github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-03 01:06:27 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #70520 from yue9944882/chore/switch-client-ca-hook-internalclient

Browse Source 
Follow-up of #70409: internal clientset switcher for registration hook
This commit is contained in:
k8s-ci-robot 2018-11-08 07:27:34 -08:00 committed by GitHub
commit ea74b0b59d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 27 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/master/BUILD
View File

@ -35,7 +35,6 @@ go_library(
"//pkg/apis/scheduling/install:go_default_library", "//pkg/apis/scheduling/install:go_default_library",
"//pkg/apis/settings/install:go_default_library", "//pkg/apis/settings/install:go_default_library",
"//pkg/apis/storage/install:go_default_library", "//pkg/apis/storage/install:go_default_library",
"//pkg/client/clientset_generated/internalclientset/typed/core/internalversion:go_default_library",
"//pkg/features:go_default_library", "//pkg/features:go_default_library",
"//pkg/kubeapiserver/options:go_default_library", "//pkg/kubeapiserver/options:go_default_library",
"//pkg/kubelet/client:go_default_library", "//pkg/kubelet/client:go_default_library",
@ -144,7 +143,6 @@ go_test(
"//pkg/apis/extensions:go_default_library", "//pkg/apis/extensions:go_default_library",
"//pkg/apis/rbac:go_default_library", "//pkg/apis/rbac:go_default_library",
"//pkg/apis/storage:go_default_library", "//pkg/apis/storage:go_default_library",
"//pkg/client/clientset_generated/internalclientset/fake:go_default_library",
"//pkg/generated/openapi:go_default_library", "//pkg/generated/openapi:go_default_library",
"//pkg/kubelet/client:go_default_library", "//pkg/kubelet/client:go_default_library",
"//pkg/master/reconcilers:go_default_library", "//pkg/master/reconcilers:go_default_library",

14
pkg/master/client_ca_hook.go
View File

@ -22,13 +22,13 @@ import (
"reflect" "reflect"
"time" "time"
corev1 "k8s.io/api/core/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors" apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
utilruntime "k8s.io/apimachinery/pkg/util/runtime" utilruntime "k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/wait"
genericapiserver "k8s.io/apiserver/pkg/server" genericapiserver "k8s.io/apiserver/pkg/server"
api "k8s.io/kubernetes/pkg/apis/core" corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
coreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion"
) )
type ClientCARegistrationHook struct { type ClientCARegistrationHook struct {
@ -49,7 +49,7 @@ func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.Pos
// retry building the config since sometimes the server can be in an in-between state which caused // retry building the config since sometimes the server can be in an in-between state which caused
// some kind of auto detection failure as I recall from other post start hooks. // some kind of auto detection failure as I recall from other post start hooks.
// TODO see if this is still true and fix the RBAC one too if it isn't. // TODO see if this is still true and fix the RBAC one too if it isn't.
client, err := coreclient.NewForConfig(hookContext.LoopbackClientConfig) client, err := corev1client.NewForConfig(hookContext.LoopbackClientConfig)
if err != nil { if err != nil {
utilruntime.HandleError(err) utilruntime.HandleError(err)
return false, nil return false, nil
@ -68,8 +68,8 @@ func (h ClientCARegistrationHook) PostStartHook(hookContext genericapiserver.Pos
// tryToWriteClientCAs is here for unit testing with a fake client. This is a wait.ConditionFunc so the bool // tryToWriteClientCAs is here for unit testing with a fake client. This is a wait.ConditionFunc so the bool
// indicates if the condition was met. True when its finished, false when it should retry. // indicates if the condition was met. True when its finished, false when it should retry.
func (h ClientCARegistrationHook) tryToWriteClientCAs(client coreclient.CoreInterface) (bool, error) { func (h ClientCARegistrationHook) tryToWriteClientCAs(client corev1client.CoreV1Interface) (bool, error) {
if err := createNamespaceIfNeededWithInternalClient(client, metav1.NamespaceSystem); err != nil { if err := createNamespaceIfNeeded(client, metav1.NamespaceSystem); err != nil {
utilruntime.HandleError(err) utilruntime.HandleError(err)
return false, nil return false, nil
} }
@ -119,10 +119,10 @@ func jsonSerializeStringSlice(in []string) (string, error) {
return string(out), err return string(out), err
} }
func writeConfigMap(client coreclient.ConfigMapsGetter, name string, data map[string]string) error { func writeConfigMap(client corev1client.ConfigMapsGetter, name string, data map[string]string) error {
existing, err := client.ConfigMaps(metav1.NamespaceSystem).Get(name, metav1.GetOptions{}) existing, err := client.ConfigMaps(metav1.NamespaceSystem).Get(name, metav1.GetOptions{})
if apierrors.IsNotFound(err) { if apierrors.IsNotFound(err) {
_, err := client.ConfigMaps(metav1.NamespaceSystem).Create(&api.ConfigMap{ _, err := client.ConfigMaps(metav1.NamespaceSystem).Create(&corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: name}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: name},
Data: data, Data: data,
}) })

40
pkg/master/client_ca_hook_test.go
View File

@ -20,12 +20,12 @@ import (
"reflect" "reflect"
"testing" "testing"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/diff" "k8s.io/apimachinery/pkg/util/diff"
"k8s.io/client-go/kubernetes/fake"
clienttesting "k8s.io/client-go/testing" clienttesting "k8s.io/client-go/testing"
api "k8s.io/kubernetes/pkg/apis/core"
"k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/fake"
) )
func TestWriteClientCAs(t *testing.T) { func TestWriteClientCAs(t *testing.T) {
@ -33,7 +33,7 @@ func TestWriteClientCAs(t *testing.T) {
name string name string
hook ClientCARegistrationHook hook ClientCARegistrationHook
preexistingObjs []runtime.Object preexistingObjs []runtime.Object
expectedConfigMaps map[string]*api.ConfigMap expectedConfigMaps map[string]*corev1.ConfigMap
expectUpdate bool expectUpdate bool
}{ }{
{ {
@ -46,7 +46,7 @@ func TestWriteClientCAs(t *testing.T) {
RequestHeaderCA: []byte("bar"), RequestHeaderCA: []byte("bar"),
RequestHeaderAllowedNames: []string{"first", "second"}, RequestHeaderAllowedNames: []string{"first", "second"},
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -66,7 +66,7 @@ func TestWriteClientCAs(t *testing.T) {
RequestHeaderCA: []byte("bar"), RequestHeaderCA: []byte("bar"),
RequestHeaderAllowedNames: []string{"first", "second"}, RequestHeaderAllowedNames: []string{"first", "second"},
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -84,7 +84,7 @@ func TestWriteClientCAs(t *testing.T) {
hook: ClientCARegistrationHook{ hook: ClientCARegistrationHook{
ClientCA: []byte("foo"), ClientCA: []byte("foo"),
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -98,7 +98,7 @@ func TestWriteClientCAs(t *testing.T) {
hook: ClientCARegistrationHook{ hook: ClientCARegistrationHook{
RequestHeaderCA: []byte("bar"), RequestHeaderCA: []byte("bar"),
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -117,14 +117,14 @@ func TestWriteClientCAs(t *testing.T) {
ClientCA: []byte("foo"), ClientCA: []byte("foo"),
}, },
preexistingObjs: []runtime.Object{ preexistingObjs: []runtime.Object{
&api.ConfigMap{ &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
"client-ca-file": "other", "client-ca-file": "other",
}, },
}, },
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -144,7 +144,7 @@ func TestWriteClientCAs(t *testing.T) {
RequestHeaderAllowedNames: []string{}, RequestHeaderAllowedNames: []string{},
}, },
preexistingObjs: []runtime.Object{ preexistingObjs: []runtime.Object{
&api.ConfigMap{ &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
"requestheader-username-headers": `null`, "requestheader-username-headers": `null`,
@ -155,7 +155,7 @@ func TestWriteClientCAs(t *testing.T) {
}, },
}, },
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -175,9 +175,9 @@ func TestWriteClientCAs(t *testing.T) {
ClientCA: []byte("foo"), ClientCA: []byte("foo"),
}, },
preexistingObjs: []runtime.Object{ preexistingObjs: []runtime.Object{
&api.Namespace{ObjectMeta: metav1.ObjectMeta{Name: metav1.NamespaceSystem}}, &corev1.Namespace{ObjectMeta: metav1.ObjectMeta{Name: metav1.NamespaceSystem}},
}, },
expectedConfigMaps: map[string]*api.ConfigMap{ expectedConfigMaps: map[string]*corev1.ConfigMap{
"extension-apiserver-authentication": { "extension-apiserver-authentication": {
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
@ -196,7 +196,7 @@ func TestWriteClientCAs(t *testing.T) {
RequestHeaderAllowedNames: []string{}, RequestHeaderAllowedNames: []string{},
}, },
preexistingObjs: []runtime.Object{ preexistingObjs: []runtime.Object{
&api.ConfigMap{ &corev1.ConfigMap{
ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"}, ObjectMeta: metav1.ObjectMeta{Namespace: metav1.NamespaceSystem, Name: "extension-apiserver-authentication"},
Data: map[string]string{ Data: map[string]string{
"requestheader-username-headers": `[]`, "requestheader-username-headers": `[]`,
@ -207,7 +207,7 @@ func TestWriteClientCAs(t *testing.T) {
}, },
}, },
}, },
expectedConfigMaps: map[string]*api.ConfigMap{}, expectedConfigMaps: map[string]*corev1.ConfigMap{},
expectUpdate: false, expectUpdate: false,
}, },
} }
@ -217,7 +217,7 @@ func TestWriteClientCAs(t *testing.T) {
client := fake.NewSimpleClientset(test.preexistingObjs...) client := fake.NewSimpleClientset(test.preexistingObjs...)
test.hook.tryToWriteClientCAs(client.Core()) test.hook.tryToWriteClientCAs(client.Core())
actualConfigMaps, updated := getFinalConfiMaps(client) actualConfigMaps, updated := getFinalConfigMaps(client)
if !reflect.DeepEqual(test.expectedConfigMaps, actualConfigMaps) { if !reflect.DeepEqual(test.expectedConfigMaps, actualConfigMaps) {
t.Fatalf("%s: %v", test.name, diff.ObjectReflectDiff(test.expectedConfigMaps, actualConfigMaps)) t.Fatalf("%s: %v", test.name, diff.ObjectReflectDiff(test.expectedConfigMaps, actualConfigMaps))
} }
@ -228,18 +228,18 @@ func TestWriteClientCAs(t *testing.T) {
} }
} }
func getFinalConfiMaps(client *fake.Clientset) (map[string]*api.ConfigMap, bool) { func getFinalConfigMaps(client *fake.Clientset) (map[string]*corev1.ConfigMap, bool) {
ret := map[string]*api.ConfigMap{} ret := map[string]*corev1.ConfigMap{}
updated := false updated := false
for _, action := range client.Actions() { for _, action := range client.Actions() {
if action.Matches("create", "configmaps") { if action.Matches("create", "configmaps") {
obj := action.(clienttesting.CreateAction).GetObject().(*api.ConfigMap) obj := action.(clienttesting.CreateAction).GetObject().(*corev1.ConfigMap)
ret[obj.Name] = obj ret[obj.Name] = obj
} }
if action.Matches("update", "configmaps") { if action.Matches("update", "configmaps") {
updated = true updated = true
obj := action.(clienttesting.UpdateAction).GetObject().(*api.ConfigMap) obj := action.(clienttesting.UpdateAction).GetObject().(*corev1.ConfigMap)
ret[obj.Name] = obj ret[obj.Name] = obj
} }
} }

21
pkg/master/client_util.go
View File

@ -21,8 +21,6 @@ import (
"k8s.io/apimachinery/pkg/api/errors" "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
corev1client "k8s.io/client-go/kubernetes/typed/core/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1"
api "k8s.io/kubernetes/pkg/apis/core"
coreclient "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset/typed/core/internalversion"
) )
func createNamespaceIfNeeded(c corev1client.NamespacesGetter, ns string) error { func createNamespaceIfNeeded(c corev1client.NamespacesGetter, ns string) error {
@ -42,22 +40,3 @@ func createNamespaceIfNeeded(c corev1client.NamespacesGetter, ns string) error {
} }
return err return err
} }
// TODO(yue9944882): Remove it once we switch ClientCARegistrationHook to external types
func createNamespaceIfNeededWithInternalClient(c coreclient.NamespacesGetter, ns string) error {
if _, err := c.Namespaces().Get(ns, metav1.GetOptions{}); err == nil {
// the namespace already exists
return nil
}
newNs := &api.Namespace{
ObjectMeta: metav1.ObjectMeta{
Name: ns,
Namespace: "",
},
}
_, err := c.Namespaces().Create(newNs)
if err != nil && errors.IsAlreadyExists(err) {
err = nil
}
return err
}