From 1b39b3e73a5073e5b12a897bf1c1017d561c05c8 Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Mon, 1 May 2017 15:07:46 +0200 Subject: [PATCH 1/7] refactor admission options --- cmd/kube-apiserver/app/options/options.go | 2 ++ cmd/kube-apiserver/app/server.go | 5 ++--- .../federation-apiserver/app/options/options.go | 2 ++ federation/cmd/federation-apiserver/app/server.go | 5 ++--- .../apiserver/pkg/server/options/admission.go | 14 +++++++------- 5 files changed, 15 insertions(+), 13 deletions(-) diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 736067c22501f..2c211e54eb46f 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -112,6 +112,8 @@ func NewServerRunOptions() *ServerRunOptions { } // Overwrite the default for storage data format. s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" + // Set the default for admission plugins names + s.Admission.PluginsNames = []string{"AlwaysAdmit"} return &s } diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 35915073c80e0..6f8f9ced22c0b 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -374,7 +374,6 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, // BuildAdmission constructs the admission chain func BuildAdmission(s *options.ServerRunOptions, plugins *admission.Plugins, client internalclientset.Interface, sharedInformers informers.SharedInformerFactory, apiAuthorizer authorizer.Authorizer) (admission.Interface, error) { - admissionControlPluginNames := strings.Split(s.Admission.Control, ",") var cloudConfig []byte var err error @@ -387,11 +386,11 @@ func BuildAdmission(s *options.ServerRunOptions, plugins *admission.Plugins, cli // TODO: use a dynamic restmapper. See https://github.com/kubernetes/kubernetes/pull/42615. restMapper := api.Registry.RESTMapper() pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, restMapper) - admissionConfigProvider, err := admission.ReadAdmissionConfiguration(admissionControlPluginNames, s.Admission.ControlConfigFile) + admissionConfigProvider, err := admission.ReadAdmissionConfiguration(s.Admission.PluginsNames, s.Admission.ConfigFile) if err != nil { return nil, fmt.Errorf("failed to read plugin config: %v", err) } - return plugins.NewFromPlugins(admissionControlPluginNames, admissionConfigProvider, pluginInitializer) + return plugins.NewFromPlugins(s.Admission.PluginsNames, admissionConfigProvider, pluginInitializer) } // BuildAuthenticator constructs the authenticator diff --git a/federation/cmd/federation-apiserver/app/options/options.go b/federation/cmd/federation-apiserver/app/options/options.go index a2f49d491d1a5..ab95b910bb03b 100644 --- a/federation/cmd/federation-apiserver/app/options/options.go +++ b/federation/cmd/federation-apiserver/app/options/options.go @@ -70,6 +70,8 @@ func NewServerRunOptions() *ServerRunOptions { } // Overwrite the default for storage data format. s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" + // Set the default for admission plugins names + s.Admission.PluginsNames = []string{"AlwaysAdmit"} return &s } diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 8cea7ece4fbef..033d49f114a2b 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -185,7 +185,6 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { return fmt.Errorf("invalid Authorization Config: %v", err) } - admissionControlPluginNames := strings.Split(s.Admission.Control, ",") var cloudConfig []byte if s.CloudProvider.CloudConfigFile != "" { @@ -195,11 +194,11 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { } } pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, nil) - admissionConfigProvider, err := admission.ReadAdmissionConfiguration(admissionControlPluginNames, s.Admission.ControlConfigFile) + admissionConfigProvider, err := admission.ReadAdmissionConfiguration(s.Admission.PluginsNames, s.Admission.ConfigFile) if err != nil { return fmt.Errorf("failed to read plugin config: %v", err) } - admissionController, err := kubeapiserveradmission.Plugins.NewFromPlugins(admissionControlPluginNames, admissionConfigProvider, pluginInitializer) + admissionController, err := kubeapiserveradmission.Plugins.NewFromPlugins(s.Admission.PluginsNames, admissionConfigProvider, pluginInitializer) if err != nil { return fmt.Errorf("failed to initialize plugins: %v", err) } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index 6f1774a72b198..dcdfc217a298d 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -25,25 +25,25 @@ import ( // AdmissionOptions holds the admission options type AdmissionOptions struct { - Control string - ControlConfigFile string - Plugins *admission.Plugins + PluginsNames []string + ConfigFile string + Plugins *admission.Plugins } // NewAdmissionOptions creates a new instance of AdmissionOptions func NewAdmissionOptions(plugins *admission.Plugins) *AdmissionOptions { return &AdmissionOptions{ - Plugins: plugins, - Control: "AlwaysAdmit", + Plugins: plugins, + PluginsNames: []string{}, } } // AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringVar(&a.Control, "admission-control", a.Control, ""+ + fs.StringSliceVar(&a.PluginsNames, "admission-control", a.PluginsNames, ""+ "Ordered list of plug-ins to do admission control of resources into cluster. "+ "Comma-delimited list of: "+strings.Join(a.Plugins.Registered(), ", ")+".") - fs.StringVar(&a.ControlConfigFile, "admission-control-config-file", a.ControlConfigFile, + fs.StringVar(&a.ConfigFile, "admission-control-config-file", a.ConfigFile, "File with admission control configuration.") } From 4c13d313dbd493ea2e1fce82f07aea27509342e9 Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Thu, 4 May 2017 16:04:26 +0200 Subject: [PATCH 2/7] Implemented AdmissionOptions.ApplyTo which adds admission control to the server configuration. --- cmd/kube-apiserver/app/server.go | 27 +++++---- .../cmd/federation-apiserver/app/server.go | 16 +++--- .../apiserver/pkg/server/options/admission.go | 55 +++++++++++++++++-- 3 files changed, 74 insertions(+), 24 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 6f8f9ced22c0b..a45fbfaceaa23 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -359,38 +359,43 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName) } - genericConfig.AdmissionControl, err = BuildAdmission(s, - s.Admission.Plugins, + pluginInitializer, err := BuildAdmissionPluginInitializer( + s, client, sharedInformers, genericConfig.Authorizer, ) if err != nil { - return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) + return nil, nil, nil, fmt.Errorf("failed to create admission plugin initializer: %v", err) } + err = s.Admission.ApplyTo( + pluginInitializer, + genericConfig.Authorizer, + genericConfig.LoopbackClientConfig, + genericConfig) + if err != nil { + return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) + } return genericConfig, sharedInformers, insecureServingOptions, nil } -// BuildAdmission constructs the admission chain -func BuildAdmission(s *options.ServerRunOptions, plugins *admission.Plugins, client internalclientset.Interface, sharedInformers informers.SharedInformerFactory, apiAuthorizer authorizer.Authorizer) (admission.Interface, error) { +// BuildAdmissionPluginInitializer constructs the admission plugin initializer +func BuildAdmissionPluginInitializer(s *options.ServerRunOptions, client internalclientset.Interface, sharedInformers informers.SharedInformerFactory, apiAuthorizer authorizer.Authorizer) (admission.PluginInitializer, error) { var cloudConfig []byte - var err error if s.CloudProvider.CloudConfigFile != "" { + var err error cloudConfig, err = ioutil.ReadFile(s.CloudProvider.CloudConfigFile) if err != nil { glog.Fatalf("Error reading from cloud configuration file %s: %#v", s.CloudProvider.CloudConfigFile, err) } } + // TODO: use a dynamic restmapper. See https://github.com/kubernetes/kubernetes/pull/42615. restMapper := api.Registry.RESTMapper() pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, restMapper) - admissionConfigProvider, err := admission.ReadAdmissionConfiguration(s.Admission.PluginsNames, s.Admission.ConfigFile) - if err != nil { - return nil, fmt.Errorf("failed to read plugin config: %v", err) - } - return plugins.NewFromPlugins(s.Admission.PluginsNames, admissionConfigProvider, pluginInitializer) + return pluginInitializer, nil } // BuildAuthenticator constructs the authenticator diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 033d49f114a2b..aa976071d76d3 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -34,7 +34,6 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" utilerrors "k8s.io/apimachinery/pkg/util/errors" "k8s.io/apimachinery/pkg/util/sets" - "k8s.io/apiserver/pkg/admission" genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/apiserver/pkg/server/filters" serverstorage "k8s.io/apiserver/pkg/server/storage" @@ -186,19 +185,21 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { } var cloudConfig []byte - if s.CloudProvider.CloudConfigFile != "" { cloudConfig, err = ioutil.ReadFile(s.CloudProvider.CloudConfigFile) if err != nil { glog.Fatalf("Error reading from cloud configuration file %s: %#v", s.CloudProvider.CloudConfigFile, err) } } + pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, nil) - admissionConfigProvider, err := admission.ReadAdmissionConfiguration(s.Admission.PluginsNames, s.Admission.ConfigFile) - if err != nil { - return fmt.Errorf("failed to read plugin config: %v", err) - } - admissionController, err := kubeapiserveradmission.Plugins.NewFromPlugins(s.Admission.PluginsNames, admissionConfigProvider, pluginInitializer) + + err = s.Admission.ApplyTo( + pluginInitializer, + apiAuthorizer, + genericConfig.LoopbackClientConfig, + genericConfig, + ) if err != nil { return fmt.Errorf("failed to initialize plugins: %v", err) } @@ -207,7 +208,6 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { genericConfig.Version = &kubeVersion genericConfig.Authenticator = apiAuthenticator genericConfig.Authorizer = apiAuthorizer - genericConfig.AdmissionControl = admissionController genericConfig.OpenAPIConfig = genericapiserver.DefaultOpenAPIConfig(openapi.GetOpenAPIDefinitions, api.Scheme) genericConfig.OpenAPIConfig.PostProcessSpec = postProcessOpenAPISpecForBackwardCompatibility genericConfig.OpenAPIConfig.SecurityDefinitions = securityDefinitions diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index dcdfc217a298d..ee11eb2591d12 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -17,24 +17,33 @@ limitations under the License. package options import ( + "fmt" "strings" "github.com/spf13/pflag" "k8s.io/apiserver/pkg/admission" + "k8s.io/apiserver/pkg/admission/initializer" + "k8s.io/apiserver/pkg/authorization/authorizer" + "k8s.io/apiserver/pkg/server" + "k8s.io/client-go/informers" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" ) // AdmissionOptions holds the admission options type AdmissionOptions struct { - PluginsNames []string - ConfigFile string - Plugins *admission.Plugins + PluginsNames []string + ConfigFile string + Plugins *admission.Plugins + genericPluginInitializer admission.PluginInitializer } // NewAdmissionOptions creates a new instance of AdmissionOptions func NewAdmissionOptions(plugins *admission.Plugins) *AdmissionOptions { return &AdmissionOptions{ - Plugins: plugins, - PluginsNames: []string{}, + Plugins: plugins, + PluginsNames: []string{}, + genericPluginInitializer: nil, } } @@ -47,3 +56,39 @@ func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { fs.StringVar(&a.ConfigFile, "admission-control-config-file", a.ConfigFile, "File with admission control configuration.") } + +// ApplyTo adds the admission chain to the server configuration +// note that pluginIntializer is optional, a generic plugin intializer will always be provided and appended +// to the list of plugin initializers. +func (a *AdmissionOptions) ApplyTo(pluginInitializer admission.PluginInitializer, authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config) error { + pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(a.PluginsNames, a.ConfigFile) + if err != nil { + return fmt.Errorf("failed to read plugin config: %v", err) + } + + // initi generic plugin initalizer + if a.genericPluginInitializer == nil { + clientset, err := kubernetes.NewForConfig(restConfig) + if err != nil { + return err + } + sharedInformers := informers.NewSharedInformerFactory(clientset, restConfig.Timeout) + genericInitializer, err := initializer.New(clientset, sharedInformers, authz) + if err != nil { + return err + } + a.genericPluginInitializer = genericInitializer + } + + pluginInitializers := admission.PluginInitializers{a.genericPluginInitializer} + if pluginInitializer != nil { + pluginInitializers = append(pluginInitializers, pluginInitializer) + } + admissionChain, err := a.Plugins.NewFromPlugins(a.PluginsNames, pluginsConfigProvider, pluginInitializers) + if err != nil { + return err + } + + serverCfg.AdmissionControl = admissionChain + return nil +} From 9bc0ea11da9309b09bb4837a40e0c8d9a1d6d20c Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Fri, 5 May 2017 22:02:22 +0200 Subject: [PATCH 3/7] passing shared informers to admission options as a dependency --- cmd/kube-apiserver/app/server.go | 3 ++- federation/cmd/federation-apiserver/app/server.go | 1 + staging/src/k8s.io/apiserver/pkg/server/config.go | 3 +++ .../src/k8s.io/apiserver/pkg/server/options/admission.go | 5 ++--- .../src/k8s.io/apiserver/pkg/server/options/serving.go | 9 +++++++++ 5 files changed, 17 insertions(+), 4 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index a45fbfaceaa23..e259a7460417a 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -373,7 +373,8 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, pluginInitializer, genericConfig.Authorizer, genericConfig.LoopbackClientConfig, - genericConfig) + genericConfig, + genericConfig.SharedInformerFactory) if err != nil { return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) } diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index aa976071d76d3..c81ea21a3554d 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -199,6 +199,7 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { apiAuthorizer, genericConfig.LoopbackClientConfig, genericConfig, + genericConfig.SharedInformerFactory, ) if err != nil { return fmt.Errorf("failed to initialize plugins: %v", err) diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go index cc2bff33439b3..a6ae5b8fd65ba 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/config.go +++ b/staging/src/k8s.io/apiserver/pkg/server/config.go @@ -55,6 +55,7 @@ import ( "k8s.io/apiserver/pkg/server/healthz" "k8s.io/apiserver/pkg/server/mux" "k8s.io/apiserver/pkg/server/routes" + "k8s.io/client-go/informers" restclient "k8s.io/client-go/rest" certutil "k8s.io/client-go/util/cert" @@ -113,6 +114,8 @@ type Config struct { // FallThroughHandler is the final HTTP handler in the chain. If it is nil, one will be created for you. // It comes after all filters and the API handling FallThroughHandler *mux.PathRecorderMux + // SharedInformerFactory provides shared informers for resources + SharedInformerFactory informers.SharedInformerFactory //=========================================================================== // Fields you probably don't care about changing diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index ee11eb2591d12..d0f9dd229ffea 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -60,19 +60,18 @@ func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { // ApplyTo adds the admission chain to the server configuration // note that pluginIntializer is optional, a generic plugin intializer will always be provided and appended // to the list of plugin initializers. -func (a *AdmissionOptions) ApplyTo(pluginInitializer admission.PluginInitializer, authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config) error { +func (a *AdmissionOptions) ApplyTo(pluginInitializer admission.PluginInitializer, authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config, sharedInformers informers.SharedInformerFactory) error { pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(a.PluginsNames, a.ConfigFile) if err != nil { return fmt.Errorf("failed to read plugin config: %v", err) } - // initi generic plugin initalizer + // init generic plugin initalizer if a.genericPluginInitializer == nil { clientset, err := kubernetes.NewForConfig(restConfig) if err != nil { return err } - sharedInformers := informers.NewSharedInformerFactory(clientset, restConfig.Timeout) genericInitializer, err := initializer.New(clientset, sharedInformers, authz) if err != nil { return err diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go index d536a3cb44ca0..977cfd11749ed 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go @@ -32,6 +32,8 @@ import ( utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apiserver/pkg/server" utilflag "k8s.io/apiserver/pkg/util/flag" + "k8s.io/client-go/informers" + "k8s.io/client-go/kubernetes" certutil "k8s.io/client-go/util/cert" ) @@ -167,6 +169,13 @@ func (s *SecureServingOptions) ApplyTo(c *server.Config) error { c.SecureServingInfo.SNICerts[server.LoopbackClientServerNameOverride] = &tlsCert } + // create shared informers + clientset, err := kubernetes.NewForConfig(c.LoopbackClientConfig) + if err != nil { + return err + } + c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, c.LoopbackClientConfig.Timeout) + return nil } From 58309bc68d2aa3018ed167f45faed0c92610a79d Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Sun, 7 May 2017 09:18:18 +0200 Subject: [PATCH 4/7] making ApplyTo variadic --- cmd/kube-apiserver/app/server.go | 4 ++-- federation/cmd/federation-apiserver/app/server.go | 2 +- .../apiserver/pkg/server/options/admission.go | 14 ++++++-------- 3 files changed, 9 insertions(+), 11 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index e259a7460417a..6b89bfacc995d 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -370,11 +370,11 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, } err = s.Admission.ApplyTo( - pluginInitializer, genericConfig.Authorizer, genericConfig.LoopbackClientConfig, genericConfig, - genericConfig.SharedInformerFactory) + genericConfig.SharedInformerFactory, + pluginInitializer) if err != nil { return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) } diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index c81ea21a3554d..322a9682258a6 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -195,11 +195,11 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, nil) err = s.Admission.ApplyTo( - pluginInitializer, apiAuthorizer, genericConfig.LoopbackClientConfig, genericConfig, genericConfig.SharedInformerFactory, + pluginInitializer, ) if err != nil { return fmt.Errorf("failed to initialize plugins: %v", err) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index d0f9dd229ffea..36fadd5a11fdd 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -58,9 +58,8 @@ func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { } // ApplyTo adds the admission chain to the server configuration -// note that pluginIntializer is optional, a generic plugin intializer will always be provided and appended -// to the list of plugin initializers. -func (a *AdmissionOptions) ApplyTo(pluginInitializer admission.PluginInitializer, authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config, sharedInformers informers.SharedInformerFactory) error { +// the method lazily initializes a generic plugin that is appended to the list of pluginInitializers +func (a *AdmissionOptions) ApplyTo(authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config, sharedInformers informers.SharedInformerFactory, pluginInitializers ...admission.PluginInitializer) error { pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(a.PluginsNames, a.ConfigFile) if err != nil { return fmt.Errorf("failed to read plugin config: %v", err) @@ -79,11 +78,10 @@ func (a *AdmissionOptions) ApplyTo(pluginInitializer admission.PluginInitializer a.genericPluginInitializer = genericInitializer } - pluginInitializers := admission.PluginInitializers{a.genericPluginInitializer} - if pluginInitializer != nil { - pluginInitializers = append(pluginInitializers, pluginInitializer) - } - admissionChain, err := a.Plugins.NewFromPlugins(a.PluginsNames, pluginsConfigProvider, pluginInitializers) + initializersChain := admission.PluginInitializers{} + pluginInitializers = append(pluginInitializers, a.genericPluginInitializer) + initializersChain = append(initializersChain, pluginInitializers...) + admissionChain, err := a.Plugins.NewFromPlugins(a.PluginsNames, pluginsConfigProvider, initializersChain) if err != nil { return err } From 319f1d326253ce351fa40582de89fb5aa3d184fe Mon Sep 17 00:00:00 2001 From: p0lyn0mial Date: Mon, 8 May 2017 08:41:05 +0200 Subject: [PATCH 5/7] changing the name to PluginNames --- cmd/kube-apiserver/app/options/options.go | 2 +- .../cmd/federation-apiserver/app/options/options.go | 2 +- .../k8s.io/apiserver/pkg/server/options/admission.go | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/cmd/kube-apiserver/app/options/options.go b/cmd/kube-apiserver/app/options/options.go index 2c211e54eb46f..f3ce2fad017e1 100644 --- a/cmd/kube-apiserver/app/options/options.go +++ b/cmd/kube-apiserver/app/options/options.go @@ -113,7 +113,7 @@ func NewServerRunOptions() *ServerRunOptions { // Overwrite the default for storage data format. s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" // Set the default for admission plugins names - s.Admission.PluginsNames = []string{"AlwaysAdmit"} + s.Admission.PluginNames = []string{"AlwaysAdmit"} return &s } diff --git a/federation/cmd/federation-apiserver/app/options/options.go b/federation/cmd/federation-apiserver/app/options/options.go index ab95b910bb03b..b4d9292e50dc4 100644 --- a/federation/cmd/federation-apiserver/app/options/options.go +++ b/federation/cmd/federation-apiserver/app/options/options.go @@ -71,7 +71,7 @@ func NewServerRunOptions() *ServerRunOptions { // Overwrite the default for storage data format. s.Etcd.DefaultStorageMediaType = "application/vnd.kubernetes.protobuf" // Set the default for admission plugins names - s.Admission.PluginsNames = []string{"AlwaysAdmit"} + s.Admission.PluginNames = []string{"AlwaysAdmit"} return &s } diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go index 36fadd5a11fdd..aa8a40ef8f531 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/admission.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/admission.go @@ -32,7 +32,7 @@ import ( // AdmissionOptions holds the admission options type AdmissionOptions struct { - PluginsNames []string + PluginNames []string ConfigFile string Plugins *admission.Plugins genericPluginInitializer admission.PluginInitializer @@ -42,14 +42,14 @@ type AdmissionOptions struct { func NewAdmissionOptions(plugins *admission.Plugins) *AdmissionOptions { return &AdmissionOptions{ Plugins: plugins, - PluginsNames: []string{}, + PluginNames: []string{}, genericPluginInitializer: nil, } } // AddFlags adds flags related to admission for a specific APIServer to the specified FlagSet func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { - fs.StringSliceVar(&a.PluginsNames, "admission-control", a.PluginsNames, ""+ + fs.StringSliceVar(&a.PluginNames, "admission-control", a.PluginNames, ""+ "Ordered list of plug-ins to do admission control of resources into cluster. "+ "Comma-delimited list of: "+strings.Join(a.Plugins.Registered(), ", ")+".") @@ -60,7 +60,7 @@ func (a *AdmissionOptions) AddFlags(fs *pflag.FlagSet) { // ApplyTo adds the admission chain to the server configuration // the method lazily initializes a generic plugin that is appended to the list of pluginInitializers func (a *AdmissionOptions) ApplyTo(authz authorizer.Authorizer, restConfig *rest.Config, serverCfg *server.Config, sharedInformers informers.SharedInformerFactory, pluginInitializers ...admission.PluginInitializer) error { - pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(a.PluginsNames, a.ConfigFile) + pluginsConfigProvider, err := admission.ReadAdmissionConfiguration(a.PluginNames, a.ConfigFile) if err != nil { return fmt.Errorf("failed to read plugin config: %v", err) } @@ -81,7 +81,7 @@ func (a *AdmissionOptions) ApplyTo(authz authorizer.Authorizer, restConfig *rest initializersChain := admission.PluginInitializers{} pluginInitializers = append(pluginInitializers, a.genericPluginInitializer) initializersChain = append(initializersChain, pluginInitializers...) - admissionChain, err := a.Plugins.NewFromPlugins(a.PluginsNames, pluginsConfigProvider, initializersChain) + admissionChain, err := a.Plugins.NewFromPlugins(a.PluginNames, pluginsConfigProvider, initializersChain) if err != nil { return err } From 52ded617d6347f5aaf334bd462175c2dedad5fc8 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 8 May 2017 14:30:46 +0200 Subject: [PATCH 6/7] Unify internal and external informers in apiserver --- cmd/kube-apiserver/app/server.go | 103 ++++++++++-------- .../cmd/federation-apiserver/app/server.go | 24 ++-- .../src/k8s.io/apiserver/pkg/server/config.go | 3 - .../apiserver/pkg/server/options/serving.go | 9 -- .../etcd/etcd_storage_path_test.go | 4 +- test/integration/examples/apiserver_test.go | 4 +- 6 files changed, 78 insertions(+), 69 deletions(-) diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go index 6b89bfacc995d..d5c8e7e7d543e 100644 --- a/cmd/kube-apiserver/app/server.go +++ b/cmd/kube-apiserver/app/server.go @@ -51,6 +51,8 @@ import ( "k8s.io/apiserver/pkg/server/filters" serverstorage "k8s.io/apiserver/pkg/server/storage" + clientgoinformers "k8s.io/client-go/informers" + clientgo "k8s.io/client-go/kubernetes" "k8s.io/kubernetes/cmd/kube-apiserver/app/options" "k8s.io/kubernetes/cmd/kube-apiserver/app/preflight" "k8s.io/kubernetes/pkg/api" @@ -99,11 +101,11 @@ cluster's shared state through which all other components interact.`, // Run runs the specified APIServer. This should never exit. func Run(runOptions *options.ServerRunOptions, stopCh <-chan struct{}) error { - kubeAPIServerConfig, sharedInformers, insecureServingOptions, err := CreateKubeAPIServerConfig(runOptions) + kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, insecureServingOptions, err := CreateKubeAPIServerConfig(runOptions) if err != nil { return err } - kubeAPIServer, err := CreateKubeAPIServer(kubeAPIServerConfig, sharedInformers, stopCh) + kubeAPIServer, err := CreateKubeAPIServer(kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, stopCh) if err != nil { return err } @@ -129,7 +131,7 @@ func Run(runOptions *options.ServerRunOptions, stopCh <-chan struct{}) error { if err != nil { return err } - aggregatorServer, err := createAggregatorServer(aggregatorConfig, kubeAPIServer.GenericAPIServer, sharedInformers, stopCh) + aggregatorServer, err := createAggregatorServer(aggregatorConfig, kubeAPIServer.GenericAPIServer, internalSharedInformers, stopCh) if err != nil { // we don't need special handling for innerStopCh because the aggregator server doesn't create any go routines return err @@ -138,13 +140,14 @@ func Run(runOptions *options.ServerRunOptions, stopCh <-chan struct{}) error { } // CreateKubeAPIServer creates and wires a workable kube-apiserver -func CreateKubeAPIServer(kubeAPIServerConfig *master.Config, sharedInformers informers.SharedInformerFactory, stopCh <-chan struct{}) (*master.Master, error) { +func CreateKubeAPIServer(kubeAPIServerConfig *master.Config, internalSharedInformers informers.SharedInformerFactory, externalSharedInformers clientgoinformers.SharedInformerFactory, stopCh <-chan struct{}) (*master.Master, error) { kubeAPIServer, err := kubeAPIServerConfig.Complete().New() if err != nil { return nil, err } kubeAPIServer.GenericAPIServer.AddPostStartHook("start-kube-apiserver-informers", func(context genericapiserver.PostStartHookContext) error { - sharedInformers.Start(stopCh) + internalSharedInformers.Start(stopCh) + externalSharedInformers.Start(stopCh) return nil }) @@ -152,24 +155,24 @@ func CreateKubeAPIServer(kubeAPIServerConfig *master.Config, sharedInformers inf } // CreateKubeAPIServerConfig creates all the resources for running the API server, but runs none of them -func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, informers.SharedInformerFactory, *kubeserver.InsecureServingInfo, error) { +func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, informers.SharedInformerFactory, clientgoinformers.SharedInformerFactory, *kubeserver.InsecureServingInfo, error) { // set defaults in the options before trying to create the generic config if err := defaultOptions(s); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } // validate options if errs := s.Validate(); len(errs) != 0 { - return nil, nil, nil, utilerrors.NewAggregate(errs) + return nil, nil, nil, nil, utilerrors.NewAggregate(errs) } - genericConfig, sharedInformers, insecureServingOptions, err := BuildGenericConfig(s) + genericConfig, internalSharedInformerFactory, externalSharedInformerFactory, insecureServingOptions, err := BuildGenericConfig(s) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := utilwait.PollImmediate(etcdRetryInterval, etcdRetryLimit*etcdRetryInterval, preflight.EtcdConnection{ServerList: s.Etcd.StorageConfig.ServerList}.CheckEtcdServers); err != nil { - return nil, nil, nil, fmt.Errorf("error waiting for etcd connection: %v", err) + return nil, nil, nil, nil, fmt.Errorf("error waiting for etcd connection: %v", err) } capabilities.Initialize(capabilities.Capabilities{ @@ -191,7 +194,7 @@ func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, inf var installSSHKey tunneler.InstallSSHKey cloud, err := cloudprovider.InitCloudProvider(s.CloudProvider.CloudProvider, s.CloudProvider.CloudConfigFile) if err != nil { - return nil, nil, nil, fmt.Errorf("cloud provider could not be initialized: %v", err) + return nil, nil, nil, nil, fmt.Errorf("cloud provider could not be initialized: %v", err) } if cloud != nil { if instances, supported := cloud.Instances(); supported { @@ -199,10 +202,10 @@ func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, inf } } if s.KubeletConfig.Port == 0 { - return nil, nil, nil, fmt.Errorf("must enable kubelet port if proxy ssh-tunneling is specified") + return nil, nil, nil, nil, fmt.Errorf("must enable kubelet port if proxy ssh-tunneling is specified") } if s.KubeletConfig.ReadOnlyPort == 0 { - return nil, nil, nil, fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified") + return nil, nil, nil, nil, fmt.Errorf("must enable kubelet readonly port if proxy ssh-tunneling is specified") } // Set up the nodeTunneler // TODO(cjcullen): If we want this to handle per-kubelet ports or other @@ -228,21 +231,21 @@ func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, inf serviceIPRange, apiServerServiceIP, err := master.DefaultServiceIPRange(s.ServiceClusterIPRange) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } storageFactory, err := BuildStorageFactory(s) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } clientCA, err := readCAorNil(s.Authentication.ClientCert.ClientCA) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } requestHeaderProxyCA, err := readCAorNil(s.Authentication.RequestHeader.ClientCAFile) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } config := &master.Config{ @@ -278,30 +281,30 @@ func CreateKubeAPIServerConfig(s *options.ServerRunOptions) (*master.Config, inf MasterCount: s.MasterCount, } - return config, sharedInformers, insecureServingOptions, nil + return config, internalSharedInformerFactory, externalSharedInformerFactory, insecureServingOptions, nil } // BuildGenericConfig takes the master server options and produces the genericapiserver.Config associated with it -func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, informers.SharedInformerFactory, *kubeserver.InsecureServingInfo, error) { +func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, informers.SharedInformerFactory, clientgoinformers.SharedInformerFactory, *kubeserver.InsecureServingInfo, error) { genericConfig := genericapiserver.NewConfig(api.Codecs) if err := s.GenericServerRunOptions.ApplyTo(genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } insecureServingOptions, err := s.InsecureServing.ApplyTo(genericConfig) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := s.SecureServing.ApplyTo(genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := s.Authentication.ApplyTo(genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := s.Audit.ApplyTo(genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := s.Features.ApplyTo(genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } genericConfig.OpenAPIConfig = genericapiserver.DefaultOpenAPIConfig(generatedopenapi.GetOpenAPIDefinitions, api.Scheme) @@ -319,10 +322,10 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, storageFactory, err := BuildStorageFactory(s) if err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } if err := s.Etcd.ApplyWithStorageFactoryTo(storageFactory, genericConfig); err != nil { - return nil, nil, nil, err + return nil, nil, nil, nil, err } // Use protobufs for self-communication. @@ -331,29 +334,37 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, // set it in kube-apiserver. genericConfig.LoopbackClientConfig.ContentConfig.ContentType = "application/vnd.kubernetes.protobuf" - client, err := internalclientset.NewForConfig(genericConfig.LoopbackClientConfig) - if err != nil { - kubeAPIVersions := os.Getenv("KUBE_API_VERSIONS") - if len(kubeAPIVersions) == 0 { - return nil, nil, nil, fmt.Errorf("failed to create clientset: %v", err) - } + kubeAPIVersions := os.Getenv("KUBE_API_VERSIONS") + internalClient, intErr := internalclientset.NewForConfig(genericConfig.LoopbackClientConfig) + if intErr != nil && len(kubeAPIVersions) == 0 { + return nil, nil, nil, nil, fmt.Errorf("failed to create internal clientset: %v", intErr) + } + externalClient, extErr := clientgo.NewForConfig(genericConfig.LoopbackClientConfig) + if extErr != nil && len(kubeAPIVersions) == 0 { + return nil, nil, nil, nil, fmt.Errorf("failed to create external clientset: %v", extErr) + } + + if intErr != nil || extErr != nil { // KUBE_API_VERSIONS is used in test-update-storage-objects.sh, disabling a number of API // groups. This leads to a nil client above and undefined behaviour further down. // // TODO: get rid of KUBE_API_VERSIONS or define sane behaviour if set - glog.Errorf("Failed to create clientset with KUBE_API_VERSIONS=%q. KUBE_API_VERSIONS is only for testing. Things will break.", kubeAPIVersions) + glog.Errorf("Failed to create client with KUBE_API_VERSIONS=%q. KUBE_API_VERSIONS is only for testing. Things will break.", kubeAPIVersions) } - sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) - genericConfig.Authenticator, genericConfig.OpenAPIConfig.SecurityDefinitions, err = BuildAuthenticator(s, storageFactory, client, sharedInformers) + // create shared informers + internalSharedInformersFactory := informers.NewSharedInformerFactory(internalClient, 10*time.Minute) + externalSharedInformerFactory := clientgoinformers.NewSharedInformerFactory(externalClient, genericConfig.LoopbackClientConfig.Timeout) + + genericConfig.Authenticator, genericConfig.OpenAPIConfig.SecurityDefinitions, err = BuildAuthenticator(s, storageFactory, internalClient, internalSharedInformersFactory) if err != nil { - return nil, nil, nil, fmt.Errorf("invalid authentication config: %v", err) + return nil, nil, nil, nil, fmt.Errorf("invalid authentication config: %v", err) } - genericConfig.Authorizer, err = BuildAuthorizer(s, sharedInformers) + genericConfig.Authorizer, err = BuildAuthorizer(s, internalSharedInformersFactory) if err != nil { - return nil, nil, nil, fmt.Errorf("invalid authorization config: %v", err) + return nil, nil, nil, nil, fmt.Errorf("invalid authorization config: %v", err) } if !sets.NewString(s.Authorization.Modes()...).Has(modes.ModeRBAC) { genericConfig.DisabledPostStartHooks.Insert(rbacrest.PostStartHookName) @@ -361,24 +372,24 @@ func BuildGenericConfig(s *options.ServerRunOptions) (*genericapiserver.Config, pluginInitializer, err := BuildAdmissionPluginInitializer( s, - client, - sharedInformers, + internalClient, + internalSharedInformersFactory, genericConfig.Authorizer, ) if err != nil { - return nil, nil, nil, fmt.Errorf("failed to create admission plugin initializer: %v", err) + return nil, nil, nil, nil, fmt.Errorf("failed to create admission plugin initializer: %v", err) } err = s.Admission.ApplyTo( genericConfig.Authorizer, genericConfig.LoopbackClientConfig, genericConfig, - genericConfig.SharedInformerFactory, + externalSharedInformerFactory, pluginInitializer) if err != nil { - return nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) + return nil, nil, nil, nil, fmt.Errorf("failed to initialize admission: %v", err) } - return genericConfig, sharedInformers, insecureServingOptions, nil + return genericConfig, internalSharedInformersFactory, externalSharedInformerFactory, insecureServingOptions, nil } // BuildAdmissionPluginInitializer constructs the admission plugin initializer diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go index 322a9682258a6..51752a6b4f8b6 100644 --- a/federation/cmd/federation-apiserver/app/server.go +++ b/federation/cmd/federation-apiserver/app/server.go @@ -37,6 +37,8 @@ import ( genericapiserver "k8s.io/apiserver/pkg/server" "k8s.io/apiserver/pkg/server/filters" serverstorage "k8s.io/apiserver/pkg/server/storage" + clientgoinformers "k8s.io/client-go/informers" + clientgo "k8s.io/client-go/kubernetes" federationv1beta1 "k8s.io/kubernetes/federation/apis/federation/v1beta1" "k8s.io/kubernetes/federation/cmd/federation-apiserver/app/options" "k8s.io/kubernetes/pkg/api" @@ -172,13 +174,20 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { return fmt.Errorf("invalid Authentication Config: %v", err) } - client, err := internalclientset.NewForConfig(genericConfig.LoopbackClientConfig) + internalClient, err := internalclientset.NewForConfig(genericConfig.LoopbackClientConfig) if err != nil { - return fmt.Errorf("failed to create clientset: %v", err) + return fmt.Errorf("failed to create internal clientset: %v", err) } - sharedInformers := informers.NewSharedInformerFactory(client, 10*time.Minute) - authorizationConfig := s.Authorization.ToAuthorizationConfig(sharedInformers) + externalClient, err := clientgo.NewForConfig(genericConfig.LoopbackClientConfig) + if err != nil { + return fmt.Errorf("failed to create external clientset: %v", err) + } + + internalSharedInformers := informers.NewSharedInformerFactory(internalClient, 10*time.Minute) + externalSharedInformers := clientgoinformers.NewSharedInformerFactory(externalClient, genericConfig.LoopbackClientConfig.Timeout) + + authorizationConfig := s.Authorization.ToAuthorizationConfig(internalSharedInformers) apiAuthorizer, err := authorizationConfig.New() if err != nil { return fmt.Errorf("invalid Authorization Config: %v", err) @@ -192,13 +201,13 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { } } - pluginInitializer := kubeapiserveradmission.NewPluginInitializer(client, sharedInformers, apiAuthorizer, cloudConfig, nil) + pluginInitializer := kubeapiserveradmission.NewPluginInitializer(internalClient, internalSharedInformers, apiAuthorizer, cloudConfig, nil) err = s.Admission.ApplyTo( apiAuthorizer, genericConfig.LoopbackClientConfig, genericConfig, - genericConfig.SharedInformerFactory, + externalSharedInformers, pluginInitializer, ) if err != nil { @@ -249,7 +258,8 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error { err = m.PrepareRun().NonBlockingRun(stopCh) if err == nil { - sharedInformers.Start(stopCh) + internalSharedInformers.Start(stopCh) + externalSharedInformers.Start(stopCh) } return err } diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go index a6ae5b8fd65ba..cc2bff33439b3 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/config.go +++ b/staging/src/k8s.io/apiserver/pkg/server/config.go @@ -55,7 +55,6 @@ import ( "k8s.io/apiserver/pkg/server/healthz" "k8s.io/apiserver/pkg/server/mux" "k8s.io/apiserver/pkg/server/routes" - "k8s.io/client-go/informers" restclient "k8s.io/client-go/rest" certutil "k8s.io/client-go/util/cert" @@ -114,8 +113,6 @@ type Config struct { // FallThroughHandler is the final HTTP handler in the chain. If it is nil, one will be created for you. // It comes after all filters and the API handling FallThroughHandler *mux.PathRecorderMux - // SharedInformerFactory provides shared informers for resources - SharedInformerFactory informers.SharedInformerFactory //=========================================================================== // Fields you probably don't care about changing diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go index 977cfd11749ed..d536a3cb44ca0 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/serving.go +++ b/staging/src/k8s.io/apiserver/pkg/server/options/serving.go @@ -32,8 +32,6 @@ import ( utilnet "k8s.io/apimachinery/pkg/util/net" "k8s.io/apiserver/pkg/server" utilflag "k8s.io/apiserver/pkg/util/flag" - "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" certutil "k8s.io/client-go/util/cert" ) @@ -169,13 +167,6 @@ func (s *SecureServingOptions) ApplyTo(c *server.Config) error { c.SecureServingInfo.SNICerts[server.LoopbackClientServerNameOverride] = &tlsCert } - // create shared informers - clientset, err := kubernetes.NewForConfig(c.LoopbackClientConfig) - if err != nil { - return err - } - c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, c.LoopbackClientConfig.Timeout) - return nil } diff --git a/test/integration/etcd/etcd_storage_path_test.go b/test/integration/etcd/etcd_storage_path_test.go index 7256f7e7cb8a7..1566d8ec0b6a1 100644 --- a/test/integration/etcd/etcd_storage_path_test.go +++ b/test/integration/etcd/etcd_storage_path_test.go @@ -554,14 +554,14 @@ func startRealMasterOrDie(t *testing.T, certDir string) (*allClient, clientv3.KV kubeAPIServerOptions.SecureServing.BindPort = kubePort - kubeAPIServerConfig, sharedInformers, _, err := app.CreateKubeAPIServerConfig(kubeAPIServerOptions) + kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, _, err := app.CreateKubeAPIServerConfig(kubeAPIServerOptions) if err != nil { t.Fatal(err) } kubeAPIServerConfig.APIResourceConfigSource = &allResourceSource{} // force enable all resources - kubeAPIServer, err := app.CreateKubeAPIServer(kubeAPIServerConfig, sharedInformers, wait.NeverStop) + kubeAPIServer, err := app.CreateKubeAPIServer(kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, wait.NeverStop) if err != nil { t.Fatal(err) } diff --git a/test/integration/examples/apiserver_test.go b/test/integration/examples/apiserver_test.go index b468ee2bc6d3c..1f808e2a497ee 100644 --- a/test/integration/examples/apiserver_test.go +++ b/test/integration/examples/apiserver_test.go @@ -111,13 +111,13 @@ func TestAggregatedAPIServer(t *testing.T) { kubeAPIServerOptions.Authentication.ClientCert.ClientCA = clientCACertFile.Name() kubeAPIServerOptions.Authorization.Mode = "RBAC" - kubeAPIServerConfig, sharedInformers, _, err := app.CreateKubeAPIServerConfig(kubeAPIServerOptions) + kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, _, err := app.CreateKubeAPIServerConfig(kubeAPIServerOptions) if err != nil { t.Fatal(err) } kubeClientConfigValue.Store(kubeAPIServerConfig.GenericConfig.LoopbackClientConfig) - kubeAPIServer, err := app.CreateKubeAPIServer(kubeAPIServerConfig, sharedInformers, wait.NeverStop) + kubeAPIServer, err := app.CreateKubeAPIServer(kubeAPIServerConfig, internalSharedInformers, externalSharedInformers, wait.NeverStop) if err != nil { t.Fatal(err) } From 86ba29d015433f66356145a4b0155927679f6a97 Mon Sep 17 00:00:00 2001 From: "Dr. Stefan Schimanski" Date: Mon, 8 May 2017 14:31:00 +0200 Subject: [PATCH 7/7] Update bazel --- cmd/kube-apiserver/app/BUILD | 1 + federation/cmd/federation-apiserver/app/BUILD | 3 ++- staging/src/k8s.io/apiserver/pkg/server/options/BUILD | 4 ++++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/cmd/kube-apiserver/app/BUILD b/cmd/kube-apiserver/app/BUILD index 3388c4fb6ec87..b399c58248a79 100644 --- a/cmd/kube-apiserver/app/BUILD +++ b/cmd/kube-apiserver/app/BUILD @@ -85,6 +85,7 @@ go_library( "//vendor/k8s.io/apiserver/pkg/server/mux:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/options:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/storage:go_default_library", + "//vendor/k8s.io/client-go/informers:go_default_library", "//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/kube-aggregator/pkg/apis/apiregistration:go_default_library", "//vendor/k8s.io/kube-aggregator/pkg/apiserver:go_default_library", diff --git a/federation/cmd/federation-apiserver/app/BUILD b/federation/cmd/federation-apiserver/app/BUILD index 2a8aab51e9e58..f9162eeb09773 100644 --- a/federation/cmd/federation-apiserver/app/BUILD +++ b/federation/cmd/federation-apiserver/app/BUILD @@ -75,12 +75,13 @@ go_library( "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/sets:go_default_library", - "//vendor/k8s.io/apiserver/pkg/admission:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/rest:go_default_library", "//vendor/k8s.io/apiserver/pkg/server:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/filters:go_default_library", "//vendor/k8s.io/apiserver/pkg/server/storage:go_default_library", + "//vendor/k8s.io/client-go/informers:go_default_library", + "//vendor/k8s.io/client-go/kubernetes:go_default_library", ], ) diff --git a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD index 2ef511007f04b..dfbe858898239 100644 --- a/staging/src/k8s.io/apiserver/pkg/server/options/BUILD +++ b/staging/src/k8s.io/apiserver/pkg/server/options/BUILD @@ -53,7 +53,9 @@ go_library( "//vendor/k8s.io/apimachinery/pkg/runtime/serializer:go_default_library", "//vendor/k8s.io/apimachinery/pkg/util/net:go_default_library", "//vendor/k8s.io/apiserver/pkg/admission:go_default_library", + "//vendor/k8s.io/apiserver/pkg/admission/initializer:go_default_library", "//vendor/k8s.io/apiserver/pkg/authentication/authenticatorfactory:go_default_library", + "//vendor/k8s.io/apiserver/pkg/authorization/authorizer:go_default_library", "//vendor/k8s.io/apiserver/pkg/authorization/authorizerfactory:go_default_library", "//vendor/k8s.io/apiserver/pkg/features:go_default_library", "//vendor/k8s.io/apiserver/pkg/registry/generic:go_default_library", @@ -63,6 +65,8 @@ go_library( "//vendor/k8s.io/apiserver/pkg/storage/storagebackend:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/feature:go_default_library", "//vendor/k8s.io/apiserver/pkg/util/flag:go_default_library", + "//vendor/k8s.io/client-go/informers:go_default_library", + "//vendor/k8s.io/client-go/kubernetes:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/authentication/v1beta1:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/authorization/v1beta1:go_default_library", "//vendor/k8s.io/client-go/kubernetes/typed/core/v1:go_default_library",