mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-24 09:05:45 +00:00
146 lines
5.1 KiB
Bash
Executable File
146 lines
5.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Copyright 2016 The Kubernetes Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Script to fetch latest openapi spec.
|
|
# Puts the updated spec at api/openapi-spec/
|
|
|
|
set -o errexit
|
|
set -o nounset
|
|
set -o pipefail
|
|
|
|
KUBE_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
|
|
DISCOVERY_ROOT_DIR="${KUBE_ROOT}/api/discovery"
|
|
OPENAPI_ROOT_DIR="${KUBE_ROOT}/api/openapi-spec"
|
|
source "${KUBE_ROOT}/hack/lib/init.sh"
|
|
|
|
kube::util::require-jq
|
|
kube::golang::setup_env
|
|
|
|
make -C "${KUBE_ROOT}" WHAT=cmd/kube-apiserver
|
|
|
|
function cleanup()
|
|
{
|
|
if [[ -n ${APISERVER_PID-} ]]; then
|
|
kill "${APISERVER_PID}" 1>&2 2>/dev/null
|
|
wait "${APISERVER_PID}" || true
|
|
fi
|
|
unset APISERVER_PID
|
|
|
|
kube::etcd::cleanup
|
|
|
|
kube::log::status "Clean up complete"
|
|
}
|
|
|
|
trap cleanup EXIT SIGINT
|
|
|
|
kube::golang::setup_env
|
|
|
|
TMP_DIR=${TMP_DIR:-$(kube::realpath "$(mktemp -d -t "$(basename "$0").XXXXXX")")}
|
|
ETCD_HOST=${ETCD_HOST:-127.0.0.1}
|
|
ETCD_PORT=${ETCD_PORT:-2379}
|
|
API_PORT=${API_PORT:-8050}
|
|
API_HOST=${API_HOST:-127.0.0.1}
|
|
API_LOGFILE=${API_LOGFILE:-${TMP_DIR}/openapi-api-server.log}
|
|
|
|
kube::etcd::start
|
|
|
|
echo "dummy_token,admin,admin" > "${TMP_DIR}/tokenauth.csv"
|
|
|
|
# setup envs for TokenRequest required flags
|
|
SERVICE_ACCOUNT_LOOKUP=${SERVICE_ACCOUNT_LOOKUP:-true}
|
|
SERVICE_ACCOUNT_KEY=${SERVICE_ACCOUNT_KEY:-${TMP_DIR}/kube-serviceaccount.key}
|
|
# Generate ServiceAccount key if needed
|
|
if [[ ! -f "${SERVICE_ACCOUNT_KEY}" ]]; then
|
|
mkdir -p "$(dirname "${SERVICE_ACCOUNT_KEY}")"
|
|
openssl genrsa -out "${SERVICE_ACCOUNT_KEY}" 2048 2>/dev/null
|
|
fi
|
|
|
|
# Start kube-apiserver
|
|
# omit enums from static openapi snapshots used to generate clients until #109177 is resolved
|
|
kube::log::status "Starting kube-apiserver"
|
|
"${KUBE_OUTPUT_HOSTBIN}/kube-apiserver" \
|
|
--bind-address="${API_HOST}" \
|
|
--secure-port="${API_PORT}" \
|
|
--etcd-servers="http://${ETCD_HOST}:${ETCD_PORT}" \
|
|
--advertise-address="10.10.10.10" \
|
|
--cert-dir="${TMP_DIR}/certs" \
|
|
--feature-gates=AllAlpha=true,OpenAPIEnums=false \
|
|
--runtime-config="api/all=true" \
|
|
--token-auth-file="${TMP_DIR}/tokenauth.csv" \
|
|
--authorization-mode=RBAC \
|
|
--service-account-key-file="${SERVICE_ACCOUNT_KEY}" \
|
|
--service-account-lookup="${SERVICE_ACCOUNT_LOOKUP}" \
|
|
--service-account-issuer="https://kubernetes.default.svc" \
|
|
--service-account-signing-key-file="${SERVICE_ACCOUNT_KEY}" \
|
|
--v=2 \
|
|
--service-cluster-ip-range="10.0.0.0/24" >"${API_LOGFILE}" 2>&1 &
|
|
APISERVER_PID=$!
|
|
|
|
if ! kube::util::wait_for_url "https://${API_HOST}:${API_PORT}/healthz" "apiserver: "; then
|
|
kube::log::error "Here are the last 10 lines from kube-apiserver (${API_LOGFILE})"
|
|
kube::log::error "=== BEGIN OF LOG ==="
|
|
tail -10 "${API_LOGFILE}" >&2 || :
|
|
kube::log::error "=== END OF LOG ==="
|
|
exit 1
|
|
fi
|
|
|
|
kube::log::status "Updating aggregated discovery"
|
|
|
|
rm -fr "${DISCOVERY_ROOT_DIR}"
|
|
mkdir -p "${DISCOVERY_ROOT_DIR}"
|
|
curl -kfsS -H 'Authorization: Bearer dummy_token' -H 'Accept: application/json;g=apidiscovery.k8s.io;v=v2beta1;as=APIGroupDiscoveryList' "https://${API_HOST}:${API_PORT}/apis" | jq -S . > "${DISCOVERY_ROOT_DIR}/aggregated_v2beta1.json"
|
|
|
|
kube::log::status "Updating " "${OPENAPI_ROOT_DIR} for OpenAPI v2"
|
|
|
|
rm -f "${OPENAPI_ROOT_DIR}/swagger.json"
|
|
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
|
|
"https://${API_HOST}:${API_PORT}/openapi/v2" \
|
|
| jq -S '.info.version="unversioned"' \
|
|
> "${OPENAPI_ROOT_DIR}/swagger.json"
|
|
|
|
kube::log::status "Updating " "${OPENAPI_ROOT_DIR}/v3 for OpenAPI v3"
|
|
|
|
mkdir -p "${OPENAPI_ROOT_DIR}/v3"
|
|
# clean up folder, note that some files start with dot like
|
|
# ".well-known__openid-configuration_openapi.json"
|
|
rm -r "${OPENAPI_ROOT_DIR}"/v3/{*,.*} || true
|
|
|
|
rm -rf "${OPENAPI_ROOT_DIR}/v3/*"
|
|
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
|
|
"https://${API_HOST}:${API_PORT}/openapi/v3" \
|
|
| jq -r '.paths | to_entries | .[].key' \
|
|
| while read -r group; do
|
|
kube::log::status "Updating OpenAPI spec and discovery for group ${group}"
|
|
OPENAPI_FILENAME="${group}_openapi.json"
|
|
OPENAPI_FILENAME_ESCAPED="${OPENAPI_FILENAME//\//__}"
|
|
OPENAPI_PATH="${OPENAPI_ROOT_DIR}/v3/${OPENAPI_FILENAME_ESCAPED}"
|
|
curl -w "\n" -kfsS -H 'Authorization: Bearer dummy_token' \
|
|
"https://${API_HOST}:${API_PORT}/openapi/v3/{$group}" \
|
|
| jq -S '.info.version="unversioned"' \
|
|
> "$OPENAPI_PATH"
|
|
|
|
if [[ "${group}" == "api"* ]]; then
|
|
DISCOVERY_FILENAME="${group}.json"
|
|
DISCOVERY_FILENAME_ESCAPED="${DISCOVERY_FILENAME//\//__}"
|
|
DISCOVERY_PATH="${DISCOVERY_ROOT_DIR}/${DISCOVERY_FILENAME_ESCAPED}"
|
|
curl -kfsS -H 'Authorization: Bearer dummy_token' "https://${API_HOST}:${API_PORT}/{$group}" | jq -S . > "$DISCOVERY_PATH"
|
|
fi
|
|
done
|
|
|
|
kube::log::status "SUCCESS"
|
|
|
|
# ex: ts=2 sw=2 et filetype=sh
|