Documentation ¶
Overview ¶
Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.
Package origin provides objects for creating an OpenShift Origin server
Index ¶
- Variables
- func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
- func NewAuthenticator(options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, ...) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)
- func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer
- func NewInformers(options configapi.MasterConfig) (*informers, error)
- func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)
- func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver
- func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, ...) (*serviceProxyHandler, error)
- func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator
- func PanicOnGRPCStuckThreads(interval time.Duration, stopCh <-chan struct{})
- func StartProfiler()
- func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler
- type CompletedConfig
- type CompletedOpenshiftNonAPIConfig
- type GenericResourceInformer
- type InformerAccess
- type MasterConfig
- func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
- func (c *MasterConfig) Run(stopCh <-chan struct{}) error
- func (c *MasterConfig) RunDNSServer()
- func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error
- func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error
- type NonAPIExtraConfig
- type OpenshiftAPIConfig
- type OpenshiftAPIExtraConfig
- type OpenshiftAPIServer
- type OpenshiftNonAPIConfig
- type OpenshiftNonAPIServer
- type SecurityAllocationController
- type ServiceResolver
- type TooManyThreadsStuckHealth
Constants ¶
This section is empty.
Variables ¶
var ( // OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema. // This list should not grow and adding a new types to the locked Origin API schema will // cause a unit test failure. OriginLegacyKinds = sets.NewString( "AppliedClusterResourceQuota", "AppliedClusterResourceQuotaList", "BinaryBuildRequestOptions", "Build", "BuildConfig", "BuildConfigList", "BuildList", "BuildLog", "BuildLogOptions", "BuildRequest", "ClusterNetwork", "ClusterNetworkList", "ClusterPolicy", "ClusterPolicyBinding", "ClusterPolicyBindingList", "ClusterPolicyList", "ClusterResourceQuota", "ClusterResourceQuotaList", "ClusterRole", "ClusterRoleBinding", "ClusterRoleBindingList", "ClusterRoleList", "DeploymentConfig", "DeploymentConfigList", "DeploymentConfigRollback", "DeploymentLog", "DeploymentLogOptions", "DeploymentRequest", "EgressNetworkPolicy", "EgressNetworkPolicyList", "Group", "GroupList", "HostSubnet", "HostSubnetList", "Identity", "IdentityList", "Image", "ImageList", "ImageSignature", "ImageStream", "ImageStreamImage", "ImageStreamImport", "ImageStreamList", "ImageStreamMapping", "ImageStreamTag", "ImageStreamTagList", "IsPersonalSubjectAccessReview", "LocalResourceAccessReview", "LocalSubjectAccessReview", "NetNamespace", "NetNamespaceList", "OAuthAccessToken", "OAuthAccessTokenList", "OAuthAuthorizeToken", "OAuthAuthorizeTokenList", "OAuthClient", "OAuthClientAuthorization", "OAuthClientAuthorizationList", "OAuthClientList", "OAuthRedirectReference", "PodSecurityPolicyReview", "PodSecurityPolicySelfSubjectReview", "PodSecurityPolicySubjectReview", "Policy", "PolicyBinding", "PolicyBindingList", "PolicyList", "ProcessedTemplate", "Project", "ProjectList", "ProjectRequest", "ResourceAccessReview", "ResourceAccessReviewResponse", "Role", "RoleBinding", "RoleBindingList", "RoleBindingRestriction", "RoleBindingRestrictionList", "RoleList", "Route", "RouteList", "SelfSubjectRulesReview", "SubjectAccessReview", "SubjectAccessReviewResponse", "SubjectRulesReview", "Template", "TemplateConfig", "TemplateList", "User", "UserIdentityMapping", "UserList", ) // OriginLegacyResources lists all Origin resources that are locked for the legacy v1 // Origin API. This list should not grow. OriginLegacyResources = sets.NewString( "appliedClusterResourceQuotas", "buildConfigs", "builds", "clusterNetworks", "clusterPolicies", "clusterPolicyBindings", "clusterResourceQuotas", "clusterRoleBindings", "clusterRoles", "deploymentConfigRollbacks", "deploymentConfigs", "egressNetworkPolicies", "groups", "hostSubnets", "identities", "imageStreamImages", "imageStreamImports", "imageStreamMappings", "imageStreamTags", "imageStreams", "images", "imagesignatures", "localResourceAccessReviews", "localSubjectAccessReviews", "netNamespaces", "oAuthAccessTokens", "oAuthAuthorizeTokens", "oAuthClientAuthorizations", "oAuthClients", "podSecurityPolicyReviews", "podSecurityPolicySelfSubjectReviews", "podSecurityPolicySubjectReviews", "policies", "policyBindings", "processedTemplates", "projectRequests", "projects", "resourceAccessReviews", "roleBindingRestrictions", "roleBindings", "roles", "routes", "selfSubjectRulesReviews", "subjectAccessReviews", "subjectRulesReviews", "templates", "userIdentityMappings", "users", ) // OriginLegacySubresources lists all Origin sub-resources that are locked for the // legacy v1 Origin API. This list should not grow. OriginLegacySubresources = sets.NewString( "clusterResourceQuotas/status", "processedTemplates", "imageStreams/status", "imageStreams/secrets", "generateDeploymentConfigs", "deploymentConfigs/log", "deploymentConfigs/instantiate", "deploymentConfigs/scale", "deploymentConfigs/status", "deploymentConfigs/rollback", "routes/status", "builds/clone", "builds/log", "builds/details", "buildConfigs/webhooks", "buildConfigs/instantiate", "buildConfigs/instantiatebinary", ) )
var GRPCThreadLimit = 0
Functions ¶
func LegacyStorage ¶
LegacyStorage returns a storage for locked legacy types.
func NewAuthenticator ¶
func NewAuthenticator( options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, informers InformerAccess, ) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)
func NewAuthorizer ¶
func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer
func NewInformers ¶
func NewInformers(options configapi.MasterConfig) (*informers, error)
NewInformers is only exposed for the build's integration testing until it can be fixed more appropriately.
func NewOAuthServerConfigFromMasterConfig ¶
func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)
TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start
func NewRuleResolver ¶
func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver
func NewServiceProxyHandler ¶
func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, caBundle []byte, applicationDisplayName string) (*serviceProxyHandler, error)
NewServiceProxyHandler is a simple proxy that doesn't handle upgrades, passes headers directly through, and doesn't assert any identity.
func NewSubjectLocator ¶
func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator
func PanicOnGRPCStuckThreads ¶
func StartProfiler ¶
func StartProfiler()
Types ¶
type CompletedConfig ¶
type CompletedConfig struct {
// contains filtered or unexported fields
}
func (CompletedConfig) New ¶
func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftAPIServer, error)
type CompletedOpenshiftNonAPIConfig ¶
type CompletedOpenshiftNonAPIConfig struct {
// contains filtered or unexported fields
}
func (CompletedOpenshiftNonAPIConfig) New ¶
func (c CompletedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftNonAPIServer, error)
type GenericResourceInformer ¶
type GenericResourceInformer interface { ForResource(resource schema.GroupVersionResource) (kexternalinformers.GenericInformer, error) Start(stopCh <-chan struct{}) }
type InformerAccess ¶
type InformerAccess interface { GetInternalKubeInformers() kinternalinformers.SharedInformerFactory GetExternalKubeInformers() kinformers.SharedInformerFactory GetClientGoKubeInformers() kubeclientgoinformers.SharedInformerFactory GetAppInformers() appinformer.SharedInformerFactory GetAuthorizationInformers() authorizationinformer.SharedInformerFactory GetBuildInformers() buildinformer.SharedInformerFactory GetImageInformers() imageinformer.SharedInformerFactory GetNetworkInformers() networkinformer.SharedInformerFactory GetOauthInformers() oauthinformer.SharedInformerFactory GetQuotaInformers() quotainformer.SharedInformerFactory GetSecurityInformers() securityinformer.SharedInformerFactory GetRouteInformers() routeinformer.SharedInformerFactory GetUserInformers() userinformer.SharedInformerFactory GetTemplateInformers() templateinformer.SharedInformerFactory ToGenericInformer() GenericResourceInformer Start(stopCh <-chan struct{}) }
type MasterConfig ¶
type MasterConfig struct { Options configapi.MasterConfig // RESTOptionsGetter provides access to storage and RESTOptions for a particular resource RESTOptionsGetter restoptions.Getter RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator rbacauthorizer.SubjectLocator ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry // is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever KubeletClientConfig *kubeletclient.KubeletClientConfig // PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components // To apply different access control to a system component, create a client config specifically for that component. PrivilegedLoopbackClientConfig restclient.Config // PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface // PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface AuditBackend audit.Backend // TODO inspect uses to eliminate them InternalKubeInformers kinternalinformers.SharedInformerFactory ClientGoKubeInformers kubeclientgoinformers.SharedInformerFactory AuthorizationInformers authorizationinformer.SharedInformerFactory RouteInformers routeinformer.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory // contains filtered or unexported fields }
MasterConfig defines the required parameters for starting the OpenShift master
func BuildMasterConfig ¶ added in v0.3.3
func BuildMasterConfig( options configapi.MasterConfig, informers InformerAccess, ) (*MasterConfig, error)
BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options
func (*MasterConfig) RouteAllocator ¶ added in v0.4.2
func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
RouteAllocator returns a route allocation controller.
func (*MasterConfig) Run ¶ added in v0.2.1
func (c *MasterConfig) Run(stopCh <-chan struct{}) error
Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it. TODO this method only exists to support the old openshift start path. It should be removed a little ways into 3.10.
func (*MasterConfig) RunDNSServer ¶ added in v0.4.2
func (c *MasterConfig) RunDNSServer()
RunDNSServer starts the DNS server
func (*MasterConfig) RunKubeAPIServer ¶
func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error
func (*MasterConfig) RunOpenShift ¶
func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error
type NonAPIExtraConfig ¶
type NonAPIExtraConfig struct {
OAuthMetadata []byte
}
type OpenshiftAPIConfig ¶
type OpenshiftAPIConfig struct { GenericConfig *genericapiserver.RecommendedConfig ExtraConfig OpenshiftAPIExtraConfig }
func (*OpenshiftAPIConfig) Complete ¶
func (c *OpenshiftAPIConfig) Complete() completedConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
type OpenshiftAPIExtraConfig ¶
type OpenshiftAPIExtraConfig struct { KubeAPIServerClientConfig *restclient.Config KubeClientInternal kclientsetinternal.Interface KubeletClientConfig *kubeletclient.KubeletClientConfig KubeInternalInformers kinternalinformers.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory // these are all required to build our storage RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator rbacauthorizer.SubjectLocator // for Images LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the internal and external hostname of // the integrated registry, or false if no such registry is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever AllowedRegistriesForImport *configapi.AllowedRegistries MaxImagesBulkImportedPerRepository int RouteAllocator *routeallocationcontroller.RouteAllocationController ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ProjectRequestTemplate string ProjectRequestMessage string // oauth API server ServiceAccountMethod configapi.GrantHandlerType ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController // SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix, // so we have to have it special cased here to point to the right spot. SCCStorage *sccstorage.REST }
func (*OpenshiftAPIExtraConfig) Validate ¶
func (c *OpenshiftAPIExtraConfig) Validate() error
Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now
type OpenshiftAPIServer ¶
type OpenshiftAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.
type OpenshiftNonAPIConfig ¶
type OpenshiftNonAPIConfig struct { GenericConfig *genericapiserver.RecommendedConfig ExtraConfig NonAPIExtraConfig }
func (*OpenshiftNonAPIConfig) Complete ¶
func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
type OpenshiftNonAPIServer ¶
type OpenshiftNonAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftNonAPIServer serves non-API endpoints for openshift.
type SecurityAllocationController ¶
type SecurityAllocationController struct { SecurityAllocator *configapi.SecurityAllocator OpenshiftRESTOptionsGetter restoptions.Getter ExternalKubeInformers kexternalinformers.SharedInformerFactory KubeExternalClient kclientsetexternal.Interface }
func (SecurityAllocationController) RunSecurityAllocationController ¶
func (c SecurityAllocationController) RunSecurityAllocationController()
RunSecurityAllocationController starts the security allocation controller process.
type ServiceResolver ¶
A ServiceResolver knows how to get a URL given a service.
type TooManyThreadsStuckHealth ¶
type TooManyThreadsStuckHealth struct {
// contains filtered or unexported fields
}
TooManyThreadsStuckHealth is a health checker that indicates when we have too many thread in a particular method. This condition usually indicates that we got stuck and we should restart ourselves
func NewGRPCStuckThreads ¶
func NewGRPCStuckThreads() *TooManyThreadsStuckHealth
func (*TooManyThreadsStuckHealth) Check ¶
func (h *TooManyThreadsStuckHealth) Check(req *http.Request) error
func (*TooManyThreadsStuckHealth) Count ¶
func (h *TooManyThreadsStuckHealth) Count() int
func (*TooManyThreadsStuckHealth) Name ¶
func (h *TooManyThreadsStuckHealth) Name() string