Documentation ¶
Overview ¶
Package origin provides objects for creating an OpenShift Origin server
Index ¶
- Variables
- func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
- func NewAuthenticator(options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, ...) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)
- func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer
- func NewInformers(options configapi.MasterConfig) (*informerHolder, error)
- func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)
- func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver
- func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, ...) (*serviceProxyHandler, error)
- func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator
- func PanicOnGRPCStuckThreads(interval time.Duration, stopCh <-chan struct{})
- func StartProfiler()
- func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler
- type CompletedConfig
- type CompletedOpenshiftNonAPIConfig
- type GenericResourceInformer
- type InformerAccess
- type MasterConfig
- func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
- func (c *MasterConfig) Run(stopCh <-chan struct{}) error
- func (c *MasterConfig) RunDNSServer()
- func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error
- func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error
- type NonAPIExtraConfig
- type OpenshiftAPIConfig
- type OpenshiftAPIExtraConfig
- type OpenshiftAPIServer
- type OpenshiftNonAPIConfig
- type OpenshiftNonAPIServer
- type SecurityAllocationController
- type ServiceResolver
- type TooManyThreadsStuckHealth
Constants ¶
This section is empty.
Variables ¶
var ( // OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema. // This list should not grow and adding a new types to the locked Origin API schema will // cause a unit test failure. OriginLegacyKinds = sets.NewString( "AppliedClusterResourceQuota", "AppliedClusterResourceQuotaList", "BinaryBuildRequestOptions", "Build", "BuildConfig", "BuildConfigList", "BuildList", "BuildLog", "BuildLogOptions", "BuildRequest", "ClusterNetwork", "ClusterNetworkList", "ClusterPolicy", "ClusterPolicyBinding", "ClusterPolicyBindingList", "ClusterPolicyList", "ClusterResourceQuota", "ClusterResourceQuotaList", "ClusterRole", "ClusterRoleBinding", "ClusterRoleBindingList", "ClusterRoleList", "DeploymentConfig", "DeploymentConfigList", "DeploymentConfigRollback", "DeploymentLog", "DeploymentLogOptions", "DeploymentRequest", "EgressNetworkPolicy", "EgressNetworkPolicyList", "Group", "GroupList", "HostSubnet", "HostSubnetList", "Identity", "IdentityList", "Image", "ImageList", "ImageSignature", "ImageStream", "ImageStreamImage", "ImageStreamImport", "ImageStreamList", "ImageStreamMapping", "ImageStreamTag", "ImageStreamTagList", "IsPersonalSubjectAccessReview", "LocalResourceAccessReview", "LocalSubjectAccessReview", "NetNamespace", "NetNamespaceList", "OAuthAccessToken", "OAuthAccessTokenList", "OAuthAuthorizeToken", "OAuthAuthorizeTokenList", "OAuthClient", "OAuthClientAuthorization", "OAuthClientAuthorizationList", "OAuthClientList", "OAuthRedirectReference", "PodSecurityPolicyReview", "PodSecurityPolicySelfSubjectReview", "PodSecurityPolicySubjectReview", "Policy", "PolicyBinding", "PolicyBindingList", "PolicyList", "ProcessedTemplate", "Project", "ProjectList", "ProjectRequest", "ResourceAccessReview", "ResourceAccessReviewResponse", "Role", "RoleBinding", "RoleBindingList", "RoleBindingRestriction", "RoleBindingRestrictionList", "RoleList", "Route", "RouteList", "SelfSubjectRulesReview", "SubjectAccessReview", "SubjectAccessReviewResponse", "SubjectRulesReview", "Template", "TemplateConfig", "TemplateList", "User", "UserIdentityMapping", "UserList", ) // OriginLegacyResources lists all Origin resources that are locked for the legacy v1 // Origin API. This list should not grow. OriginLegacyResources = sets.NewString( "appliedClusterResourceQuotas", "buildConfigs", "builds", "clusterNetworks", "clusterPolicies", "clusterPolicyBindings", "clusterResourceQuotas", "clusterRoleBindings", "clusterRoles", "deploymentConfigRollbacks", "deploymentConfigs", "egressNetworkPolicies", "groups", "hostSubnets", "identities", "imageStreamImages", "imageStreamImports", "imageStreamMappings", "imageStreamTags", "imageStreams", "images", "imagesignatures", "localResourceAccessReviews", "localSubjectAccessReviews", "netNamespaces", "oAuthAccessTokens", "oAuthAuthorizeTokens", "oAuthClientAuthorizations", "oAuthClients", "podSecurityPolicyReviews", "podSecurityPolicySelfSubjectReviews", "podSecurityPolicySubjectReviews", "policies", "policyBindings", "processedTemplates", "projectRequests", "projects", "resourceAccessReviews", "roleBindingRestrictions", "roleBindings", "roles", "routes", "selfSubjectRulesReviews", "subjectAccessReviews", "subjectRulesReviews", "templates", "userIdentityMappings", "users", ) // OriginLegacySubresources lists all Origin sub-resources that are locked for the // legacy v1 Origin API. This list should not grow. OriginLegacySubresources = sets.NewString( "clusterResourceQuotas/status", "processedTemplates", "imageStreams/status", "imageStreams/secrets", "generateDeploymentConfigs", "deploymentConfigs/log", "deploymentConfigs/instantiate", "deploymentConfigs/scale", "deploymentConfigs/status", "deploymentConfigs/rollback", "routes/status", "builds/clone", "builds/log", "builds/details", "buildConfigs/webhooks", "buildConfigs/instantiate", "buildConfigs/instantiatebinary", ) )
var GRPCThreadLimit = 0
Functions ¶
func LegacyStorage ¶
LegacyStorage returns a storage for locked legacy types.
func NewAuthenticator ¶
func NewAuthenticator( options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, informers InformerAccess, ) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)
func NewAuthorizer ¶
func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer
func NewInformers ¶
func NewInformers(options configapi.MasterConfig) (*informerHolder, error)
NewInformers is only exposed for the build's integration testing until it can be fixed more appropriately.
func NewOAuthServerConfigFromMasterConfig ¶
func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)
TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start
func NewRuleResolver ¶
func NewRuleResolver(informers rbacinformers.Interface) rbacregistryvalidation.AuthorizationRuleResolver
func NewServiceProxyHandler ¶
func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, caBundle []byte, applicationDisplayName string) (*serviceProxyHandler, error)
NewServiceProxyHandler is a simple proxy that doesn't handle upgrades, passes headers directly through, and doesn't assert any identity.
func NewSubjectLocator ¶
func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator
func PanicOnGRPCStuckThreads ¶
func StartProfiler ¶
func StartProfiler()
Types ¶
type CompletedConfig ¶
type CompletedConfig struct {
// contains filtered or unexported fields
}
func (CompletedConfig) New ¶
func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftAPIServer, error)
type CompletedOpenshiftNonAPIConfig ¶
type CompletedOpenshiftNonAPIConfig struct {
// contains filtered or unexported fields
}
func (CompletedOpenshiftNonAPIConfig) New ¶
func (c CompletedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftNonAPIServer, error)
type GenericResourceInformer ¶
type GenericResourceInformer interface { ForResource(resource schema.GroupVersionResource) (kexternalinformers.GenericInformer, error) Start(stopCh <-chan struct{}) }
type InformerAccess ¶
type InformerAccess interface { GetInternalKubeInformers() kinternalinformers.SharedInformerFactory GetExternalKubeInformers() kinformers.SharedInformerFactory GetClientGoKubeInformers() kubeclientgoinformers.SharedInformerFactory GetAppInformers() appinformer.SharedInformerFactory GetAuthorizationInformers() authorizationinformer.SharedInformerFactory GetBuildInformers() buildinformer.SharedInformerFactory GetImageInformers() imageinformer.SharedInformerFactory GetNetworkInformers() networkinformer.SharedInformerFactory GetOauthInformers() oauthinformer.SharedInformerFactory GetQuotaInformers() quotainformer.SharedInformerFactory GetSecurityInformers() securityinformer.SharedInformerFactory GetRouteInformers() routeinformer.SharedInformerFactory GetUserInformers() userinformer.SharedInformerFactory GetTemplateInformers() templateinformer.SharedInformerFactory ToGenericInformer() GenericResourceInformer Start(stopCh <-chan struct{}) }
type MasterConfig ¶
type MasterConfig struct { Options configapi.MasterConfig // RESTOptionsGetter provides access to storage and RESTOptions for a particular resource RESTOptionsGetter restoptions.Getter RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator rbacauthorizer.SubjectLocator ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry // is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever KubeletClientConfig *kubeletclient.KubeletClientConfig // PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components // To apply different access control to a system component, create a client config specifically for that component. PrivilegedLoopbackClientConfig restclient.Config // PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface // PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface AuditBackend audit.Backend // TODO inspect uses to eliminate them InternalKubeInformers kinternalinformers.SharedInformerFactory ClientGoKubeInformers kubeclientgoinformers.SharedInformerFactory AuthorizationInformers authorizationinformer.SharedInformerFactory RouteInformers routeinformer.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory // contains filtered or unexported fields }
MasterConfig defines the required parameters for starting the OpenShift master
func BuildMasterConfig ¶ added in v0.3.3
func BuildMasterConfig( options configapi.MasterConfig, informers InformerAccess, ) (*MasterConfig, error)
BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options
func (*MasterConfig) RouteAllocator ¶ added in v0.4.2
func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
RouteAllocator returns a route allocation controller.
func (*MasterConfig) Run ¶ added in v0.2.1
func (c *MasterConfig) Run(stopCh <-chan struct{}) error
Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it. TODO this method only exists to support the old openshift start path. It should be removed a little ways into 3.10.
func (*MasterConfig) RunDNSServer ¶ added in v0.4.2
func (c *MasterConfig) RunDNSServer()
RunDNSServer starts the DNS server
func (*MasterConfig) RunKubeAPIServer ¶
func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error
func (*MasterConfig) RunOpenShift ¶
func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error
type NonAPIExtraConfig ¶
type NonAPIExtraConfig struct {
OAuthMetadata []byte
}
type OpenshiftAPIConfig ¶
type OpenshiftAPIConfig struct { GenericConfig *genericapiserver.RecommendedConfig ExtraConfig OpenshiftAPIExtraConfig }
func (*OpenshiftAPIConfig) Complete ¶
func (c *OpenshiftAPIConfig) Complete() completedConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
type OpenshiftAPIExtraConfig ¶
type OpenshiftAPIExtraConfig struct { KubeAPIServerClientConfig *restclient.Config KubeClientInternal kclientsetinternal.Interface KubeletClientConfig *kubeletclient.KubeletClientConfig KubeInternalInformers kinternalinformers.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory // these are all required to build our storage RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator rbacauthorizer.SubjectLocator // for Images LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the internal and external hostname of // the integrated registry, or false if no such registry is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever AllowedRegistriesForImport *configapi.AllowedRegistries MaxImagesBulkImportedPerRepository int RouteAllocator *routeallocationcontroller.RouteAllocationController ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ProjectRequestTemplate string ProjectRequestMessage string // oauth API server ServiceAccountMethod configapi.GrantHandlerType ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController // SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix, // so we have to have it special cased here to point to the right spot. SCCStorage *sccstorage.REST }
func (*OpenshiftAPIExtraConfig) Validate ¶
func (c *OpenshiftAPIExtraConfig) Validate() error
Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now
type OpenshiftAPIServer ¶
type OpenshiftAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.
type OpenshiftNonAPIConfig ¶
type OpenshiftNonAPIConfig struct { GenericConfig *genericapiserver.RecommendedConfig ExtraConfig NonAPIExtraConfig }
func (*OpenshiftNonAPIConfig) Complete ¶
func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
type OpenshiftNonAPIServer ¶
type OpenshiftNonAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftNonAPIServer serves non-API endpoints for openshift.
type SecurityAllocationController ¶
type SecurityAllocationController struct { SecurityAllocator *configapi.SecurityAllocator OpenshiftRESTOptionsGetter restoptions.Getter ExternalKubeInformers kexternalinformers.SharedInformerFactory KubeExternalClient kclientsetexternal.Interface }
func (SecurityAllocationController) RunSecurityAllocationController ¶
func (c SecurityAllocationController) RunSecurityAllocationController()
RunSecurityAllocationController starts the security allocation controller process.
type ServiceResolver ¶
A ServiceResolver knows how to get a URL given a service.
type TooManyThreadsStuckHealth ¶
type TooManyThreadsStuckHealth struct {
// contains filtered or unexported fields
}
TooManyThreadsStuckHealth is a health checker that indicates when we have too many thread in a particular method. This condition usually indicates that we got stuck and we should restart ourselves
func NewGRPCStuckThreads ¶
func NewGRPCStuckThreads() *TooManyThreadsStuckHealth
func (*TooManyThreadsStuckHealth) Check ¶
func (h *TooManyThreadsStuckHealth) Check(req *http.Request) error
func (*TooManyThreadsStuckHealth) Count ¶
func (h *TooManyThreadsStuckHealth) Count() int
func (*TooManyThreadsStuckHealth) Name ¶
func (h *TooManyThreadsStuckHealth) Name() string