From 364b66ddd6554a898724b6781fd90a15a38ddb41 Mon Sep 17 00:00:00 2001 From: Andy Goldstein Date: Tue, 14 Mar 2023 16:24:50 -0400 Subject: [PATCH] admission ApplyTo: take in clients Change admission ApplyTo() to take in clients instead of a rest.Config. Signed-off-by: Andy Goldstein --- cmd/kube-apiserver/app/server.go | 10 +++++++++- pkg/kubeapiserver/options/admission.go | 8 +++++--- .../apiserver/pkg/server/options/admission.go | 15 ++++----------- .../apiserver/pkg/server/options/recommended.go | 17 ++++++++++++++--- 4 files changed, 32 insertions(+), 18 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index a410b61ede8..dc1d5273996 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -30,6 +30,7 @@ import ( "time" "github.com/spf13/cobra" + "k8s.io/client-go/dynamic" oteltrace "go.opentelemetry.io/otel/trace" @@ -461,10 +462,17 @@ func buildGenericConfig( return } + dynamicExternalClient, err := dynamic.NewForConfig(kubeClientConfig) + if err != nil { + lastErr = fmt.Errorf("failed to create real dynamic external client: %w", err) + return + } + err = s.Admission.ApplyTo( genericConfig, versionedInformers, - kubeClientConfig, + clientgoExternalClient, + dynamicExternalClient, utilfeature.DefaultFeatureGate, pluginInitializers...) if err != nil { diff --git a/pkg/kubeapiserver/options/admission.go b/pkg/kubeapiserver/options/admission.go index 3d8c8ce2ad9..68b31cc58de 100644 --- a/pkg/kubeapiserver/options/admission.go +++ b/pkg/kubeapiserver/options/admission.go @@ -21,13 +21,14 @@ import ( "strings" "github.com/spf13/pflag" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/kubernetes" "k8s.io/apimachinery/pkg/util/sets" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/server" genericoptions "k8s.io/apiserver/pkg/server/options" "k8s.io/client-go/informers" - "k8s.io/client-go/rest" "k8s.io/component-base/featuregate" ) @@ -108,7 +109,8 @@ func (a *AdmissionOptions) Validate() []error { func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, - kubeAPIServerClientConfig *rest.Config, + kubeClient kubernetes.Interface, + dynamicClient dynamic.Interface, features featuregate.FeatureGate, pluginInitializers ...admission.PluginInitializer, ) error { @@ -121,7 +123,7 @@ func (a *AdmissionOptions) ApplyTo( a.GenericAdmission.EnablePlugins, a.GenericAdmission.DisablePlugins = computePluginNames(a.PluginNames, a.GenericAdmission.RecommendedPluginOrder) } - return a.GenericAdmission.ApplyTo(c, informers, kubeAPIServerClientConfig, features, pluginInitializers...) + return a.GenericAdmission.ApplyTo(c, informers, kubeClient, dynamicClient, features, pluginInitializers...) } // explicitly disable all plugins that are not in the enabled list diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index 5ee0036de1f..6f4990a7e2c 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -39,7 +39,6 @@ import ( "k8s.io/client-go/dynamic" "k8s.io/client-go/informers" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/rest" "k8s.io/component-base/featuregate" ) @@ -123,7 +122,8 @@ func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { func (a *AdmissionOptions) ApplyTo( c *server.Config, informers informers.SharedInformerFactory, - kubeAPIServerClientConfig *rest.Config, + kubeClient kubernetes.Interface, + dynamicClient dynamic.Interface, features featuregate.FeatureGate, pluginInitializers ...admission.PluginInitializer, ) error { @@ -143,15 +143,8 @@ func (a *AdmissionOptions) ApplyTo( return fmt.Errorf("failed to read plugin config: %v", err) } - clientset, err := kubernetes.NewForConfig(kubeAPIServerClientConfig) - if err != nil { - return err - } - dynamicClient, err := dynamic.NewForConfig(kubeAPIServerClientConfig) - if err != nil { - return err - } - genericInitializer := initializer.New(clientset, dynamicClient, informers, c.Authorization.Authorizer, features, c.DrainedNotify()) + genericInitializer := initializer.New(kubeClient, dynamicClient, informers, c.Authorization.Authorizer, features, + c.DrainedNotify()) initializersChain := admission.PluginInitializers{genericInitializer} initializersChain = append(initializersChain, pluginInitializers...) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go index 28aad0daf63..073c2180d5e 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go @@ -20,7 +20,6 @@ import ( "fmt" "github.com/spf13/pflag" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/admission" "k8s.io/apiserver/pkg/features" @@ -28,6 +27,7 @@ import ( "k8s.io/apiserver/pkg/storage/storagebackend" "k8s.io/apiserver/pkg/util/feature" utilflowcontrol "k8s.io/apiserver/pkg/util/flowcontrol" + "k8s.io/client-go/dynamic" "k8s.io/client-go/kubernetes" "k8s.io/component-base/featuregate" "k8s.io/klog/v2" @@ -131,9 +131,20 @@ func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error { if err := o.CoreAPI.ApplyTo(config); err != nil { return err } - if initializers, err := o.ExtraAdmissionInitializers(config); err != nil { + initializers, err := o.ExtraAdmissionInitializers(config) + if err != nil { return err - } else if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, config.ClientConfig, o.FeatureGate, initializers...); err != nil { + } + kubeClient, err := kubernetes.NewForConfig(config.ClientConfig) + if err != nil { + return err + } + dynamicClient, err := dynamic.NewForConfig(config.ClientConfig) + if err != nil { + return err + } + if err := o.Admission.ApplyTo(&config.Config, config.SharedInformerFactory, kubeClient, dynamicClient, o.FeatureGate, + initializers...); err != nil { return err } if feature.DefaultFeatureGate.Enabled(features.APIPriorityAndFairness) {