add admission into RecommendedOption

2025-08-10 04:27:54 +00:00 · 2017-12-01 11:07:28 +08:00 · 2017-12-01 11:07:28 +08:00 · 6149df089e
commit 6149df089e
parent 45db5e7260
10 changed files with 76 additions and 34 deletions
--- a/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go
+++ b/staging/src/k8s.io/apiextensions-apiserver/pkg/cmd/server/start.go
@ -98,7 +98,7 @@ func (o CustomResourceDefinitionsServerOptions) Config() (*apiserver.Config, err
 	}

 	serverConfig := genericapiserver.NewRecommendedConfig(apiserver.Codecs)
-	if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
+	if err := o.RecommendedOptions.ApplyTo(serverConfig, apiserver.Scheme); err != nil {
 		return nil, err
 	}

--- a/staging/src/k8s.io/apiextensions-apiserver/test/integration/testserver/start.go
+++ b/staging/src/k8s.io/apiextensions-apiserver/test/integration/testserver/start.go
@ -45,6 +45,7 @@ func DefaultServerConfig() (*extensionsapiserver.Config, error) {
 	options.RecommendedOptions.SecureServing.BindPort = port
 	options.RecommendedOptions.Authentication = nil // disable
 	options.RecommendedOptions.Authorization = nil  // disable
+	options.RecommendedOptions.Admission = nil      // disable
 	options.RecommendedOptions.SecureServing.BindAddress = net.ParseIP("127.0.0.1")
 	etcdURL, ok := os.LookupEnv("KUBE_INTEGRATION_ETCD_URL")
 	if !ok {
@ -58,7 +59,7 @@ func DefaultServerConfig() (*extensionsapiserver.Config, error) {
 	if err := options.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
 		return nil, fmt.Errorf("error creating self-signed certificates: %v", err)
 	}
-	if err := options.RecommendedOptions.ApplyTo(genericConfig); err != nil {
+	if err := options.RecommendedOptions.ApplyTo(genericConfig, nil); err != nil {
 		return nil, err
 	}

--- a/staging/src/k8s.io/apiserver/pkg/server/config.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/config.go
@ -188,9 +188,13 @@ type Config struct {
 	PublicAddress net.IP
 }

+type AdmissionInitializersInitFunc func() (admission.PluginInitializer, error)
+
 type RecommendedConfig struct {
 	Config

+	ExtraAdmissionInitializersInitFunc []AdmissionInitializersInitFunc
+
 	// SharedInformerFactory provides shared informers for Kubernetes resources. This value is set by
 	// RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. It uses an in-cluster client config
 	// by default, or the kubeconfig given with kubeconfig command line flag.
@ -259,6 +263,7 @@ func NewConfig(codecs serializer.CodecFactory) *Config {
 func NewRecommendedConfig(codecs serializer.CodecFactory) *RecommendedConfig {
 	return &RecommendedConfig{
 		Config: *NewConfig(codecs),
+		ExtraAdmissionInitializersInitFunc: make([]AdmissionInitializersInitFunc, 0),
 	}
 }

--- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go
@ -100,6 +100,10 @@ func (a *AdmissionOptions) ApplyTo(
 	scheme *runtime.Scheme,
 	pluginInitializers ...admission.PluginInitializer,
 ) error {
+	if a == nil {
+		return nil
+	}
+
 	pluginNames := a.PluginNames
 	if len(a.PluginNames) == 0 {
 		pluginNames = a.enabledPluginNames()
--- a/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go
+++ b/staging/src/k8s.io/apiserver/pkg/server/options/recommended.go
@ -17,9 +17,12 @@ limitations under the License.
 package options

 import (
+	"fmt"
+
 	"github.com/spf13/pflag"

 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/admission"
 	"k8s.io/apiserver/pkg/server"
 	"k8s.io/apiserver/pkg/storage/storagebackend"
 )
@ -35,6 +38,7 @@ type RecommendedOptions struct {
 	Audit          *AuditOptions
 	Features       *FeatureOptions
 	CoreAPI        *CoreAPIOptions
+	Admission      *AdmissionOptions
 }

 func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptions {
@ -46,6 +50,7 @@ func NewRecommendedOptions(prefix string, codec runtime.Codec) *RecommendedOptio
 		Audit:          NewAuditOptions(),
 		Features:       NewFeatureOptions(),
 		CoreAPI:        NewCoreAPIOptions(),
+		Admission:      NewAdmissionOptions(),
 	}
 }

@ -57,9 +62,13 @@ func (o *RecommendedOptions) AddFlags(fs *pflag.FlagSet) {
 	o.Audit.AddFlags(fs)
 	o.Features.AddFlags(fs)
 	o.CoreAPI.AddFlags(fs)
+	o.Admission.AddFlags(fs)
 }

-func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error {
+// ApplyTo adds RecommendedOptions to the server configuration.
+// scheme is the scheme of the apiserver types that are sent to the admission chain.
+// pluginInitializers can be empty, it is only need for additional initializers.
+func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig, scheme *runtime.Scheme) error {
 	if err := o.Etcd.ApplyTo(&config.Config); err != nil {
 		return err
 	}
@ -81,6 +90,36 @@ func (o *RecommendedOptions) ApplyTo(config *server.RecommendedConfig) error {
 	if err := o.CoreAPI.ApplyTo(config); err != nil {
 		return err
 	}
+	if o.Admission != nil {
+		// Admission depends on CoreAPI to set SharedInformerFactory and ClientConfig.
+		if o.CoreAPI == nil {
+			return fmt.Errorf("admission depends on CoreAPI, so it must be set")
+		}
+		// Admission need scheme to construct admission initializer.
+		if scheme == nil {
+			return fmt.Errorf("admission depends on shceme, so it must be set")
+		}
+
+		pluginInitializers := []admission.PluginInitializer{}
+		for _, initFunc := range config.ExtraAdmissionInitializersInitFunc {
+			intializer, err := initFunc()
+			if err != nil {
+				return err
+			}
+			pluginInitializers = append(pluginInitializers, intializer)
+		}
+
+		err := o.Admission.ApplyTo(
+			&config.Config,
+			config.SharedInformerFactory,
+			config.ClientConfig,
+			scheme,
+			pluginInitializers...)
+		if err != nil {
+			return err
+		}
+	}
+
 	return nil
 }

@ -93,6 +132,7 @@ func (o *RecommendedOptions) Validate() []error {
 	errors = append(errors, o.Audit.Validate()...)
 	errors = append(errors, o.Features.Validate()...)
 	errors = append(errors, o.CoreAPI.Validate()...)
+	errors = append(errors, o.Admission.Validate()...)

 	return errors
 }
--- a/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go
+++ b/staging/src/k8s.io/kube-aggregator/pkg/cmd/server/start.go
@ -109,7 +109,7 @@ func (o AggregatorOptions) RunAggregator(stopCh <-chan struct{}) error {

 	serverConfig := genericapiserver.NewRecommendedConfig(apiserver.Codecs)

-	if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
+	if err := o.RecommendedOptions.ApplyTo(serverConfig, apiserver.Scheme); err != nil {
 		return err
 	}
 	serverConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(
--- a/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go
+++ b/staging/src/k8s.io/sample-apiserver/pkg/admission/plugin/banflunder/admission_test.go
@ -113,10 +113,7 @@ func TestBanflunderAdmissionPlugin(t *testing.T) {
 				t.Fatalf("scenario %d: failed to create banflunder admission plugin due to = %v", index, err)
 			}

-			targetInitializer, err := wardleinitializer.New(informersFactory)
-			if err != nil {
-				t.Fatalf("scenario %d: failed to crate wardle plugin initializer due to = %v", index, err)
-			}
+			targetInitializer := wardleinitializer.New(informersFactory)
 			targetInitializer.Initialize(target)

 			err = admission.ValidateInitialization(target)
--- a/staging/src/k8s.io/sample-apiserver/pkg/admission/wardleinitializer/wardleinitializer.go
+++ b/staging/src/k8s.io/sample-apiserver/pkg/admission/wardleinitializer/wardleinitializer.go
@ -28,10 +28,10 @@ type pluginInitializer struct {
 var _ admission.PluginInitializer = pluginInitializer{}

 // New creates an instance of wardle admission plugins initializer.
-func New(informers informers.SharedInformerFactory) (pluginInitializer, error) {
+func New(informers informers.SharedInformerFactory) pluginInitializer {
 	return pluginInitializer{
 		informers: informers,
-	}, nil
+	}
 }

 // Initialize checks the initialization interfaces implemented by a plugin
--- a/staging/src/k8s.io/sample-apiserver/pkg/admission/wardleinitializer/wardleinitializer_test.go
+++ b/staging/src/k8s.io/sample-apiserver/pkg/admission/wardleinitializer/wardleinitializer_test.go
@ -31,10 +31,8 @@ import (
 func TestWantsInternalWardleInformerFactory(t *testing.T) {
 	cs := &fake.Clientset{}
 	sf := informers.NewSharedInformerFactory(cs, time.Duration(1)*time.Second)
-	target, err := wardleinitializer.New(sf)
-	if err != nil {
-		t.Fatalf("expected to create an instance of initializer but got an error = %s", err.Error())
-	}
+	target := wardleinitializer.New(sf)
+
 	wantWardleInformerFactory := &wantInternalWardleInformerFactory{}
 	target.Initialize(wantWardleInformerFactory)
 	if wantWardleInformerFactory.sf != sf {
--- a/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go
+++ b/staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go
@ -24,6 +24,7 @@ import (
 	"github.com/spf13/cobra"

 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
+	"k8s.io/apiserver/pkg/admission"
 	genericapiserver "k8s.io/apiserver/pkg/server"
 	genericoptions "k8s.io/apiserver/pkg/server/options"
 	"k8s.io/sample-apiserver/pkg/admission/plugin/banflunder"
@ -38,16 +39,15 @@ const defaultEtcdPathPrefix = "/registry/wardle.kubernetes.io"

 type WardleServerOptions struct {
 	RecommendedOptions *genericoptions.RecommendedOptions
-	Admission          *genericoptions.AdmissionOptions

-	StdOut io.Writer
-	StdErr io.Writer
+	SharedInformerFactory informers.SharedInformerFactory
+	StdOut                io.Writer
+	StdErr                io.Writer
 }

 func NewWardleServerOptions(out, errOut io.Writer) *WardleServerOptions {
 	o := &WardleServerOptions{
 		RecommendedOptions: genericoptions.NewRecommendedOptions(defaultEtcdPathPrefix, apiserver.Codecs.LegacyCodec(v1alpha1.SchemeGroupVersion)),
-		Admission:          genericoptions.NewAdmissionOptions(),

 		StdOut: out,
 		StdErr: errOut,
@ -79,7 +79,6 @@ func NewCommandStartWardleServer(out, errOut io.Writer, stopCh <-chan struct{})

 	flags := cmd.Flags()
 	o.RecommendedOptions.AddFlags(flags)
-	o.Admission.AddFlags(flags)

 	return cmd
 }
@ -87,7 +86,6 @@ func NewCommandStartWardleServer(out, errOut io.Writer, stopCh <-chan struct{})
 func (o WardleServerOptions) Validate(args []string) error {
 	errors := []error{}
 	errors = append(errors, o.RecommendedOptions.Validate()...)
-	errors = append(errors, o.Admission.Validate()...)
 	return utilerrors.NewAggregate(errors)
 }

@ -95,9 +93,9 @@ func (o *WardleServerOptions) Complete() error {
 	return nil
 }

-func (o WardleServerOptions) Config() (*apiserver.Config, error) {
+func (o *WardleServerOptions) Config() (*apiserver.Config, error) {
 	// register admission plugins
-	banflunder.Register(o.Admission.Plugins)
+	banflunder.Register(o.RecommendedOptions.Admission.Plugins)

 	// TODO have a "real" external address
 	if err := o.RecommendedOptions.SecureServing.MaybeDefaultWithSelfSignedCerts("localhost", nil, []net.IP{net.ParseIP("127.0.0.1")}); err != nil {
@ -105,21 +103,20 @@ func (o WardleServerOptions) Config() (*apiserver.Config, error) {
 	}

 	serverConfig := genericapiserver.NewRecommendedConfig(apiserver.Codecs)
-	if err := o.RecommendedOptions.ApplyTo(serverConfig); err != nil {
-		return nil, err
+
+	admissionInitializerInitFunc := func() (admission.PluginInitializer, error) {
+		client, err := clientset.NewForConfig(serverConfig.LoopbackClientConfig)
+		if err != nil {
+			return nil, err
+		}
+		informerFactory := informers.NewSharedInformerFactory(client, serverConfig.LoopbackClientConfig.Timeout)
+		o.SharedInformerFactory = informerFactory
+		return wardleinitializer.New(informerFactory), nil
 	}

-	client, err := clientset.NewForConfig(serverConfig.LoopbackClientConfig)
-	if err != nil {
-		return nil, err
-	}
-	informerFactory := informers.NewSharedInformerFactory(client, serverConfig.LoopbackClientConfig.Timeout)
-	admissionInitializer, err := wardleinitializer.New(informerFactory)
-	if err != nil {
-		return nil, err
-	}
+	serverConfig.ExtraAdmissionInitializersInitFunc = []genericapiserver.AdmissionInitializersInitFunc{admissionInitializerInitFunc}

-	if err := o.Admission.ApplyTo(&serverConfig.Config, serverConfig.SharedInformerFactory, serverConfig.ClientConfig, apiserver.Scheme, admissionInitializer); err != nil {
+	if err := o.RecommendedOptions.ApplyTo(serverConfig, apiserver.Scheme); err != nil {
 		return nil, err
 	}