Merge pull request #2201 from erictune/insecure_handler

Return InsecureHandler from master.
2025-09-01 01:08:55 +00:00 · 2014-11-06 10:59:43 -08:00
parent 4acb8e5eaf c068b56919
commit 9846228969
2 changed files with 10 additions and 5 deletions
--- a/cmd/apiserver/apiserver.go
+++ b/cmd/apiserver/apiserver.go
@@ -185,7 +185,7 @@ func main() {
 		rl := util.NewTokenBucketRateLimiter(1.0, 20)
 		readOnlyServer := &http.Server{
 			Addr:           roLocation,
-			Handler:        apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, m.Handler))),
+			Handler:        apiserver.RecoverPanics(apiserver.ReadOnly(apiserver.RateLimit(rl, m.InsecureHandler))),
 			ReadTimeout:    5 * time.Minute,
 			WriteTimeout:   5 * time.Minute,
 			MaxHeaderBytes: 1 << 20,
@@ -203,7 +203,7 @@ func main() {

 	s := &http.Server{
 		Addr:           rwLocation,
-		Handler:        apiserver.RecoverPanics(m.Handler),
+		Handler:        apiserver.RecoverPanics(m.InsecureHandler),
 		ReadTimeout:    5 * time.Minute,
 		WriteTimeout:   5 * time.Minute,
 		MaxHeaderBytes: 1 << 20,
--- a/pkg/master/master.go
+++ b/pkg/master/master.go
@@ -106,12 +106,13 @@ type Master struct {
 	authorizer            authorizer.Authorizer
 	masterCount           int

-	// "Outputs"
-	Handler http.Handler
-
 	readOnlyServer  string
 	readWriteServer string
 	masterServices  *util.Runner
+
+	// "Outputs"
+	Handler         http.Handler
+	InsecureHandler http.Handler
 }

 // NewEtcdHelper returns an EtcdHelper for the provided arguments or an error if the version
@@ -195,6 +196,8 @@ func setDefaults(c *Config) {
 //   http.Handler which handles all the endpoints provided by the master,
 //   including the API, the UI, and miscelaneous debugging endpoints.  All
 //   these are subject to authorization and authentication.
+//   InsecureHandler -- an http.Handler which handles all the same
+//   endpoints as Handler, but no authorization and authentication is done.
 // Public methods:
 //   HandleWithAuth -- Allows caller to add an http.Handler for an endpoint
 //   that uses the same authentication and authorization (if any is configured)
@@ -320,6 +323,8 @@ func (m *Master) init(c *Config) {
 		handler = apiserver.CORS(handler, allowedOriginRegexps, nil, nil, "true")
 	}

+	m.InsecureHandler = handler
+
 	attributeGetter := apiserver.NewRequestAttributeGetter(userContexts)
 	handler = apiserver.WithAuthorizationCheck(handler, attributeGetter, m.authorizer)