github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-25 12:43:23 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #47443 from p0lyn0mial/use_incluster_cfg_when_creating_ext_informers

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 48012, 47443, 47702, 47178)

incluster config will be used when creating external shared informers.

**What this PR does / why we need it**:
Previously the loopback configuration was used to talk to the server.
As a consequence a custom API server was unable to talk to the root API server.
This PR changes the above by using incluster configuration to create shared informers.

**Release note**:

```release-note
NONE
```
This commit is contained in:
Kubernetes Submit Queue 2017-06-26 17:48:01 -07:00 committed by GitHub
commit aac42add77
3 changed files with 38 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/kube-apiserver/app/server.go
View File

@ -593,6 +593,8 @@ func defaultOptions(s *options.ServerRunOptions) error {
if err != nil { if err != nil {
return fmt.Errorf("error determining service IP ranges: %v", err) return fmt.Errorf("error determining service IP ranges: %v", err)
} }
s.SecureServing.ForceLoopbackConfigUsage()
if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String(), []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}, []net.IP{apiServerServiceIP}); err != nil { if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String(), []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}, []net.IP{apiServerServiceIP}); err != nil {
return fmt.Errorf("error creating self-signed certificates: %v", err) return fmt.Errorf("error creating self-signed certificates: %v", err)
} }

1
federation/cmd/federation-apiserver/app/server.go
View File

@ -102,6 +102,7 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error {
if err := s.CloudProvider.DefaultExternalHost(s.GenericServerRunOptions); err != nil { if err := s.CloudProvider.DefaultExternalHost(s.GenericServerRunOptions); err != nil {
return fmt.Errorf("error setting the external host value: %v", err) return fmt.Errorf("error setting the external host value: %v", err)
} }
s.SecureServing.ForceLoopbackConfigUsage()
s.Authentication.ApplyAuthorization(s.Authorization) s.Authentication.ApplyAuthorization(s.Authorization)

41
staging/src/k8s.io/apiserver/pkg/server/options/serving.go
View File

@ -24,6 +24,7 @@ import (
"net" "net"
"path" "path"
"strconv" "strconv"
"time"
"github.com/golang/glog" "github.com/golang/glog"
"github.com/pborman/uuid" "github.com/pborman/uuid"
@ -34,6 +35,7 @@ import (
utilflag "k8s.io/apiserver/pkg/util/flag" utilflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/client-go/informers" "k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes" "k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
certutil "k8s.io/client-go/util/cert" certutil "k8s.io/client-go/util/cert"
) )
@ -45,6 +47,9 @@ type SecureServingOptions struct {
ServerCert GeneratableKeyCert ServerCert GeneratableKeyCert
// SNICertKeys are named CertKeys for serving secure traffic with SNI support. // SNICertKeys are named CertKeys for serving secure traffic with SNI support.
SNICertKeys []utilflag.NamedCertKey SNICertKeys []utilflag.NamedCertKey
// when set determines whether to use loopback configuration to create shared informers.
useLoopbackCfg bool
} }
type CertKey struct { type CertKey struct {
@ -136,6 +141,7 @@ func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) {
fs.MarkDeprecated("public-address-override", "see --bind-address instead.") fs.MarkDeprecated("public-address-override", "see --bind-address instead.")
} }
// ApplyTo fills up serving information in the server configuration.
func (s *SecureServingOptions) ApplyTo(c *server.Config) error { func (s *SecureServingOptions) ApplyTo(c *server.Config) error {
if s.BindPort <= 0 { if s.BindPort <= 0 {
return nil return nil
@ -169,16 +175,39 @@ func (s *SecureServingOptions) ApplyTo(c *server.Config) error {
c.SecureServingInfo.SNICerts[server.LoopbackClientServerNameOverride] = &tlsCert c.SecureServingInfo.SNICerts[server.LoopbackClientServerNameOverride] = &tlsCert
} }
// create shared informers // create shared informers, if not explicitly set use in cluster config.
clientset, err := kubernetes.NewForConfig(c.LoopbackClientConfig) // do not fail on an error, this allows an external API server to startup
if err != nil { // outside of a kube cluster.
return err var clientCfg *rest.Config
err = nil
if s.useLoopbackCfg {
clientCfg = c.LoopbackClientConfig
} else {
clientCfg, err = rest.InClusterConfig()
} }
c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, c.LoopbackClientConfig.Timeout) if err != nil {
glog.Errorf("Couldn't create in cluster config due to %v. SharedInformerFactory will not be set.", err)
return nil
}
clientset, err := kubernetes.NewForConfig(clientCfg)
if err != nil {
glog.Errorf("Couldn't create clientset due to %v. SharedInformerFactory will not be set.", err)
return nil
}
c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, 10*time.Minute)
return nil return nil
} }
// ForceLoopbackConfigUsage forces the usage of the loopback configuration
// to create SharedInformerFactory. The primary client of this method
// is kube API server, no other API server is the source of truth for kube APIs.
//
// Note:
// this method MUST be called prior to ApplyTo to take an effect.
func (s *SecureServingOptions) ForceLoopbackConfigUsage() {
s.useLoopbackCfg = true
}
func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error { func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
if s.BindPort <= 0 { if s.BindPort <= 0 {
return nil return nil