From 05b1074d0efa9bf7053ec1295713c0180b9e1db7 Mon Sep 17 00:00:00 2001 From: deads2k Date: Mon, 5 Dec 2016 10:47:41 -0500 Subject: [PATCH 1/2] re-organize and document genericapiserver config --- pkg/genericapiserver/config.go | 125 +++++++++++++++++---------------- 1 file changed, 66 insertions(+), 59 deletions(-) diff --git a/pkg/genericapiserver/config.go b/pkg/genericapiserver/config.go index fe3fdcada43..ed7782ac9a8 100644 --- a/pkg/genericapiserver/config.go +++ b/pkg/genericapiserver/config.go @@ -74,87 +74,94 @@ const ( ) // Config is a structure used to configure a GenericAPIServer. +// It's members are sorted rougly in order of importance for composers. type Config struct { - // Destination for audit logs - AuditWriter io.Writer - // Allow downstream consumers to disable swagger. - // This includes returning the generated swagger spec at /swaggerapi and swagger ui at /swagger-ui. - EnableSwaggerSupport bool - // Allow downstream consumers to disable swagger ui. - // Note that this is ignored if EnableSwaggerSupport is false - EnableSwaggerUI bool - // Allows api group versions or specific resources to be conditionally enabled/disabled. - APIResourceConfigSource APIResourceConfigSource - // allow downstream consumers to disable the index route - EnableIndex bool - EnableProfiling bool - // Requires generic profiling enabled - EnableContentionProfiling bool - EnableMetrics bool - EnableGarbageCollection bool - - Version *version.Info - CorsAllowedOriginList []string - Authenticator authenticator.Request - // TODO(roberthbailey): Remove once the server no longer supports http basic auth. - SupportsBasicAuth bool - Authorizer authorizer.Authorizer - AdmissionControl admission.Interface + // SecureServingInfo is required to serve https + SecureServingInfo *SecureServingInfo // LoopbackClientConfig is a config for a privileged loopback connection to the API server + // This is required for proper functioning of the PostStartHooks on a GenericAPIServer LoopbackClientConfig *restclient.Config + // Authenticator determines which subject is making the request + Authenticator authenticator.Request + // Authorizer determines whether the subject is allowed to make the request based only + // on the RequestURI + Authorizer authorizer.Authorizer + // AdmissionControl performs deep inspection of a given request (including content) + // to set values and determine whether its allowed + AdmissionControl admission.Interface + CorsAllowedOriginList []string - // Map requests to contexts. Exported so downstream consumers can provider their own mappers - RequestContextMapper api.RequestContextMapper + EnableSwaggerSupport bool + EnableSwaggerUI bool + EnableIndex bool + EnableProfiling bool + // Requires generic profiling enabled + EnableContentionProfiling bool + EnableGarbageCollection bool + EnableMetrics bool + EnableOpenAPISupport bool - // Required, the interface for serializing and converting objects to and from the wire - Serializer runtime.NegotiatedSerializer + // Version will enable the /version endpoint if non-nil + Version *version.Info + // AuditWriter is the destination for audit logs. If nil, they will not be written. + AuditWriter io.Writer + // SupportsBasicAuth indicates that's at least one Authenticator supports basic auth + // If this is true, a basic auth challenge is returned on authentication failure + // TODO(roberthbailey): Remove once the server no longer supports http basic auth. + SupportsBasicAuth bool + // ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger) + // Will default to a value based on secure serving info and available ipv4 IPs. + ExternalAddress string - // If specified, requests will be allocated a random timeout between this value, and twice this value. - // Note that it is up to the request handlers to ignore or honor this timeout. In seconds. - MinRequestTimeout int - - SecureServingInfo *SecureServingInfo - InsecureServingInfo *ServingInfo + //=========================================================================== + // Fields you probably don't care about changing + //=========================================================================== + // BuildHandlerChainsFunc allows you to build custom handler chains by decorating the apiHandler. + BuildHandlerChainsFunc func(apiHandler http.Handler, c *Config) (secure, insecure http.Handler) // DiscoveryAddresses is used to build the IPs pass to discovery. If nil, the ExternalAddress is // always reported DiscoveryAddresses DiscoveryAddresses - - // The port on PublicAddress where a read-write server will be installed. - // Defaults to 6443 if not set. - ReadWritePort int - - // ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger) - ExternalAddress string - - // PublicAddress is the IP address where members of the cluster (kubelet, - // kube-proxy, services, etc.) can reach the GenericAPIServer. - // If nil or 0.0.0.0, the host's default interface will be used. - PublicAddress net.IP - - // EnableOpenAPISupport enables OpenAPI support. Allow downstream customers to disable OpenAPI spec. - EnableOpenAPISupport bool - - // OpenAPIConfig will be used in generating OpenAPI spec. + // LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests + // to InstallLegacyAPIGroup. New API servers don't generally have legacy groups at all. + LegacyAPIGroupPrefixes sets.String + // RequestContextMapper maps requests to contexts. Exported so downstream consumers can provider their own mappers + // TODO confirm that anyone downstream actually uses this and doesn't just need an accessor + RequestContextMapper api.RequestContextMapper + // Serializer is required and provides the interface for serializing and converting objects to and from the wire + // The default (api.Codecs) usually works fine. + Serializer runtime.NegotiatedSerializer + // OpenAPIConfig will be used in generating OpenAPI spec. This has "working" defaults. OpenAPIConfig *common.Config - + // If specified, requests will be allocated a random timeout between this value, and twice this value. + // Note that it is up to the request handlers to ignore or honor this timeout. In seconds. + MinRequestTimeout int // MaxRequestsInFlight is the maximum number of parallel non-long-running requests. Every further // request has to wait. Applies only to non-mutating requests. MaxRequestsInFlight int // MaxMutatingRequestsInFlight is the maximum number of parallel mutating requests. Every further // request has to wait. MaxMutatingRequestsInFlight int - // Predicate which is true for paths of long-running http requests LongRunningFunc genericfilters.LongRunningRequestCheck - // Build the handler chains by decorating the apiHandler. - BuildHandlerChainsFunc func(apiHandler http.Handler, c *Config) (secure, insecure http.Handler) + // InsecureServingInfo is required to serve http. HTTP does NOT include authentication or authorization. + // You shouldn't be using this. It makes sig-auth sad. + InsecureServingInfo *ServingInfo - // LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests - // to InstallLegacyAPIGroup - LegacyAPIGroupPrefixes sets.String + //=========================================================================== + // values below here are targets for removal + //=========================================================================== + + APIResourceConfigSource APIResourceConfigSource + // The port on PublicAddress where a read-write server will be installed. + // Defaults to 6443 if not set. + ReadWritePort int + // PublicAddress is the IP address where members of the cluster (kubelet, + // kube-proxy, services, etc.) can reach the GenericAPIServer. + // If nil or 0.0.0.0, the host's default interface will be used. + PublicAddress net.IP } type ServingInfo struct { From b723333be38f565c5088a8b74d4a30e23a5fe6e6 Mon Sep 17 00:00:00 2001 From: deads2k Date: Mon, 5 Dec 2016 10:57:54 -0500 Subject: [PATCH 2/2] move APIResourceConfigSource to master --- cmd/kube-apiserver/app/server.go | 2 +- .../cmd/federation-apiserver/app/server.go | 1 - pkg/genericapiserver/config.go | 1 - pkg/master/master.go | 5 +++-- pkg/master/master_test.go | 11 +++++------ test/integration/framework/master_utils.go | 18 +++++++++--------- 6 files changed, 18 insertions(+), 20 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 4d4470d9e65..33dfdd2c083 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -270,7 +270,6 @@ func Run(s *options.ServerRunOptions) error { genericConfig.Authenticator = apiAuthenticator genericConfig.Authorizer = apiAuthorizer genericConfig.AdmissionControl = admissionController - genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource genericConfig.OpenAPIConfig.Info.Title = "Kubernetes" genericConfig.OpenAPIConfig.Definitions = generatedopenapi.OpenAPIDefinitions genericConfig.EnableOpenAPISupport = true @@ -280,6 +279,7 @@ func Run(s *options.ServerRunOptions) error { config := &master.Config{ GenericConfig: genericConfig, + APIResourceConfigSource: storageFactory.APIResourceConfigSource, StorageFactory: storageFactory, EnableWatchCache: s.GenericServerRunOptions.EnableWatchCache, EnableCoreControllers: true, diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index d05e0a2c291..8b98d450247 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -161,7 +161,6 @@ func Run(s *options.ServerRunOptions) error { genericConfig.Authenticator = apiAuthenticator genericConfig.Authorizer = apiAuthorizer genericConfig.AdmissionControl = admissionController - genericConfig.APIResourceConfigSource = storageFactory.APIResourceConfigSource genericConfig.OpenAPIConfig.Definitions = openapi.OpenAPIDefinitions genericConfig.EnableOpenAPISupport = true genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions diff --git a/pkg/genericapiserver/config.go b/pkg/genericapiserver/config.go index ed7782ac9a8..692386c0690 100644 --- a/pkg/genericapiserver/config.go +++ b/pkg/genericapiserver/config.go @@ -154,7 +154,6 @@ type Config struct { // values below here are targets for removal //=========================================================================== - APIResourceConfigSource APIResourceConfigSource // The port on PublicAddress where a read-write server will be installed. // Defaults to 6443 if not set. ReadWritePort int diff --git a/pkg/master/master.go b/pkg/master/master.go index 1dfa9467145..357592daa7a 100644 --- a/pkg/master/master.go +++ b/pkg/master/master.go @@ -77,6 +77,7 @@ const ( type Config struct { GenericConfig *genericapiserver.Config + APIResourceConfigSource genericapiserver.APIResourceConfigSource StorageFactory genericapiserver.StorageFactory EnableWatchCache bool EnableCoreControllers bool @@ -231,7 +232,7 @@ func (c completedConfig) New() (*Master, error) { } // install legacy rest storage - if c.GenericConfig.APIResourceConfigSource.AnyResourcesForVersionEnabled(apiv1.SchemeGroupVersion) { + if c.APIResourceConfigSource.AnyResourcesForVersionEnabled(apiv1.SchemeGroupVersion) { legacyRESTStorageProvider := corerest.LegacyRESTStorageProvider{ StorageFactory: c.StorageFactory, ProxyTransport: c.ProxyTransport, @@ -256,7 +257,7 @@ func (c completedConfig) New() (*Master, error) { rbacrest.RESTStorageProvider{}, storagerest.RESTStorageProvider{}, } - m.InstallAPIs(c.Config.GenericConfig.APIResourceConfigSource, restOptionsFactory.NewFor, restStorageProviders...) + m.InstallAPIs(c.Config.APIResourceConfigSource, restOptionsFactory.NewFor, restStorageProviders...) if c.Tunneler != nil { m.installTunneler(c.Tunneler, corev1client.NewForConfigOrDie(c.GenericConfig.LoopbackClientConfig).Nodes()) diff --git a/pkg/master/master_test.go b/pkg/master/master_test.go index 87b324c1f2b..17c7cae4b0d 100644 --- a/pkg/master/master_test.go +++ b/pkg/master/master_test.go @@ -66,9 +66,10 @@ func setUp(t *testing.T) (*Master, *etcdtesting.EtcdTestServer, Config, *assert. server, storageConfig := etcdtesting.NewUnsecuredEtcd3TestClientServer(t) config := &Config{ - GenericConfig: genericapiserver.NewConfig(), - APIServerServicePort: 443, - MasterCount: 1, + GenericConfig: genericapiserver.NewConfig(), + APIResourceConfigSource: DefaultAPIResourceConfigSource(), + APIServerServicePort: 443, + MasterCount: 1, } resourceEncoding := genericapiserver.NewDefaultResourceEncodingConfig() @@ -85,10 +86,8 @@ func setUp(t *testing.T) (*Master, *etcdtesting.EtcdTestServer, Config, *assert. config.GenericConfig.Version = &kubeVersion config.StorageFactory = storageFactory config.GenericConfig.LoopbackClientConfig = &restclient.Config{APIPath: "/api", ContentConfig: restclient.ContentConfig{NegotiatedSerializer: api.Codecs}} - config.GenericConfig.APIResourceConfigSource = DefaultAPIResourceConfigSource() config.GenericConfig.PublicAddress = net.ParseIP("192.168.10.4") config.GenericConfig.LegacyAPIGroupPrefixes = sets.NewString("/api") - config.GenericConfig.APIResourceConfigSource = DefaultAPIResourceConfigSource() config.GenericConfig.RequestContextMapper = api.NewRequestContextMapper() config.GenericConfig.LoopbackClientConfig = &restclient.Config{APIPath: "/api", ContentConfig: restclient.ContentConfig{NegotiatedSerializer: api.Codecs}} config.GenericConfig.EnableMetrics = true @@ -135,7 +134,7 @@ func limitedAPIResourceConfigSource() *genericapiserver.ResourceConfig { // newLimitedMaster only enables the core group, the extensions group, the batch group, and the autoscaling group. func newLimitedMaster(t *testing.T) (*Master, *etcdtesting.EtcdTestServer, Config, *assert.Assertions) { _, etcdserver, config, assert := setUp(t) - config.GenericConfig.APIResourceConfigSource = limitedAPIResourceConfigSource() + config.APIResourceConfigSource = limitedAPIResourceConfigSource() master, err := config.Complete().New() if err != nil { t.Fatalf("Error in bringing up the master: %v", err) diff --git a/test/integration/framework/master_utils.go b/test/integration/framework/master_utils.go index aacd675388a..0326f96bf1a 100644 --- a/test/integration/framework/master_utils.go +++ b/test/integration/framework/master_utils.go @@ -357,19 +357,19 @@ func NewMasterConfig() *master.Config { genericConfig := genericapiserver.NewConfig() kubeVersion := version.Get() genericConfig.Version = &kubeVersion - genericConfig.APIResourceConfigSource = master.DefaultAPIResourceConfigSource() genericConfig.Authorizer = authorizer.NewAlwaysAllowAuthorizer() genericConfig.AdmissionControl = admit.NewAlwaysAdmit() genericConfig.EnableMetrics = true return &master.Config{ - GenericConfig: genericConfig, - StorageFactory: storageFactory, - EnableCoreControllers: true, - EnableWatchCache: true, - KubeletClientConfig: kubeletclient.KubeletClientConfig{Port: 10250}, - APIServerServicePort: 443, - MasterCount: 1, + GenericConfig: genericConfig, + APIResourceConfigSource: master.DefaultAPIResourceConfigSource(), + StorageFactory: storageFactory, + EnableCoreControllers: true, + EnableWatchCache: true, + KubeletClientConfig: kubeletclient.KubeletClientConfig{Port: 10250}, + APIServerServicePort: 443, + MasterCount: 1, } } @@ -378,7 +378,7 @@ func NewIntegrationTestMasterConfig() *master.Config { masterConfig := NewMasterConfig() masterConfig.EnableCoreControllers = true masterConfig.GenericConfig.PublicAddress = net.ParseIP("192.168.10.4") - masterConfig.GenericConfig.APIResourceConfigSource = master.DefaultAPIResourceConfigSource() + masterConfig.APIResourceConfigSource = master.DefaultAPIResourceConfigSource() return masterConfig }