diff --git a/hack/.golint_failures b/hack/.golint_failures index 708080a8cb9..09f0f40a4d8 100644 --- a/hack/.golint_failures +++ b/hack/.golint_failures @@ -607,6 +607,8 @@ staging/src/k8s.io/code-generator/cmd/lister-gen/generators staging/src/k8s.io/component-base/cli/flag staging/src/k8s.io/component-base/config/v1alpha1 staging/src/k8s.io/cri-api/pkg/apis/testing +staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 +staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 staging/src/k8s.io/kube-aggregator/pkg/controllers/autoregister staging/src/k8s.io/kube-proxy/config/v1alpha1 staging/src/k8s.io/kubelet/config/v1beta1 diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go index a8e345f81b9..044b49e7801 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/types.go @@ -34,6 +34,11 @@ type ServiceReference struct { Namespace string // Name is the name of the service Name string + // If specified, the port on the service that hosting the service. + // Default to 443 for backward compatibility. + // `Port` should be a valid port number (1-65535, inclusive). + // +optional + Port int32 } // APIServiceSpec contains information for locating and communicating with a server. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go new file mode 100644 index 00000000000..2ae90d64619 --- /dev/null +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/defaults.go @@ -0,0 +1,33 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + utilpointer "k8s.io/utils/pointer" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} + +// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference +func SetDefaults_ServiceReference(obj *ServiceReference) { + if obj.Port == nil { + obj.Port = utilpointer.Int32Ptr(443) + } +} diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go index 7c5a51e651d..b9993f4ca3d 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/doc.go @@ -19,6 +19,7 @@ limitations under the License. // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration // +k8s:openapi-gen=true // +groupName=apiregistration.k8s.io +// +k8s:defaulter-gen=TypeMeta // Package v1 contains the API Registration API, which is responsible for // registering an API `Group`/`Version` with another kubernetes like API server. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go index cab9dff6648..07e65bf045d 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/register.go @@ -47,7 +47,7 @@ func init() { // We only register manually written functions here. The registration of the // generated functions takes place in the generated files. The separation // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) } // Adds the list of known types to the given scheme. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go index 0a87c9fae3d..58e0296f464 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1/types.go @@ -34,6 +34,11 @@ type ServiceReference struct { Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` // Name is the name of the service Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` + // If specified, the port on the service that hosting webhook. + // Default to 443 for backward compatibility. + // `Port` should be a valid port number (1-65535, inclusive). + // +optional + Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"` } // APIServiceSpec contains information for locating and communicating with a server. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/defaults.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/defaults.go new file mode 100644 index 00000000000..a7bfb3d9de2 --- /dev/null +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/defaults.go @@ -0,0 +1,33 @@ +/* +Copyright 2019 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "k8s.io/apimachinery/pkg/runtime" + utilpointer "k8s.io/utils/pointer" +) + +func addDefaultingFuncs(scheme *runtime.Scheme) error { + return RegisterDefaults(scheme) +} + +// SetDefaults_ServiceReference sets defaults for AuditSync Webhook's ServiceReference +func SetDefaults_ServiceReference(obj *ServiceReference) { + if obj.Port == nil { + obj.Port = utilpointer.Int32Ptr(443) + } +} diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/doc.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/doc.go index 1f1bae6f952..b8877cc2cd8 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/doc.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/doc.go @@ -19,6 +19,7 @@ limitations under the License. // +k8s:conversion-gen=k8s.io/kube-aggregator/pkg/apis/apiregistration // +k8s:openapi-gen=true // +groupName=apiregistration.k8s.io +// +k8s:defaulter-gen=TypeMeta // Package v1beta1 contains the API Registration API, which is responsible for // registering an API `Group`/`Version` with another kubernetes like API server. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/register.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/register.go index f6a9fabb07e..baa179571f4 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/register.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/register.go @@ -47,7 +47,7 @@ func init() { // We only register manually written functions here. The registration of the // generated functions takes place in the generated files. The separation // makes the code compile even when the generated files are missing. - localSchemeBuilder.Register(addKnownTypes) + localSchemeBuilder.Register(addKnownTypes, addDefaultingFuncs) } // Adds the list of known types to the given scheme. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go index 02bddab23ab..1964ab5fa25 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1/types.go @@ -34,6 +34,11 @@ type ServiceReference struct { Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` // Name is the name of the service Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` + // If specified, the port on the service that hosting webhook. + // Default to 443 for backward compatibility. + // `Port` should be a valid port number (1-65535, inclusive). + // +optional + Port *int32 `json:"port,omitempty" protobuf:"varint,3,opt,name=port"` } // APIServiceSpec contains information for locating and communicating with a server. diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/validation/validation.go b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/validation/validation.go index 0ffa3fc9186..82754d622a0 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/validation/validation.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apis/apiregistration/validation/validation.go @@ -18,6 +18,7 @@ package validation import ( "fmt" + "strings" "k8s.io/apimachinery/pkg/api/validation" "k8s.io/apimachinery/pkg/api/validation/path" @@ -82,6 +83,9 @@ func ValidateAPIService(apiService *apiregistration.APIService) field.ErrorList if len(apiService.Spec.Service.Name) == 0 { allErrs = append(allErrs, field.Required(field.NewPath("spec", "service", "name"), "")) } + if errs := utilvalidation.IsValidPortNum(int(apiService.Spec.Service.Port)); errs != nil { + allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "service", "port"), apiService.Spec.Service.Port, "port is not valid: "+strings.Join(errs, ", "))) + } if apiService.Spec.InsecureSkipTLSVerify && len(apiService.Spec.CABundle) > 0 { allErrs = append(allErrs, field.Invalid(field.NewPath("spec", "insecureSkipTLSVerify"), apiService.Spec.InsecureSkipTLSVerify, "may not be true if caBundle is present")) } diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go index 491475fcd88..af9d47e3668 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy.go @@ -78,6 +78,8 @@ type proxyHandlingInfo struct { serviceNamespace string // serviceAvailable indicates this APIService is available or not serviceAvailable bool + // servicePort is the port of the service this handler proxies to + servicePort int32 } func proxyError(w http.ResponseWriter, req *http.Request, error string, code int) { @@ -128,7 +130,7 @@ func (r *proxyHandler) ServeHTTP(w http.ResponseWriter, req *http.Request) { // write a new location based on the existing request pointed at the target service location := &url.URL{} location.Scheme = "https" - rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, 443) + rloc, err := r.serviceResolver.ResolveEndpoint(handlingInfo.serviceNamespace, handlingInfo.serviceName, handlingInfo.servicePort) if err != nil { klog.Errorf("error resolving %s/%s: %v", handlingInfo.serviceNamespace, handlingInfo.serviceName, err) proxyError(w, req, "service unavailable", http.StatusServiceUnavailable) @@ -226,6 +228,7 @@ func (r *proxyHandler) updateAPIService(apiService *apiregistrationapi.APIServic }, serviceName: apiService.Spec.Service.Name, serviceNamespace: apiService.Spec.Service.Namespace, + servicePort: apiService.Spec.Service.Port, serviceAvailable: apiregistrationapi.IsAPIServiceConditionTrue(apiService, apiregistrationapi.Available), } if r.proxyTransport != nil && r.proxyTransport.DialContext != nil { diff --git a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy_test.go b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy_test.go index 72ecd82d97f..f0ae33de9f1 100644 --- a/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy_test.go +++ b/staging/src/k8s.io/kube-aggregator/pkg/apiserver/handler_proxy_test.go @@ -172,7 +172,7 @@ func TestProxyHandler(t *testing.T) { apiService: &apiregistration.APIService{ ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, Spec: apiregistration.APIServiceSpec{ - Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, + Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, Group: "foo", Version: "v1", CABundle: testCACrt, @@ -204,7 +204,7 @@ func TestProxyHandler(t *testing.T) { apiService: &apiregistration.APIService{ ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, Spec: apiregistration.APIServiceSpec{ - Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, + Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, Group: "foo", Version: "v1", CABundle: testCACrt, @@ -227,7 +227,7 @@ func TestProxyHandler(t *testing.T) { apiService: &apiregistration.APIService{ ObjectMeta: metav1.ObjectMeta{Name: "v1.foo"}, Spec: apiregistration.APIServiceSpec{ - Service: &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns"}, + Service: &apiregistration.ServiceReference{Name: "bad-service", Namespace: "test-ns", Port: 443}, Group: "foo", Version: "v1", CABundle: testCACrt, @@ -336,7 +336,7 @@ func TestProxyUpgrade(t *testing.T) { CABundle: testCACrt, Group: "mygroup", Version: "v1", - Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns"}, + Service: &apiregistration.ServiceReference{Name: "test-service", Namespace: "test-ns", Port: 443}, }, Status: apiregistration.APIServiceStatus{ Conditions: []apiregistration.APIServiceCondition{ @@ -353,7 +353,7 @@ func TestProxyUpgrade(t *testing.T) { InsecureSkipTLSVerify: true, Group: "mygroup", Version: "v1", - Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"}, + Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443}, }, Status: apiregistration.APIServiceStatus{ Conditions: []apiregistration.APIServiceCondition{ @@ -370,7 +370,7 @@ func TestProxyUpgrade(t *testing.T) { CABundle: testCACrt, Group: "mygroup", Version: "v1", - Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns"}, + Service: &apiregistration.ServiceReference{Name: "invalid-service", Namespace: "invalid-ns", Port: 443}, }, Status: apiregistration.APIServiceStatus{ Conditions: []apiregistration.APIServiceCondition{