beta1:go_default_library",
         "//pkg/client/clientset_generated/clientset/typed/authorization/v1beta1:go_default_library",
         "//pkg/client/restclient:go_default_library",
         "//pkg/client/unversioned/clientcmd:go_default_library",
+        "//pkg/cloudprovider:go_default_library",
         "//pkg/controller/informers:go_default_library",
         "//pkg/genericapiserver/authorizer:go_default_library",
         "//pkg/runtime/schema:go_default_library",

pkg/genericapiserver/options/server_run_options.go

@@ -19,20 +19,20 @@ package options
 import (
 	"fmt"
 	"net"
+	"os"
 	"strings"
 
 	"k8s.io/kubernetes/pkg/admission"
 	"k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/v1"
 	"k8s.io/kubernetes/pkg/apimachinery/registered"
+	"k8s.io/kubernetes/pkg/cloudprovider"
 	"k8s.io/kubernetes/pkg/runtime/schema"
 	"k8s.io/kubernetes/pkg/util/config"
-	utilnet "k8s.io/kubernetes/pkg/util/net"
 
 	"github.com/spf13/pflag"
 )
 
-var DefaultServiceNodePortRange = utilnet.PortRange{Base: 30000, Size: 2768}
-
 // ServerRunOptions contains the options while running a generic api server.
 type ServerRunOptions struct {
 	AdmissionControl           string
@@ -54,14 +54,10 @@ type ServerRunOptions struct {
 	EnableSwaggerUI             bool
 	EnableWatchCache            bool
 	ExternalHost                string
-	KubernetesServiceNodePort   int
-	MasterCount                 int
 	MaxRequestsInFlight         int
 	MaxMutatingRequestsInFlight int
 	MinRequestTimeout           int
 	RuntimeConfig               config.ConfigurationMap
-	ServiceClusterIPRange       net.IPNet // TODO: make this a list
-	ServiceNodePortRange        utilnet.PortRange
 	StorageVersions             string
 	// The default values for StorageVersions. StorageVersions overrides
 	// these; you can change this if you want to change the defaults (e.g.,
@@ -81,17 +77,15 @@ func NewServerRunOptions() *ServerRunOptions {
 		EnableProfiling:             true,
 		EnableContentionProfiling:   false,
 		EnableWatchCache:            true,
-		MasterCount:                 1,
 		MaxRequestsInFlight:         400,
 		MaxMutatingRequestsInFlight: 200,
 		MinRequestTimeout:           1800,
 		RuntimeConfig:               make(config.ConfigurationMap),
-		ServiceNodePortRange:        DefaultServiceNodePortRange,
 		StorageVersions:             registered.AllPreferredGroupVersions(),
 	}
 }
 
-func (s *ServerRunOptions) DefaultExternalAddress(secure *SecureServingOptions, insecure *ServingOptions) error {
+func (s *ServerRunOptions) DefaultAdvertiseAddress(secure *SecureServingOptions, insecure *ServingOptions) error {
 	if s.AdvertiseAddress == nil || s.AdvertiseAddress.IsUnspecified() {
 		switch {
 		case secure != nil:
@@ -115,6 +109,44 @@ func (s *ServerRunOptions) DefaultExternalAddress(secure *SecureServingOptions,
 	return nil
 }
 
+func (options *ServerRunOptions) DefaultExternalHost() error {
+	if len(options.ExternalHost) != 0 {
+		return nil
+	}
+
+	// TODO: extend for other providers
+	if options.CloudProvider == "gce" || options.CloudProvider == "aws" {
+		cloud, err := cloudprovider.InitCloudProvider(options.CloudProvider, options.CloudConfigFile)
+		if err != nil {
+			return fmt.Errorf("%q cloud provider could not be initialized: %v", options.CloudProvider, err)
+		}
+		instances, supported := cloud.Instances()
+		if !supported {
+			return fmt.Errorf("%q cloud provider has no instances", options.CloudProvider)
+		}
+		hostname, err := os.Hostname()
+		if err != nil {
+			return fmt.Errorf("failed to get hostname: %v", err)
+		}
+		nodeName, err := instances.CurrentNodeName(hostname)
+		if err != nil {
+			return fmt.Errorf("failed to get NodeName from %q cloud provider: %v", options.CloudProvider, err)
+		}
+		addrs, err := instances.NodeAddresses(nodeName)
+		if err != nil {
+			return fmt.Errorf("failed to get external host address from %q cloud provider: %v", options.CloudProvider, err)
+		} else {
+			for _, addr := range addrs {
+				if addr.Type == v1.NodeExternalIP {
+					options.ExternalHost = addr.Address
+				}
+			}
+		}
+	}
+
+	return nil
+}
+
 // StorageGroupsToEncodingVersion returns a map from group name to group version,
 // computed from s.StorageVersions flag.
 func (s *ServerRunOptions) StorageGroupsToEncodingVersion() (map[string]schema.GroupVersion, error) {
@@ -227,22 +259,12 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 	fs.StringVar(&s.ExternalHost, "external-hostname", s.ExternalHost,
 		"The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs).")
 
-	// See #14282 for details on how to test/try this option out.
-	// TODO: remove this comment once this option is tested in CI.
-	fs.IntVar(&s.KubernetesServiceNodePort, "kubernetes-service-node-port", s.KubernetesServiceNodePort, ""+
-		"If non-zero, the Kubernetes master service (which apiserver creates/maintains) will be "+
-		"of type NodePort, using this as the value of the port. If zero, the Kubernetes master "+
-		"service will be of type ClusterIP.")
-
 	// TODO: remove post-1.6
 	fs.String("long-running-request-regexp", "", ""+
 		"A regular expression matching long running requests which should "+
 		"be excluded from maximum inflight request handling.")
 	fs.MarkDeprecated("long-running-request-regexp", "regular expression matching of long-running requests is no longer supported")
 
-	fs.IntVar(&s.MasterCount, "apiserver-count", s.MasterCount,
-		"The number of apiservers running in the cluster.")
-
 	deprecatedMasterServiceNamespace := api.NamespaceDefault
 	fs.StringVar(&deprecatedMasterServiceNamespace, "master-service-namespace", deprecatedMasterServiceNamespace, ""+
 		"DEPRECATED: the namespace from which the kubernetes master services should be injected into pods.")
@@ -267,20 +289,6 @@ func (s *ServerRunOptions) AddUniversalFlags(fs *pflag.FlagSet) {
 		"apis/<groupVersion>/<resource> can be used to turn on/off specific resources. api/all and "+
 		"api/legacy are special keys to control all and legacy api versions respectively.")
 
-	fs.IPNetVar(&s.ServiceClusterIPRange, "service-cluster-ip-range", s.ServiceClusterIPRange, ""+
-		"A CIDR notation IP range from which to assign service cluster IPs. This must not "+
-		"overlap with any IP ranges assigned to nodes for pods.")
-
-	fs.IPNetVar(&s.ServiceClusterIPRange, "portal-net", s.ServiceClusterIPRange,
-		"DEPRECATED: see --service-cluster-ip-range instead.")
-	fs.MarkDeprecated("portal-net", "see --service-cluster-ip-range instead")
-
-	fs.Var(&s.ServiceNodePortRange, "service-node-port-range", ""+
-		"A port range to reserve for services with NodePort visibility. "+
-		"Example: '30000-32767'. Inclusive at both ends of the range.")
-	fs.Var(&s.ServiceNodePortRange, "service-node-ports", "DEPRECATED: see --service-node-port-range instead")
-	fs.MarkDeprecated("service-node-ports", "see --service-node-port-range instead")
-
 	deprecatedStorageVersion := ""
 	fs.StringVar(&deprecatedStorageVersion, "storage-version", deprecatedStorageVersion,
 		"DEPRECATED: the version to store the legacy v1 resources with. Defaults to server preferred.")

pkg/genericapiserver/validation/BUILD

@@ -1,19 +0,0 @@
-package(default_visibility = ["//visibility:public"])
-
-licenses(["notice"])
-
-load(
-    "@io_bazel_rules_go//go:def.bzl",
-    "go_library",
-)
-
-go_library(
-    name = "go_default_library",
-    srcs = ["universal_validation.go"],
-    tags = ["automanaged"],
-    deps = [
-        "//pkg/genericapiserver/options:go_default_library",
-        "//pkg/util/errors:go_default_library",
-        "//vendor:github.com/golang/glog",
-    ],
-)

pkg/kubelet/client/kubelet_client.go

@@ -17,7 +17,6 @@ limitations under the License.
 package client
 
 import (
-	"net"
 	"net/http"
 	"strconv"
 	"time"
@@ -50,7 +49,7 @@ type KubeletClientConfig struct {
 	HTTPTimeout time.Duration
 
 	// Dial is a custom dialer used for the client
-	Dial func(net, addr string) (net.Conn, error)
+	Dial utilnet.DialFunc
 }
 
 // ConnectionInfo provides the information needed to connect to a kubelet

pkg/master/BUILD

@@ -19,6 +19,7 @@ go_library(
     ],
     tags = ["automanaged"],
     deps = [
+        "//cmd/kube-apiserver/app/options:go_default_library",
         "//pkg/api:go_default_library",
         "//pkg/api/endpoints:go_default_library",
         "//pkg/api/errors:go_default_library",
@@ -51,7 +52,6 @@ go_library(
         "//pkg/client/clientset_generated/clientset/typed/core/v1:go_default_library",
         "//pkg/client/clientset_generated/internalclientset/typed/core/internalversion:go_default_library",
         "//pkg/genericapiserver:go_default_library",
-        "//pkg/genericapiserver/options:go_default_library",
         "//pkg/healthz:go_default_library",
         "//pkg/kubelet/client:go_default_library",
         "//pkg/master/thirdparty:go_default_library",

pkg/master/master.go

@@ -24,6 +24,7 @@ import (
 	"strconv"
 	"time"
 
+	"k8s.io/kubernetes/cmd/kube-apiserver/app/options"
 	"k8s.io/kubernetes/pkg/api"
 	apiv1 "k8s.io/kubernetes/pkg/api/v1"
 	appsapi "k8s.io/kubernetes/pkg/apis/apps/v1beta1"
@@ -39,7 +40,6 @@ import (
 	corev1client "k8s.io/kubernetes/pkg/client/clientset_generated/clientset/typed/core/v1"
 	coreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion"
 	"k8s.io/kubernetes/pkg/genericapiserver"
-	"k8s.io/kubernetes/pkg/genericapiserver/options"
 	"k8s.io/kubernetes/pkg/healthz"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
 	"k8s.io/kubernetes/pkg/master/thirdparty"
@@ -116,7 +116,6 @@ type Config struct {
 	// Port names should align with ports defined in ExtraServicePorts
 	ExtraEndpointPorts []api.EndpointPort
 	// If non-zero, the "kubernetes" services uses this port as NodePort.
-	// TODO(sttts): move into master
 	KubernetesServiceNodePort int
 
 	// Number of masters running; all masters must be started with the

pkg/registry/core/componentstatus/BUILD

@@ -13,27 +13,30 @@ go_library(
     srcs = [
         "doc.go",
         "rest.go",
+        "validator.go",
     ],
     tags = ["automanaged"],
     deps = [
         "//pkg/api:go_default_library",
         "//pkg/apis/meta/v1:go_default_library",
-        "//pkg/apiserver:go_default_library",
         "//pkg/probe:go_default_library",
         "//pkg/probe/http:go_default_library",
         "//pkg/runtime:go_default_library",
+        "//pkg/util/net:go_default_library",
     ],
 )
 
 go_test(
     name = "go_default_test",
-    srcs = ["rest_test.go"],
+    srcs = [
+        "rest_test.go",
+        "validator_test.go",
+    ],
     library = "go_default_library",
     tags = ["automanaged"],
     deps = [
         "//pkg/api:go_default_library",
         "//pkg/apis/meta/v1:go_default_library",
-        "//pkg/apiserver:go_default_library",
         "//pkg/probe:go_default_library",
         "//pkg/util/diff:go_default_library",
     ],

pkg/registry/core/componentstatus/rest.go

@@ -23,19 +23,18 @@ import (
 
 	"k8s.io/kubernetes/pkg/api"
 	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
-	"k8s.io/kubernetes/pkg/apiserver"
 	"k8s.io/kubernetes/pkg/probe"
 	httpprober "k8s.io/kubernetes/pkg/probe/http"
 	"k8s.io/kubernetes/pkg/runtime"
 )
 
 type REST struct {
-	GetServersToValidate func() map[string]apiserver.Server
+	GetServersToValidate func() map[string]Server
 	prober               httpprober.HTTPProber
 }
 
 // NewStorage returns a new REST.
-func NewStorage(serverRetriever func() map[string]apiserver.Server) *REST {
+func NewStorage(serverRetriever func() map[string]Server) *REST {
 	return &REST{
 		GetServersToValidate: serverRetriever,
 		prober:               httpprober.New(),
@@ -59,7 +58,7 @@ func (rs *REST) List(ctx api.Context, options *api.ListOptions) (runtime.Object,
 	wait.Add(len(servers))
 	statuses := make(chan api.ComponentStatus, len(servers))
 	for k, v := range servers {
-		go func(name string, server apiserver.Server) {
+		go func(name string, server Server) {
 			defer wait.Done()
 			status := rs.getComponentStatus(name, server)
 			statuses <- *status
@@ -96,7 +95,7 @@ func ToConditionStatus(s probe.Result) api.ConditionStatus {
 	}
 }
 
-func (rs *REST) getComponentStatus(name string, server apiserver.Server) *api.ComponentStatus {
+func (rs *REST) getComponentStatus(name string, server Server) *api.ComponentStatus {
 	status, msg, err := server.DoServerCheck(rs.prober)
 	errorMsg := ""
 	if err != nil {

pkg/registry/core/componentstatus/rest_test.go

@@ -28,7 +28,6 @@ import (
 
 	"k8s.io/kubernetes/pkg/api"
 	metav1 "k8s.io/kubernetes/pkg/apis/meta/v1"
-	"k8s.io/kubernetes/pkg/apiserver"
 	"k8s.io/kubernetes/pkg/probe"
 	"k8s.io/kubernetes/pkg/util/diff"
 )
@@ -51,8 +50,8 @@ type testResponse struct {
 
 func NewTestREST(resp testResponse) *REST {
 	return &REST{
-		GetServersToValidate: func() map[string]apiserver.Server {
+		GetServersToValidate: func() map[string]Server {
-			return map[string]apiserver.Server{
+			return map[string]Server{
 				"test1": {Addr: "testserver1", Port: 8000, Path: "/healthz"},
 			}
 		},

pkg/registry/core/componentstatus/validator.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package apiserver
+package componentstatus
 
 import (
 	"net/http"

pkg/registry/core/componentstatus/validator_test.go

@@ -14,32 +14,16 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package apiserver
+package componentstatus
 
 import (
 	"errors"
 	"fmt"
 	"testing"
 
-	"net/http"
-	"net/url"
-	"time"
-
 	"k8s.io/kubernetes/pkg/probe"
 )
 
-type fakeHttpProber struct {
-	result probe.Result
-	body   string
-	err    error
-}
-
-func (f *fakeHttpProber) Probe(*url.URL, http.Header, time.Duration) (probe.Result, string, error) {
-	return f.result, f.body, f.err
-}
-
-func alwaysError([]byte) error { return errors.New("test error") }
-
 func matchError(data []byte) error {
 	if string(data) != "bar" {
 		return errors.New("match error")

pkg/registry/core/rest/BUILD

@@ -16,7 +16,6 @@ go_library(
         "//pkg/api:go_default_library",
         "//pkg/api/rest:go_default_library",
         "//pkg/apimachinery/registered:go_default_library",
-        "//pkg/apiserver:go_default_library",
         "//pkg/client/clientset_generated/internalclientset/typed/policy/internalversion:go_default_library",
         "//pkg/client/restclient:go_default_library",
         "//pkg/genericapiserver:go_default_library",

pkg/registry/core/rest/storage_core.go

@@ -30,7 +30,6 @@ import (
 	"k8s.io/kubernetes/pkg/api"
 	"k8s.io/kubernetes/pkg/api/rest"
 	"k8s.io/kubernetes/pkg/apimachinery/registered"
-	"k8s.io/kubernetes/pkg/apiserver"
 	policyclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/policy/internalversion"
 	"k8s.io/kubernetes/pkg/client/restclient"
 	"k8s.io/kubernetes/pkg/genericapiserver"
@@ -243,8 +242,8 @@ type componentStatusStorage struct {
 	storageFactory genericapiserver.StorageFactory
 }
 
-func (s componentStatusStorage) serversToValidate() map[string]apiserver.Server {
+func (s componentStatusStorage) serversToValidate() map[string]componentstatus.Server {
-	serversToValidate := map[string]apiserver.Server{
+	serversToValidate := map[string]componentstatus.Server{
 		"controller-manager": {Addr: "127.0.0.1", Port: ports.ControllerManagerPort, Path: "/healthz"},
 		"scheduler":          {Addr: "127.0.0.1", Port: ports.SchedulerPort, Path: "/healthz"},
 	}
@@ -270,7 +269,7 @@ func (s componentStatusStorage) serversToValidate() map[string]apiserver.Server
 			port = 2379
 		}
 		// TODO: etcd health checking should be abstracted in the storage tier
-		serversToValidate[fmt.Sprintf("etcd-%d", ix)] = apiserver.Server{
+		serversToValidate[fmt.Sprintf("etcd-%d", ix)] = componentstatus.Server{
 			Addr:        addr,
 			EnableHTTPS: etcdUrl.Scheme == "https",
 			Port:        port,

pkg/util/proxy/dial_test.go

@@ -44,7 +44,7 @@ func TestDialURL(t *testing.T) {
 
 	testcases := map[string]struct {
 		TLSConfig   *tls.Config
-		Dial        func(network, addr string) (net.Conn, error)
+		Dial        utilnet.DialFunc
 		ExpectError string
 	}{
 		"insecure": {

test/e2e_node/services/apiserver.go

@@ -46,7 +46,7 @@ func (a *APIServer) Start() error {
 	if err != nil {
 		return err
 	}
-	config.GenericServerRunOptions.ServiceClusterIPRange = *ipnet
+	config.ServiceClusterIPRange = *ipnet
 	config.AllowPrivileged = true
 	errCh := make(chan error)
 	go func() {

test/integration/federation/server_test.go

@@ -20,8 +20,8 @@ import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
-	"net"
 	"net/http"
+	"os"
 	"testing"
 	"time"
 
@@ -45,12 +45,18 @@ var groupVersions = []schema.GroupVersion{
 }
 
 func TestRun(t *testing.T) {
+	certDir, err := ioutil.TempDir("", "")
+	if err != nil {
+		t.Fatalf("Failed to create temporary certificate directory: %v", err)
+	}
+	defer os.RemoveAll(certDir)
+
 	s := options.NewServerRunOptions()
 	s.SecureServing.ServingOptions.BindPort = securePort
 	s.InsecureServing.BindPort = insecurePort
-	_, ipNet, _ := net.ParseCIDR("10.10.10.0/24")
-	s.GenericServerRunOptions.ServiceClusterIPRange = *ipNet
 	s.Etcd.StorageConfig.ServerList = []string{"http://localhost:2379"}
+	s.SecureServing.ServerCert.CertDirectory = certDir
+
 	go func() {
 		if err := app.Run(s); err != nil {
 			t.Fatalf("Error in bringing up the server: %v", err)