tweak defaults for recommended apiserver options

cmd/kube-apiserver/app/options/options.go

@@ -70,7 +70,7 @@ func NewServerRunOptions() *ServerRunOptions {
 	s := ServerRunOptions{
 		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
 		Etcd:                 genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, api.Scheme, nil)),
-		SecureServing:        genericoptions.NewSecureServingOptions(),
+		SecureServing:        kubeoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
 		Audit:                genericoptions.NewAuditLogOptions(),
 		Features:             genericoptions.NewFeatureOptions(),

examples/apiserver/apiserver.go

@@ -59,7 +59,7 @@ func NewServerRunOptions() *ServerRunOptions {
 	s := ServerRunOptions{
 		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
 		Etcd:            genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, api.Scheme, nil)),
-		SecureServing:   genericoptions.NewSecureServingOptions(),
+		SecureServing:   kubeoptions.NewSecureServingOptions(),
 		InsecureServing: genericoptions.NewInsecureServingOptions(),
 		Authentication:  kubeoptions.NewBuiltInAuthenticationOptions().WithAll(),
 		CloudProvider:   kubeoptions.NewCloudProviderOptions(),

federation/cmd/federation-apiserver/app/options/options.go

@@ -53,7 +53,7 @@ func NewServerRunOptions() *ServerRunOptions {
 	s := ServerRunOptions{
 		GenericServerRunOptions: genericoptions.NewServerRunOptions(),
 		Etcd:                 genericoptions.NewEtcdOptions(storagebackend.NewDefaultConfig(kubeoptions.DefaultEtcdPathPrefix, api.Scheme, nil)),
-		SecureServing:        genericoptions.NewSecureServingOptions(),
+		SecureServing:        kubeoptions.NewSecureServingOptions(),
 		InsecureServing:      genericoptions.NewInsecureServingOptions(),
 		Audit:                genericoptions.NewAuditLogOptions(),
 		Features:             genericoptions.NewFeatureOptions(),

pkg/kubeapiserver/options/BUILD

@@ -15,6 +15,7 @@ go_library(
         "authentication.go",
         "authorization.go",
         "cloudprovider.go",
+        "serving.go",
         "storage_versions.go",
     ],
     tags = ["automanaged"],

pkg/kubeapiserver/options/serving.go

@@ -0,0 +1,39 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package options contains flags and options for initializing an apiserver
+package options
+
+import (
+	"net"
+
+	genericoptions "k8s.io/apiserver/pkg/server/options"
+)
+
+// NewSecureServingOptions gives default values for the kube-apiserver and federation-apiserver which are not the options wanted by
+// "normal" API servers running on the platform
+func NewSecureServingOptions() *genericoptions.SecureServingOptions {
+	return &genericoptions.SecureServingOptions{
+		ServingOptions: genericoptions.ServingOptions{
+			BindAddress: net.ParseIP("0.0.0.0"),
+			BindPort:    6443,
+		},
+		ServerCert: genericoptions.GeneratableKeyCert{
+			PairName:      "apiserver",
+			CertDirectory: "/var/run/kubernetes",
+		},
+	}
+}

staging/src/k8s.io/apiserver/pkg/server/config.go

@@ -193,7 +193,7 @@ type SecureServingInfo struct {
 // NewConfig returns a Config struct with the default values
 func NewConfig() *Config {
 	return &Config{
-		ReadWritePort:               6443,
+		ReadWritePort:               443,
 		RequestContextMapper:        apirequest.NewRequestContextMapper(),
 		BuildHandlerChainsFunc:      DefaultBuildHandlerChain,
 		LegacyAPIGroupPrefixes:      sets.NewString(DefaultLegacyAPIPrefix),

staging/src/k8s.io/apiserver/pkg/server/genericapiserver_test.go

@@ -126,7 +126,7 @@ func TestNew(t *testing.T) {
 	assert.Equal(s.RequestContextMapper(), config.RequestContextMapper)
 
 	// these values get defaulted
-	assert.Equal(net.JoinHostPort(config.PublicAddress.String(), "6443"), s.ExternalAddress)
+	assert.Equal(net.JoinHostPort(config.PublicAddress.String(), "443"), s.ExternalAddress)
 	assert.NotNil(s.swaggerConfig)
 	assert.Equal("http://"+s.ExternalAddress, s.swaggerConfig.WebServicesUrl)
 }

staging/src/k8s.io/apiserver/pkg/server/options/authentication.go

@@ -60,7 +60,7 @@ func (s *RequestHeaderAuthenticationOptions) AddFlags(fs *pflag.FlagSet) {
 // ToAuthenticationRequestHeaderConfig returns a RequestHeaderConfig config object for these options
 // if necessary, nil otherwise.
 func (s *RequestHeaderAuthenticationOptions) ToAuthenticationRequestHeaderConfig() *authenticatorfactory.RequestHeaderConfig {
-	if len(s.UsernameHeaders) == 0 || (len(s.UsernameHeaders) == 1 && len(s.UsernameHeaders[0]) == 0) {
+	if len(s.ClientCAFile) == 0 {
 		return nil
 	}
 

staging/src/k8s.io/apiserver/pkg/server/options/serving.go

@@ -73,11 +73,11 @@ func NewSecureServingOptions() *SecureServingOptions {
 	return &SecureServingOptions{
 		ServingOptions: ServingOptions{
 			BindAddress: net.ParseIP("0.0.0.0"),
-			BindPort:    6443,
+			BindPort:    443,
 		},
 		ServerCert: GeneratableKeyCert{
 			PairName:      "apiserver",
-			CertDirectory: "/var/run/kubernetes",
+			CertDirectory: "apiserver.local.config/certificates",
 		},
 	}
 }

staging/src/k8s.io/sample-apiserver/pkg/cmd/server/start.go

@@ -44,7 +44,6 @@ func NewWardleServerOptions(out, errOut io.Writer) *WardleServerOptions {
 		StdOut: out,
 		StdErr: errOut,
 	}
-	o.RecommendedOptions.SecureServing.ServingOptions.BindPort = 443
 
 	return o
 }