mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-31 07:20:13 +00:00
kube-aggregator: use shared informers from RecommendedConfig
This commit is contained in:
Dr. Stefan Schimanski
parent
b153268da7
commit
d99c7df360
@ -81,11 +81,10 @@ func createAggregatorConfig(kubeAPIServerConfig genericapiserver.Config, command
|
||||
SharedInformerFactory: externalInformers,
|
||||
},
|
||||
ExtraConfig: aggregatorapiserver.ExtraConfig{
|
||||
CoreKubeInformers: externalInformers,
|
||||
ProxyClientCert: certBytes,
|
||||
ProxyClientKey: keyBytes,
|
||||
ServiceResolver: serviceResolver,
|
||||
ProxyTransport: proxyTransport,
|
||||
ProxyClientCert: certBytes,
|
||||
ProxyClientKey: keyBytes,
|
||||
ServiceResolver: serviceResolver,
|
||||
ProxyTransport: proxyTransport,
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
@ -12,7 +12,7 @@ spec:
|
||||
args:
|
||||
- "/usr/local/bin/kube-aggregator"
|
||||
- "--secure-port=9443"
|
||||
- "--core-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
|
||||
- "--kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
|
||||
- "--authentication-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
|
||||
- "--authorization-kubeconfig=/var/run/auth-client/kube-aggregator.kubeconfig"
|
||||
- "--proxy-client-cert-file=/var/run/auth-proxy-client/client-auth-proxy.crt"
|
||||
|
||||
@ -30,7 +30,6 @@ import (
|
||||
genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
|
||||
"k8s.io/apiserver/pkg/registry/rest"
|
||||
genericapiserver "k8s.io/apiserver/pkg/server"
|
||||
kubeinformers "k8s.io/client-go/informers"
|
||||
"k8s.io/client-go/pkg/version"
|
||||
|
||||
"k8s.io/kube-aggregator/pkg/apis/apiregistration"
|
||||
@ -71,9 +70,6 @@ func init() {
|
||||
const legacyAPIServiceName = "v1."
|
||||
|
||||
type ExtraConfig struct {
|
||||
// CoreKubeInformers is used to watch kube resources
|
||||
CoreKubeInformers kubeinformers.SharedInformerFactory
|
||||
|
||||
// ProxyClientCert/Key are the client cert used to identify this proxy. Backing APIServices use
|
||||
// this to confirm the proxy's identity
|
||||
ProxyClientCert []byte
|
||||
@ -205,17 +201,17 @@ func (c completedConfig) NewWithDelegate(delegationTarget genericapiserver.Deleg
|
||||
s.GenericAPIServer.Handler.NonGoRestfulMux.Handle("/apis", apisHandler)
|
||||
s.GenericAPIServer.Handler.NonGoRestfulMux.UnlistedHandle("/apis/", apisHandler)
|
||||
|
||||
apiserviceRegistrationController := NewAPIServiceRegistrationController(informerFactory.Apiregistration().InternalVersion().APIServices(), c.ExtraConfig.CoreKubeInformers.Core().V1().Services(), s)
|
||||
apiserviceRegistrationController := NewAPIServiceRegistrationController(informerFactory.Apiregistration().InternalVersion().APIServices(), c.GenericConfig.SharedInformerFactory.Core().V1().Services(), s)
|
||||
availableController := statuscontrollers.NewAvailableConditionController(
|
||||
informerFactory.Apiregistration().InternalVersion().APIServices(),
|
||||
c.ExtraConfig.CoreKubeInformers.Core().V1().Services(),
|
||||
c.ExtraConfig.CoreKubeInformers.Core().V1().Endpoints(),
|
||||
c.GenericConfig.SharedInformerFactory.Core().V1().Services(),
|
||||
c.GenericConfig.SharedInformerFactory.Core().V1().Endpoints(),
|
||||
apiregistrationClient.Apiregistration(),
|
||||
)
|
||||
|
||||
s.GenericAPIServer.AddPostStartHook("start-kube-aggregator-informers", func(context genericapiserver.PostStartHookContext) error {
|
||||
informerFactory.Start(context.StopCh)
|
||||
c.ExtraConfig.CoreKubeInformers.Start(context.StopCh)
|
||||
c.GenericConfig.SharedInformerFactory.Start(context.StopCh)
|
||||
return nil
|
||||
})
|
||||
s.GenericAPIServer.AddPostStartHook("apiservice-registration-controller", func(context genericapiserver.PostStartHookContext) error {
|
||||
|
||||
@ -20,7 +20,6 @@ import (
|
||||
"fmt"
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"time"
|
||||
|
||||
"github.com/spf13/cobra"
|
||||
"github.com/spf13/pflag"
|
||||
@ -30,10 +29,6 @@ import (
|
||||
genericapiserver "k8s.io/apiserver/pkg/server"
|
||||
"k8s.io/apiserver/pkg/server/filters"
|
||||
genericoptions "k8s.io/apiserver/pkg/server/options"
|
||||
kubeinformers "k8s.io/client-go/informers"
|
||||
kubeclientset "k8s.io/client-go/kubernetes"
|
||||
"k8s.io/client-go/rest"
|
||||
"k8s.io/client-go/tools/clientcmd"
|
||||
"k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1"
|
||||
"k8s.io/kube-aggregator/pkg/apiserver"
|
||||
)
|
||||
@ -48,10 +43,6 @@ type AggregatorOptions struct {
|
||||
ProxyClientCertFile string
|
||||
ProxyClientKeyFile string
|
||||
|
||||
// CoreAPIKubeconfig is a filename for a kubeconfig file to contact the core API server with
|
||||
// If it is not set, the in cluster config is used
|
||||
CoreAPIKubeconfig string
|
||||
|
||||
StdOut io.Writer
|
||||
StdErr io.Writer
|
||||
}
|
||||
@ -86,9 +77,6 @@ func (o *AggregatorOptions) AddFlags(fs *pflag.FlagSet) {
|
||||
o.RecommendedOptions.AddFlags(fs)
|
||||
fs.StringVar(&o.ProxyClientCertFile, "proxy-client-cert-file", o.ProxyClientCertFile, "client certificate used identify the proxy to the API server")
|
||||
fs.StringVar(&o.ProxyClientKeyFile, "proxy-client-key-file", o.ProxyClientKeyFile, "client certificate key used identify the proxy to the API server")
|
||||
fs.StringVar(&o.CoreAPIKubeconfig, "core-kubeconfig", o.CoreAPIKubeconfig, ""+
|
||||
"kubeconfig file pointing at the 'core' kubernetes server with enough rights to get,list,watch "+
|
||||
" services,endpoints. If not set, the in-cluster config is used")
|
||||
}
|
||||
|
||||
// NewDefaultOptions builds a "normal" set of options. You wouldn't normally expose this, but hyperkube isn't cobra compatible
|
||||
@ -100,9 +88,6 @@ func NewDefaultOptions(out, err io.Writer) *AggregatorOptions {
|
||||
StdErr: err,
|
||||
}
|
||||
|
||||
// the shared informer is not needed for kube-aggregator. Disable the kubeconfig flag and the client creation.
|
||||
o.RecommendedOptions.CoreAPI = nil
|
||||
|
||||
return o
|
||||
}
|
||||
|
||||
@ -132,36 +117,16 @@ func (o AggregatorOptions) RunAggregator(stopCh <-chan struct{}) error {
|
||||
sets.NewString("attach", "exec", "proxy", "log", "portforward"),
|
||||
)
|
||||
|
||||
var kubeconfig *rest.Config
|
||||
var err error
|
||||
if len(o.CoreAPIKubeconfig) > 0 {
|
||||
loadingRules := &clientcmd.ClientConfigLoadingRules{ExplicitPath: o.CoreAPIKubeconfig}
|
||||
loader := clientcmd.NewNonInteractiveDeferredLoadingClientConfig(loadingRules, &clientcmd.ConfigOverrides{})
|
||||
|
||||
kubeconfig, err = loader.ClientConfig()
|
||||
|
||||
} else {
|
||||
kubeconfig, err = rest.InClusterConfig()
|
||||
}
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
coreAPIServerClient, err := kubeclientset.NewForConfig(kubeconfig)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
kubeInformers := kubeinformers.NewSharedInformerFactory(coreAPIServerClient, 5*time.Minute)
|
||||
serviceResolver := apiserver.NewClusterIPServiceResolver(kubeInformers.Core().V1().Services().Lister())
|
||||
serviceResolver := apiserver.NewClusterIPServiceResolver(serverConfig.SharedInformerFactory.Core().V1().Services().Lister())
|
||||
|
||||
config := apiserver.Config{
|
||||
GenericConfig: serverConfig,
|
||||
ExtraConfig: apiserver.ExtraConfig{
|
||||
CoreKubeInformers: kubeInformers,
|
||||
ServiceResolver: serviceResolver,
|
||||
ServiceResolver: serviceResolver,
|
||||
},
|
||||
}
|
||||
|
||||
var err error
|
||||
config.ExtraConfig.ProxyClientCert, err = ioutil.ReadFile(o.ProxyClientCertFile)
|
||||
if err != nil {
|
||||
return err
|
||||
|
||||
@ -264,7 +264,7 @@ func TestAggregatedAPIServer(t *testing.T) {
|
||||
"--requestheader-username-headers", "",
|
||||
"--proxy-client-cert-file", proxyClientCertFile.Name(),
|
||||
"--proxy-client-key-file", proxyClientKeyFile.Name(),
|
||||
"--core-kubeconfig", kubeconfigFile.Name(),
|
||||
"--kubeconfig", kubeconfigFile.Name(),
|
||||
"--authentication-kubeconfig", kubeconfigFile.Name(),
|
||||
"--authorization-kubeconfig", kubeconfigFile.Name(),
|
||||
"--etcd-servers", framework.GetEtcdURL(),
|
||||
|
||||
Loading…
Reference in New Issue
Block a user