Fix admission plugin registration

The current registration of admission plug-ins happen too late so the command line help is not yielding correct/useful information to users. This is already causing confusion as mentioned in some issues. This patch fixes it by moving plugins.go down to options package because "plugins" in this context are themselves options for users. Registration of plugins is not an expensive operation and it is already done in most execution paths. In future, we may want to revisit these plugins and migrate them to the shared apiserver repo when appropriate.
2025-07-30 15:05:27 +00:00 · 2017-08-17 20:33:11 +08:00 · 2017-08-17 20:33:11 +08:00 · a909cc8af5
commit a909cc8af5
parent 4bfe9b1a56
5 changed files with 32 additions and 31 deletions
--- a/cmd/kube-apiserver/app/BUILD
+++ b/cmd/kube-apiserver/app/BUILD
@ -10,7 +10,6 @@ go_library(
    srcs = [
        "aggregator.go",
        "apiextensions.go",
-        "plugins.go",
        "server.go",
    ],
    deps = [
@ -24,7 +23,6 @@ go_library(
        "//pkg/client/clientset_generated/internalclientset:go_default_library",
        "//pkg/client/informers/informers_generated/internalversion:go_default_library",
        "//pkg/cloudprovider:go_default_library",
-        "//pkg/cloudprovider/providers:go_default_library",
        "//pkg/controller/serviceaccount:go_default_library",
        "//pkg/generated/openapi:go_default_library",
        "//pkg/kubeapiserver:go_default_library",
@ -42,31 +40,6 @@ go_library(
        "//pkg/util/reflector/prometheus:go_default_library",
        "//pkg/util/workqueue/prometheus:go_default_library",
        "//pkg/version:go_default_library",
-        "//plugin/pkg/admission/admit:go_default_library",
-        "//plugin/pkg/admission/alwayspullimages:go_default_library",
-        "//plugin/pkg/admission/antiaffinity:go_default_library",
-        "//plugin/pkg/admission/defaulttolerationseconds:go_default_library",
-        "//plugin/pkg/admission/deny:go_default_library",
-        "//plugin/pkg/admission/exec:go_default_library",
-        "//plugin/pkg/admission/gc:go_default_library",
-        "//plugin/pkg/admission/imagepolicy:go_default_library",
-        "//plugin/pkg/admission/initialization:go_default_library",
-        "//plugin/pkg/admission/initialresources:go_default_library",
-        "//plugin/pkg/admission/limitranger:go_default_library",
-        "//plugin/pkg/admission/namespace/autoprovision:go_default_library",
-        "//plugin/pkg/admission/namespace/exists:go_default_library",
-        "//plugin/pkg/admission/noderestriction:go_default_library",
-        "//plugin/pkg/admission/persistentvolume/label:go_default_library",
-        "//plugin/pkg/admission/podnodeselector:go_default_library",
-        "//plugin/pkg/admission/podpreset:go_default_library",
-        "//plugin/pkg/admission/podtolerationrestriction:go_default_library",
-        "//plugin/pkg/admission/priority:go_default_library",
-        "//plugin/pkg/admission/resourcequota:go_default_library",
-        "//plugin/pkg/admission/security/podsecuritypolicy:go_default_library",
-        "//plugin/pkg/admission/securitycontext/scdeny:go_default_library",
-        "//plugin/pkg/admission/serviceaccount:go_default_library",
-        "//plugin/pkg/admission/storageclass/setdefault:go_default_library",
-        "//plugin/pkg/admission/webhook:go_default_library",
        "//plugin/pkg/auth/authenticator/token/bootstrap:go_default_library",
        "//vendor/github.com/go-openapi/spec:go_default_library",
        "//vendor/github.com/golang/glog:go_default_library",
--- a/cmd/kube-apiserver/app/options/BUILD
+++ b/cmd/kube-apiserver/app/options/BUILD
@ -10,17 +10,45 @@ go_library(
    name = "go_default_library",
    srcs = [
        "options.go",
+        "plugins.go",
        "validation.go",
    ],
    deps = [
        "//pkg/api:go_default_library",
        "//pkg/api/validation:go_default_library",
+        "//pkg/cloudprovider/providers:go_default_library",
        "//pkg/features:go_default_library",
        "//pkg/kubeapiserver/options:go_default_library",
        "//pkg/kubelet/client:go_default_library",
        "//pkg/master/ports:go_default_library",
+        "//plugin/pkg/admission/admit:go_default_library",
+        "//plugin/pkg/admission/alwayspullimages:go_default_library",
+        "//plugin/pkg/admission/antiaffinity:go_default_library",
+        "//plugin/pkg/admission/defaulttolerationseconds:go_default_library",
+        "//plugin/pkg/admission/deny:go_default_library",
+        "//plugin/pkg/admission/exec:go_default_library",
+        "//plugin/pkg/admission/gc:go_default_library",
+        "//plugin/pkg/admission/imagepolicy:go_default_library",
+        "//plugin/pkg/admission/initialization:go_default_library",
+        "//plugin/pkg/admission/initialresources:go_default_library",
+        "//plugin/pkg/admission/limitranger:go_default_library",
+        "//plugin/pkg/admission/namespace/autoprovision:go_default_library",
+        "//plugin/pkg/admission/namespace/exists:go_default_library",
+        "//plugin/pkg/admission/noderestriction:go_default_library",
+        "//plugin/pkg/admission/persistentvolume/label:go_default_library",
+        "//plugin/pkg/admission/podnodeselector:go_default_library",
+        "//plugin/pkg/admission/podpreset:go_default_library",
+        "//plugin/pkg/admission/podtolerationrestriction:go_default_library",
+        "//plugin/pkg/admission/priority:go_default_library",
+        "//plugin/pkg/admission/resourcequota:go_default_library",
+        "//plugin/pkg/admission/security/podsecuritypolicy:go_default_library",
+        "//plugin/pkg/admission/securitycontext/scdeny:go_default_library",
+        "//plugin/pkg/admission/serviceaccount:go_default_library",
+        "//plugin/pkg/admission/storageclass/setdefault:go_default_library",
+        "//plugin/pkg/admission/webhook:go_default_library",
        "//vendor/github.com/spf13/pflag:go_default_library",
        "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library",
        "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library",
    ],
--- a/cmd/kube-apiserver/app/options/options.go
+++ b/cmd/kube-apiserver/app/options/options.go
@ -113,6 +113,9 @@ func NewServerRunOptions() *ServerRunOptions {
 	}
 	// Overwrite the default for storage data format.
 	s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf"
+
+	// register all admission plugins
+	RegisterAllAdmissionPlugins(s.Admission.Plugins)
 	// Set the default for admission plugins names
 	s.Admission.PluginNames = []string{"AlwaysAdmit"}
 	return &s
--- a/cmd/kube-apiserver/app/options/plugins.go
+++ b/cmd/kube-apiserver/app/options/plugins.go
@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */

-package app
+package options

 // This file exists to force the desired plugin implementations to be linked.
 // This should probably be part of some configuration fed into the build for a
--- a/cmd/kube-apiserver/app/server.go
+++ b/cmd/kube-apiserver/app/server.go
@ -249,9 +249,6 @@ func CreateNodeDialer(s *options.ServerRunOptions) (tunneler.Tunneler, *http.Tra

 // CreateKubeAPIServerConfig creates all the resources for running the API server, but runs none of them
 func CreateKubeAPIServerConfig(s *options.ServerRunOptions, nodeTunneler tunneler.Tunneler, proxyTransport http.RoundTripper) (*master.Config, informers.SharedInformerFactory, clientgoinformers.SharedInformerFactory, *kubeserver.InsecureServingInfo, aggregatorapiserver.ServiceResolver, error) {
-	// register all admission plugins
-	RegisterAllAdmissionPlugins(s.Admission.Plugins)
-
 	// set defaults in the options before trying to create the generic config
 	if err := defaultOptions(s); err != nil {
 		return nil, nil, nil, nil, nil, err