From 1cccfc70744c64f651d29e10d36ae2afe3723174 Mon Sep 17 00:00:00 2001 From: nikhiljindal Date: Tue, 15 Mar 2016 16:41:07 -0700 Subject: [PATCH 1/2] Disabling swagger ui by default. Adding a flag to enable it --- cmd/kube-apiserver/app/options/options.go | 2 + .../app/options/options_test.go | 21 ++++++++ cmd/kube-apiserver/app/server.go | 1 + docs/admin/kube-apiserver.md | 1 + hack/verify-flags/known-flags.txt | 49 ++++++++++--------- pkg/genericapiserver/genericapiserver.go | 10 +++- pkg/genericapiserver/genericapiserver_test.go | 1 + 7 files changed, 59 insertions(+), 26 deletions(-) diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index c5eb38e2a1e..a0ca0be05a8 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -58,6 +58,7 @@ type APIServer struct { EnableLogsSupport bool EnableProfiling bool EnableWatchCache bool + EnableSwaggerUI bool EtcdServersOverrides []string EtcdConfig etcdstorage.EtcdConfig EventTTL time.Duration @@ -244,6 +245,7 @@ func (s *APIServer) AddFlags(fs *pflag.FlagSet) { fs.BoolVar(&s.EnableProfiling, "profiling", true, "Enable profiling via web interface host:port/debug/pprof/") // TODO: enable cache in integration tests. fs.BoolVar(&s.EnableWatchCache, "watch-cache", true, "Enable watch caching in the apiserver") + fs.BoolVar(&s.EnableSwaggerUI, "enable-swagger-ui", false, "Enables swagger ui on the apiserver at /swagger-ui") fs.StringVar(&s.ExternalHost, "external-hostname", "", "The hostname to use when generating externalized URLs for this master (e.g. Swagger API Docs.)") fs.IntVar(&s.MaxRequestsInFlight, "max-requests-inflight", 400, "The maximum number of requests in flight at a given time. When the server exceeds this, it rejects requests. Zero for no limit.") fs.IntVar(&s.MinRequestTimeout, "min-request-timeout", 1800, "An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out. Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load.") diff --git a/cmd/kube-apiserver/app/options/options_test.go b/cmd/kube-apiserver/app/options/options_test.go index 5cab354b071..85f3a77ac2c 100644 --- a/cmd/kube-apiserver/app/options/options_test.go +++ b/cmd/kube-apiserver/app/options/options_test.go @@ -20,6 +20,8 @@ import ( "reflect" "testing" + "github.com/spf13/pflag" + "k8s.io/kubernetes/pkg/api" "k8s.io/kubernetes/pkg/apis/autoscaling" "k8s.io/kubernetes/pkg/apis/extensions" @@ -76,3 +78,22 @@ func TestGenerateStorageVersionMap(t *testing.T) { } } } + +func TestAddFlagsFlag(t *testing.T) { + // TODO: This only tests the enable-swagger-ui flag for now. + // Expand the test to include other flags as well. + f := pflag.NewFlagSet("addflagstest", pflag.ContinueOnError) + s := NewAPIServer() + s.AddFlags(f) + if s.EnableSwaggerUI { + t.Errorf("Expected s.EnableSwaggerUI to be false by default") + } + + args := []string{ + "--enable-swagger-ui=true", + } + f.Parse(args) + if !s.EnableSwaggerUI { + t.Errorf("Expected s.EnableSwaggerUI to be true") + } +} diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 873d6d2d81f..d6e2d5e4ce4 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -451,6 +451,7 @@ func Run(s *options.APIServer) error { EnableLogsSupport: s.EnableLogsSupport, EnableUISupport: true, EnableSwaggerSupport: true, + EnableSwaggerUI: s.EnableSwaggerUI, EnableProfiling: s.EnableProfiling, EnableWatchCache: s.EnableWatchCache, EnableIndex: true, diff --git a/docs/admin/kube-apiserver.md b/docs/admin/kube-apiserver.md index 964b991127a..40eea9268d3 100644 --- a/docs/admin/kube-apiserver.md +++ b/docs/admin/kube-apiserver.md @@ -67,6 +67,7 @@ kube-apiserver --cloud-provider="": The provider for cloud services. Empty string for no provider. --cors-allowed-origins=[]: List of allowed origins for CORS, comma separated. An allowed origin can be a regular expression to support subdomain matching. If this list is empty CORS will not be enabled. --delete-collection-workers=1: Number of workers spawned for DeleteCollection call. These are used to speed up namespace cleanup. + --enable-swagger-ui[=false]: Enables swagger ui on the apiserver at /swagger-ui --etcd-cafile="": SSL Certificate Authority file used to secure etcd communication --etcd-certfile="": SSL certification file used to secure etcd communication --etcd-keyfile="": SSL key file used to secure etcd communication diff --git a/hack/verify-flags/known-flags.txt b/hack/verify-flags/known-flags.txt index 1a19f57e9ab..cd8491a3ed1 100644 --- a/hack/verify-flags/known-flags.txt +++ b/hack/verify-flags/known-flags.txt @@ -21,8 +21,8 @@ auth-path authorization-mode authorization-policy-file authorization-webhook-config-file -basic-auth-file babysit-daemons +basic-auth-file bench-pods bench-quiet bench-tasks @@ -43,6 +43,9 @@ cleanup-iptables client-ca-file client-certificate client-key +clientset-name +clientset-only +clientset-path cloud-config cloud-provider cluster-cidr @@ -52,9 +55,9 @@ cluster-name cluster-tag concurrent-deployment-syncs concurrent-endpoint-syncs +concurrent-namespace-syncs concurrent-replicaset-syncs concurrent-resource-quota-syncs -concurrent-namespace-syncs config-sync-period configure-cbr0 conntrack-max @@ -97,16 +100,17 @@ enable-custom-metrics enable-debugging-handlers enable-hostpath-provisioner enable-server +enable-swagger-ui +etcd-cafile +etcd-certfile etcd-config +etcd-keyfile etcd-mutation-timeout etcd-prefix etcd-quorum-read etcd-server etcd-servers etcd-servers-overrides -etcd-keyfile -etcd-certfile -etcd-cafile event-burst event-qps event-ttl @@ -120,6 +124,7 @@ experimental-prefix external-hostname external-ip failover-timeout +fake-clientset file-check-frequency file-suffix file_content_in_loop @@ -142,6 +147,7 @@ go-header-file google-json-key grace-period ha-domain +hairpin-mode healthz-bind-address healthz-port horizontal-pod-autoscaler-sync-period @@ -165,20 +171,22 @@ iptables-masquerade-bit iptables-sync-period ir-data-source ir-dbname +ir-hawkular ir-influxdb-host ir-namespace-only ir-password ir-user -ir-hawkular jenkins-host jenkins-jobs -k8s-build-output k8s-bin-dir +k8s-build-output keep-gogoproto km-path kube-api-burst kube-api-qps kube-master +kube-master +kube-master-url kube-reserved kubecfg-file kubectl-path @@ -201,14 +209,17 @@ kubelet-read-only-port kubelet-root-dir kubelet-sync-frequency kubelet-timeout -kube-master -kube-master-url kubernetes-service-node-port label-columns last-release-pr +leader-elect +leader-elect-lease-duration +leader-elect-renew-deadline +leader-elect-retry-period leave-stdin-open limit-bytes load-balancer-ip +lock-file log-flush-frequency long-running-request-regexp low-diskspace-threshold-mb @@ -268,8 +279,8 @@ non-masquerade-cidr num-nodes oidc-ca-file oidc-client-id -oidc-issuer-url oidc-groups-claim +oidc-issuer-url oidc-username-claim only-idl oom-score-adj @@ -297,11 +308,11 @@ proxy-mode proxy-port-range public-address-override pv-recycler-increment-timeout-nfs +pv-recycler-maximum-retry pv-recycler-minimum-timeout-hostpath pv-recycler-minimum-timeout-nfs pv-recycler-pod-template-filepath-hostpath pv-recycler-pod-template-filepath-nfs -pv-recycler-maximum-retry pv-recycler-timeout-increment-hostpath pvclaimbinder-sync-period read-only-port @@ -317,8 +328,8 @@ registry-qps reject-methods reject-paths repair-malformed-updates -replication-controller-lookup-cache-size replicaset-lookup-cache-size +replication-controller-lookup-cache-size repo-root report-dir required-contexts @@ -332,8 +343,8 @@ rkt-stage1-image root-ca-file root-dir run-proxy -runtime-config runtime-cgroups +runtime-config save-config scheduler-config scheduler-name @@ -399,18 +410,8 @@ volume-dir volume-plugin-dir volume-stats-agg-period watch-cache +watch-cache-sizes watch-only whitelist-override-label windows-line-endings www-prefix -clientset-name -clientset-only -clientset-path -fake-clientset -leader-elect -leader-elect-lease-duration -leader-elect-renew-deadline -leader-elect-retry-period -watch-cache-sizes -lock-file -hairpin-mode diff --git a/pkg/genericapiserver/genericapiserver.go b/pkg/genericapiserver/genericapiserver.go index bf7c423117f..54575aadc37 100644 --- a/pkg/genericapiserver/genericapiserver.go +++ b/pkg/genericapiserver/genericapiserver.go @@ -210,8 +210,12 @@ type Config struct { // allow downstream consumers to disable the core controller loops EnableLogsSupport bool EnableUISupport bool - // allow downstream consumers to disable swagger + // Allow downstream consumers to disable swagger. + // This includes returning the generated swagger spec at /swaggerapi and swagger ui at /swagger-ui. EnableSwaggerSupport bool + // Allow downstream consumers to disable swagger ui. + // Note that this is ignored if either EnableSwaggerSupport or EnableUISupport is false. + EnableSwaggerUI bool // Allows api group versions or specific resources to be conditionally enabled/disabled. APIGroupVersionOverrides map[string]APIGroupVersionOverride // allow downstream consumers to disable the index route @@ -307,6 +311,7 @@ type GenericAPIServer struct { enableLogsSupport bool enableUISupport bool enableSwaggerSupport bool + enableSwaggerUI bool enableProfiling bool enableWatchCache bool APIPrefix string @@ -451,6 +456,7 @@ func New(c *Config) (*GenericAPIServer, error) { enableLogsSupport: c.EnableLogsSupport, enableUISupport: c.EnableUISupport, enableSwaggerSupport: c.EnableSwaggerSupport, + enableSwaggerUI: c.EnableSwaggerUI, enableProfiling: c.EnableProfiling, enableWatchCache: c.EnableWatchCache, APIPrefix: c.APIPrefix, @@ -553,7 +559,7 @@ func (s *GenericAPIServer) init(c *Config) { apiserver.InstallLogsSupport(s.MuxHelper) } if c.EnableUISupport { - ui.InstallSupport(s.MuxHelper, s.enableSwaggerSupport) + ui.InstallSupport(s.MuxHelper, s.enableSwaggerSupport && s.enableSwaggerUI) } if c.EnableProfiling { diff --git a/pkg/genericapiserver/genericapiserver_test.go b/pkg/genericapiserver/genericapiserver_test.go index 7d121257451..b5ce446ded8 100644 --- a/pkg/genericapiserver/genericapiserver_test.go +++ b/pkg/genericapiserver/genericapiserver_test.go @@ -80,6 +80,7 @@ func TestNew(t *testing.T) { assert.Equal(s.enableLogsSupport, config.EnableLogsSupport) assert.Equal(s.enableUISupport, config.EnableUISupport) assert.Equal(s.enableSwaggerSupport, config.EnableSwaggerSupport) + assert.Equal(s.enableSwaggerUI, config.EnableSwaggerUI) assert.Equal(s.enableProfiling, config.EnableProfiling) assert.Equal(s.APIPrefix, config.APIPrefix) assert.Equal(s.APIGroupPrefix, config.APIGroupPrefix) From bc6d3ab1b7b84dd63c11c04ada1c15079c722ddd Mon Sep 17 00:00:00 2001 From: nikhiljindal Date: Thu, 17 Mar 2016 15:33:19 -0700 Subject: [PATCH 2/2] Updating documentation --- docs/api.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/api.md b/docs/api.md index 94d5dfcbfa3..12030d6a444 100644 --- a/docs/api.md +++ b/docs/api.md @@ -38,7 +38,7 @@ Primary system and API concepts are documented in the [User guide](user-guide/RE Overall API conventions are described in the [API conventions doc](devel/api-conventions.md). -Complete API details are documented via [Swagger](http://swagger.io/). The Kubernetes apiserver (aka "master") exports an API that can be used to retrieve the [Swagger spec](https://github.com/swagger-api/swagger-spec/tree/master/schemas/v1.2) for the Kubernetes API, by default at `/swaggerapi`, and a UI you can use to browse the API documentation at `/swagger-ui`. We also host generated [API reference docs](api-reference/README.md). +Complete API details are documented via [Swagger](http://swagger.io/). The Kubernetes apiserver (aka "master") exports an API that can be used to retrieve the [Swagger spec](https://github.com/swagger-api/swagger-spec/tree/master/schemas/v1.2) for the Kubernetes API, by default at `/swaggerapi`. It also exports a UI you can use to browse the API documentation at `/swagger-ui` if the apiserver is passed --enable-swagger-ui=true flag. We also host generated [API reference docs](api-reference/README.md). Remote access to the API is discussed in the [access doc](admin/accessing-the-api.md).