move tunneler out of generic

cmd/kube-apiserver/app/BUILD

@@ -33,6 +33,7 @@ go_library(
         "//pkg/kubeapiserver/admission:go_default_library",
         "//pkg/kubeapiserver/authenticator:go_default_library",
         "//pkg/master:go_default_library",
+        "//pkg/master/tunneler:go_default_library",
         "//pkg/registry/cachesize:go_default_library",
         "//pkg/version:go_default_library",
         "//plugin/pkg/admission/admit:go_default_library",

cmd/kube-apiserver/app/server.go

@@ -57,6 +57,7 @@ import (
 	kubeadmission "k8s.io/kubernetes/pkg/kubeapiserver/admission"
 	kubeauthenticator "k8s.io/kubernetes/pkg/kubeapiserver/authenticator"
 	"k8s.io/kubernetes/pkg/master"
+	"k8s.io/kubernetes/pkg/master/tunneler"
 	"k8s.io/kubernetes/pkg/registry/cachesize"
 	"k8s.io/kubernetes/pkg/version"
 )
@@ -123,19 +124,19 @@ func Run(s *options.ServerRunOptions) error {
 		PerConnectionBandwidthLimitBytesPerSec: s.MaxConnectionBytesPerSec,
 	})
 
-	// Setup tunneler if needed
-	var tunneler genericapiserver.Tunneler
+	// Setup nodeTunneler if needed
+	var nodeTunneler tunneler.Tunneler
 	var proxyDialerFn utilnet.DialFunc
 	if len(s.SSHUser) > 0 {
 		// Get ssh key distribution func, if supported
-		var installSSH genericapiserver.InstallSSHKey
+		var installSSHKey tunneler.InstallSSHKey
 		cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile)
 		if err != nil {
 			return fmt.Errorf("cloud provider could not be initialized: %v", err)
 		}
 		if cloud != nil {
 			if instances, supported := cloud.Instances(); supported {
-				installSSH = instances.AddSSHKeyToAllInstances
+				installSSHKey = instances.AddSSHKeyToAllInstances
 			}
 		}
 		if s.KubeletConfig.Port == 0 {
@@ -144,7 +145,7 @@ func Run(s *options.ServerRunOptions) error {
 		if s.KubeletConfig.ReadOnlyPort == 0 {
 			return fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified")
 		}
-		// Set up the tunneler
+		// Set up the nodeTunneler
 		// TODO(cjcullen): If we want this to handle per-kubelet ports or other
 		// kubelet listen-addresses, we need to plumb through options.
 		healthCheckPath := &url.URL{
@@ -152,12 +153,12 @@ func Run(s *options.ServerRunOptions) error {
 			Host:   net.JoinHostPort("127.0.0.1", strconv.FormatUint(uint64(s.KubeletConfig.ReadOnlyPort), 10)),
 			Path:   "healthz",
 		}
-		tunneler = genericapiserver.NewSSHTunneler(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSH)
+		nodeTunneler = tunneler.New(s.SSHUser, s.SSHKeyfile, healthCheckPath, installSSHKey)
 
-		// Use the tunneler's dialer to connect to the kubelet
-		s.KubeletConfig.Dial = tunneler.Dial
-		// Use the tunneler's dialer when proxying to pods, services, and nodes
-		proxyDialerFn = tunneler.Dial
+		// Use the nodeTunneler's dialer to connect to the kubelet
+		s.KubeletConfig.Dial = nodeTunneler.Dial
+		// Use the nodeTunneler's dialer when proxying to pods, services, and nodes
+		proxyDialerFn = nodeTunneler.Dial
 	}
 
 	// Proxying to pods and services is IP-based... don't expect to be able to verify the hostname
@@ -311,7 +312,7 @@ func Run(s *options.ServerRunOptions) error {
 		EnableLogsSupport:       true,
 		ProxyTransport:          proxyTransport,
 
-		Tunneler: tunneler,
+		Tunneler: nodeTunneler,
 
 		ServiceIPRange:       serviceIPRange,
 		APIServerServiceIP:   apiServerServiceIP,

pkg/genericapiserver/BUILD

@@ -23,7 +23,6 @@ go_library(
         "resource_encoding_config.go",
         "serve.go",
         "storage_factory.go",
-        "tunneler.go",
     ],
     tags = ["automanaged"],
     deps = [
@@ -42,11 +41,8 @@ go_library(
         "//pkg/genericapiserver/mux:go_default_library",
         "//pkg/genericapiserver/options:go_default_library",
         "//pkg/genericapiserver/routes:go_default_library",
-        "//pkg/ssh:go_default_library",
         "//pkg/storage/storagebackend:go_default_library",
-        "//pkg/util:go_default_library",
         "//pkg/util/cert:go_default_library",
-        "//pkg/util/clock:go_default_library",
         "//pkg/util/config:go_default_library",
         "//pkg/version:go_default_library",
         "//vendor:github.com/coreos/go-systemd/daemon",
@@ -56,7 +52,6 @@ go_library(
         "//vendor:github.com/golang/glog",
         "//vendor:github.com/pborman/uuid",
         "//vendor:github.com/pkg/errors",
-        "//vendor:github.com/prometheus/client_golang/prometheus",
         "//vendor:gopkg.in/natefinch/lumberjack.v2",
         "//vendor:k8s.io/apimachinery/pkg/apimachinery",
         "//vendor:k8s.io/apimachinery/pkg/apimachinery/registered",
@@ -69,7 +64,6 @@ go_library(
         "//vendor:k8s.io/apimachinery/pkg/util/runtime",
         "//vendor:k8s.io/apimachinery/pkg/util/sets",
         "//vendor:k8s.io/apimachinery/pkg/util/validation",
-        "//vendor:k8s.io/apimachinery/pkg/util/wait",
         "//vendor:k8s.io/apiserver/pkg/authentication/authenticator",
         "//vendor:k8s.io/apiserver/pkg/authentication/request/union",
         "//vendor:k8s.io/apiserver/pkg/authentication/user",
@@ -88,7 +82,6 @@ go_test(
         "serve_test.go",
         "server_run_options_test.go",
         "storage_factory_test.go",
-        "tunneler_test.go",
     ],
     library = ":go_default_library",
     tags = ["automanaged"],
@@ -107,7 +100,6 @@ go_test(
         "//pkg/storage/etcd/testing:go_default_library",
         "//pkg/storage/storagebackend:go_default_library",
         "//pkg/util/cert:go_default_library",
-        "//pkg/util/clock:go_default_library",
         "//pkg/util/config:go_default_library",
         "//pkg/version:go_default_library",
         "//vendor:github.com/go-openapi/spec",

pkg/master/BUILD

@@ -52,6 +52,7 @@ go_library(
         "//pkg/genericapiserver:go_default_library",
         "//pkg/kubelet/client:go_default_library",
         "//pkg/master/thirdparty:go_default_library",
+        "//pkg/master/tunneler:go_default_library",
         "//pkg/registry/apps/rest:go_default_library",
         "//pkg/registry/authentication/rest:go_default_library",
         "//pkg/registry/authorization/rest:go_default_library",
@@ -148,6 +149,7 @@ filegroup(
         ":package-srcs",
         "//pkg/master/ports:all-srcs",
         "//pkg/master/thirdparty:all-srcs",
+        "//pkg/master/tunneler:all-srcs",
     ],
     tags = ["automanaged"],
 )

pkg/master/master.go

@@ -45,6 +45,7 @@ import (
 	"k8s.io/kubernetes/pkg/genericapiserver"
 	kubeletclient "k8s.io/kubernetes/pkg/kubelet/client"
 	"k8s.io/kubernetes/pkg/master/thirdparty"
+	"k8s.io/kubernetes/pkg/master/tunneler"
 	"k8s.io/kubernetes/pkg/registry/generic"
 	genericregistry "k8s.io/kubernetes/pkg/registry/generic/registry"
 	"k8s.io/kubernetes/pkg/routes"
@@ -86,7 +87,7 @@ type Config struct {
 	KubeletClientConfig      kubeletclient.KubeletClientConfig
 
 	// Used to start and monitor tunneling
-	Tunneler          genericapiserver.Tunneler
+	Tunneler          tunneler.Tunneler
 	EnableUISupport   bool
 	EnableLogsSupport bool
 	ProxyTransport    http.RoundTripper
@@ -283,13 +284,13 @@ func (m *Master) InstallLegacyAPI(c *Config, restOptionsGetter generic.RESTOptio
 	}
 }
 
-func (m *Master) installTunneler(tunneler genericapiserver.Tunneler, nodeClient corev1client.NodeInterface) {
-	tunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses)
-	m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", genericapiserver.TunnelSyncHealthChecker(tunneler)))
+func (m *Master) installTunneler(nodeTunneler tunneler.Tunneler, nodeClient corev1client.NodeInterface) {
+	nodeTunneler.Run(nodeAddressProvider{nodeClient}.externalAddresses)
+	m.GenericAPIServer.AddHealthzChecks(healthz.NamedCheck("SSH Tunnel Check", tunneler.TunnelSyncHealthChecker(nodeTunneler)))
 	prometheus.NewGaugeFunc(prometheus.GaugeOpts{
 		Name: "apiserver_proxy_tunnel_sync_latency_secs",
 		Help: "The time since the last successful synchronization of the SSH tunnels for proxy requests.",
-	}, func() float64 { return float64(tunneler.SecondsSinceSync()) })
+	}, func() float64 { return float64(nodeTunneler.SecondsSinceSync()) })
 }
 
 // RESTStorageProvider is a factory type for REST storage.

pkg/master/tunneler/BUILD

@@ -0,0 +1,47 @@
+package(default_visibility = ["//visibility:public"])
+
+licenses(["notice"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["ssh_test.go"],
+    library = ":go_default_library",
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/util/clock:go_default_library",
+        "//vendor:github.com/stretchr/testify/assert",
+    ],
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = ["ssh.go"],
+    tags = ["automanaged"],
+    deps = [
+        "//pkg/ssh:go_default_library",
+        "//pkg/util:go_default_library",
+        "//pkg/util/clock:go_default_library",
+        "//vendor:github.com/golang/glog",
+        "//vendor:github.com/prometheus/client_golang/prometheus",
+        "//vendor:k8s.io/apimachinery/pkg/util/wait",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

pkg/master/tunneler/ssh.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package genericapiserver
+package tunneler
 
 import (
 	"fmt"
@@ -85,7 +85,7 @@ type SSHTunneler struct {
 	stopChan     chan struct{}
 }
 
-func NewSSHTunneler(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler {
+func New(sshUser, sshKeyfile string, healthCheckURL *url.URL, installSSHKey InstallSSHKey) Tunneler {
 	return &SSHTunneler{
 		SSHUser:        sshUser,
 		SSHKeyfile:     sshKeyfile,

pkg/master/tunneler/ssh_test.go

@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package genericapiserver
+package tunneler
 
 import (
 	"fmt"