Support service port other than 443 for kube-aggregator

This commit is contained in:
Mehdy Bohlool 2019-03-02 14:55:49 -08:00
parent 11f37d757f
commit 8702550beb
13 changed files with 101 additions and 9 deletions

View File

@ -607,6 +607,8 @@ staging/src/k8s.io/code-generator/cmd/lister-gen/generators
staging/src/k8s.io/component-base/cli/flag
staging/src/k8s.io/component-base/config/v1alpha1
staging/src/k8s.io/cri-api/pkg/apis/testing
staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1
staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1
staging/src/k8s.io/kube-aggregator/pkg/controllers/autoregister
staging/src/k8s.io/kube-proxy/config/v1alpha1
staging/src/k8s.io/kubelet/config/v1beta1

View File

@ -34,6 +34,11 @@ type ServiceReference struct {
Namespace string
// Name is the name of the service
Name string
// If specified, the port on the service that hosting the service.
// Default to 443 for backward compatibility.
// `Port` should be a valid port number (1-65535, inclusive).
// +optional
Port int32
}
// APIServiceSpec contains information for locating and communicating with a server.

View File

@ -0,0 +1,33 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"k8s.io/apimachinery/pkg/runtime"
utilpointer "k8s.io/utils/pointer"
)
func addDefaultingFuncs(scheme *runtime.Scheme) error {
return RegisterDefaults(scheme)
}
// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference
func SetDefaults_ServiceReference(obj *ServiceReference) {
if obj.Port == nil {
obj.Port = utilpointer.Int32Ptr(443)
}
}

View File

@ -19,6 +19,7 @@ limitations under the License.
// +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration
// +k8s:openapi-gen=true
// +groupName=apiregistration.k8s.io
// +k8s:defaulter-gen=TypeMeta
// Package v1 contains the API Registration API, which is responsible for
// registering an API `Group`/`Version` with another kubernetes like API server.

View File

@ -47,7 +47,7 @@ func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
}
// Adds the list of known types to the given scheme.

View File

@ -34,6 +34,11 @@ type ServiceReference struct {
Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"`
// Name is the name of the service
Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"`
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `Port` should be a valid port number (1-65535, inclusive).
// +optional
Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"`
}
// APIServiceSpec contains information for locating and communicating with a server.

View File

@ -0,0 +1,33 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1beta1
import (
"k8s.io/apimachinery/pkg/runtime"
utilpointer "k8s.io/utils/pointer"
)
func addDefaultingFuncs(scheme *runtime.Scheme) error {
return RegisterDefaults(scheme)
}
// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference
func SetDefaults_ServiceReference(obj *ServiceReference) {
if obj.Port == nil {
obj.Port = utilpointer.Int32Ptr(443)
}
}

View File

@ -19,6 +19,7 @@ limitations under the License.
// +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration
// +k8s:openapi-gen=true
// +groupName=apiregistration.k8s.io
// +k8s:defaulter-gen=TypeMeta
// Package v1beta1 contains the API Registration API, which is responsible for
// registering an API `Group`/`Version` with another kubernetes like API server.

View File

@ -47,7 +47,7 @@ func init() {
// We only register manually written functions here. The registration of the
// generated functions takes place in the generated files. The separation
// makes the code compile even when the generated files are missing.
localSchemeBuilder.Register(addKnownTypes)
localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs)
}
// Adds the list of known types to the given scheme.

View File

@ -34,6 +34,11 @@ type ServiceReference struct {
Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"`
// Name is the name of the service
Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"`
// If specified, the port on the service that hosting webhook.
// Default to 443 for backward compatibility.
// `Port` should be a valid port number (1-65535, inclusive).
// +optional
Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"`
}
// APIServiceSpec contains information for locating and communicating with a server.

View File

@ -18,6 +18,7 @@ package validation
import (
"fmt"
"strings"
"k8s.io/apimachinery/pkg/api/validation"
"k8s.io/apimachinery/pkg/api/validation/path"
@ -82,6 +83,9 @@ func ValidateAPIService(apiService *apiregistration.APIService) field.ErrorList
if len(apiService.Spec.Service.Name) == 0 {
allErrs = append(allErrs, field.Required(field.NewPath("spec", "service", "name"), ""))
}
if errs := utilvalidation.IsValidPortNum(int(apiService.Spec.Service.Port)); errs != nil {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "service", "port"), apiService.Spec.Service.Port, "port is not valid: "+strings.Join(errs, ", ")))
}
if apiService.Spec.InsecureSkipTLSVerify && len(apiService.Spec.CABundle) > 0 {
allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "insecureSkipTLSVerify"), apiService.Spec.InsecureSkipTLSVerify, "may not be true if caBundle is present"))
}

View File

@ -78,6 +78,8 @@ type proxyHandlingInfo struct {
serviceNamespace string
// serviceAvailable indicates this APIService is available or not
serviceAvailable bool
// servicePort is the port of the service this handler proxies to
servicePort int32
}
func proxyError(w http.ResponseWriter, req *http.Request, error string, code int) {
@ -128,7 +130,7 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) {
// write a new location based on the existing request pointed at the target service
location := &url.URL{}
location.Scheme = "https"
rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, 443)
rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, handlingInfo.servicePort)
if err != nil {
klog.Errorf("error resolving %s/%s: %v", handlingInfo.serviceNamespace, handlingInfo.serviceName, err)
proxyError(w, req, "service unavailable", http.StatusServiceUnavailable)
@ -226,6 +228,7 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationapi.APIServic
},
serviceName: apiService.Spec.Service.Name,
serviceNamespace: apiService.Spec.Service.Namespace,
servicePort: apiService.Spec.Service.Port,
serviceAvailable: apiregistrationapi.IsAPIServiceConditionTrue(apiService, apiregistrationapi.Available),
}
if r.proxyTransport != nil && r.proxyTransport.DialContext != nil {

View File

@ -172,7 +172,7 @@ func TestProxyHandler(t *testing.T) {
apiService: &apiregistration.APIService{
ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
Spec: apiregistration.APIServiceSpec{
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
Group: "foo",
Version: "v1",
CABundle: testCACrt,
@ -204,7 +204,7 @@ func TestProxyHandler(t *testing.T) {
apiService: &apiregistration.APIService{
ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
Spec: apiregistration.APIServiceSpec{
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
Group: "foo",
Version: "v1",
CABundle: testCACrt,
@ -227,7 +227,7 @@ func TestProxyHandler(t *testing.T) {
apiService: &apiregistration.APIService{
ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"},
Spec: apiregistration.APIServiceSpec{
Service: &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns"},
Service: &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns", Port: 443},
Group: "foo",
Version: "v1",
CABundle: testCACrt,
@ -336,7 +336,7 @@ func TestProxyUpgrade(t *testing.T) {
CABundle: testCACrt,
Group: "mygroup",
Version: "v1",
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"},
Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443},
},
Status: apiregistration.APIServiceStatus{
Conditions: []apiregistration.APIServiceCondition{
@ -353,7 +353,7 @@ func TestProxyUpgrade(t *testing.T) {
InsecureSkipTLSVerify: true,
Group: "mygroup",
Version: "v1",
Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"},
Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443},
},
Status: apiregistration.APIServiceStatus{
Conditions: []apiregistration.APIServiceCondition{
@ -370,7 +370,7 @@ func TestProxyUpgrade(t *testing.T) {
CABundle: testCACrt,
Group: "mygroup",
Version: "v1",
Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"},
Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443},
},
Status: apiregistration.APIServiceStatus{
Conditions: []apiregistration.APIServiceCondition{