origin

package
v3.6.112-1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2017 License: Apache-2.0 Imports: 306 Imported by: 0

Documentation

Overview

Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

View Source
const (
	OpenShiftOAuthAPIPrefix = "/oauth"

	OpenShiftOAuthCallbackPrefix = "/oauth2callback"
	OpenShiftWebConsoleClientID  = "openshift-web-console"
	OpenShiftBrowserClientID     = "openshift-browser-client"
	OpenShiftCLIClientID         = "openshift-challenging-client"
)

Variables

View Source
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterPolicy",
		"ClusterPolicyBinding",
		"ClusterPolicyBindingList",
		"ClusterPolicyList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"Policy",
		"PolicyBinding",
		"PolicyBindingList",
		"PolicyList",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterPolicies",
		"clusterPolicyBindings",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source
var (

	// KubeAdmissionPlugins gives the in-order default admission chain for kube resources.
	KubeAdmissionPlugins = []string{
		lifecycle.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}

	// CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources.
	// When possible, this list is used.  The set of openshift+kube chains must exactly match this set.  In addition,
	// the order specified in the openshift and kube chains must match the order here.
	CombinedAdmissionControlPlugins = []string{
		lifecycle.PluginName,
		"ProjectRequestLimit",
		"OriginNamespaceLifecycle",
		"openshift.io/RestrictSubjectBindings",
		"PodNodeConstraints",
		"openshift.io/JenkinsBootstrapper",
		"openshift.io/BuildConfigSecretInjector",
		"BuildByStrategy",
		imageadmission.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}
)

Functions

func CreateOrUpdateDefaultOAuthClients added in v0.2.1

func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error

func LegacyStorage

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewLeaderElection

NewLeaderElection returns a plug that blocks controller startup until the lease is acquired and a function that will start the process to attain the lease. There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a service endpoints object in the kube-system namespace. The legacy mode will periodically poll to see if the endpoints object exists, and if so will stand down, allowing newer controllers to take over.

func OpenShiftOAuthAuthorizeURL added in v0.2.2

func OpenShiftOAuthAuthorizeURL(masterAddr string) string

func OpenShiftOAuthTokenRequestURL added in v0.4.4

func OpenShiftOAuthTokenRequestURL(masterAddr string) string

func OpenShiftOAuthTokenURL added in v0.2.2

func OpenShiftOAuthTokenURL(masterAddr string) string

func WithAssetServerRedirect added in v1.5.0

func WithAssetServerRedirect(handler http.Handler, assetPublicURL string) http.Handler

If we know the location of the asset server, redirect to it when / is requested and the Accept header supports text/html

func WithPatternsHandler added in v1.5.0

func WithPatternsHandler(handler http.Handler, patternHandler http.Handler, patterns ...string) http.Handler

Types

type AssetConfig added in v0.4.2

type AssetConfig struct {
	Options               oapi.AssetConfig
	LimitRequestOverrides *api.ClusterResourceOverrideConfig
}

AssetConfig defines the required parameters for starting the OpenShift master

func NewAssetConfig added in v1.1.3

func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)

NewAssetConfig returns a new AssetConfig

func (*AssetConfig) Run added in v0.4.2

func (c *AssetConfig) Run()

Run starts an http server for the static assets listening on the configured bind address

func (*AssetConfig) WithAssets added in v1.5.0

func (c *AssetConfig) WithAssets(handler http.Handler) (http.Handler, error)

WithAssets decorates a handler by serving static assets for the subpath of the public URL and passing through all other requests to the given handler.

type AuthConfig

type AuthConfig struct {
	Options configapi.OAuthConfig

	// AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console
	AssetPublicAddresses []string

	// KubeClient is kubeclient with enough permission for the auth API
	KubeClient kclientset.Interface

	// OpenShiftClient is osclient with enough permission for the auth API
	OpenShiftClient osclient.Interface

	// RESTOptionsGetter provides storage and RESTOption lookup
	RESTOptionsGetter restoptions.Getter

	// EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend.
	// These are only used to ensure newly created tokens are distributed to all backends before returning them for use.
	// EtcdHelper should normally be used for storage functions.
	EtcdBackends []storage.Interface

	UserRegistry     userregistry.Registry
	IdentityRegistry identityregistry.Registry

	SessionAuth *session.Authenticator

	HandlerWrapper handlerWrapper
}

func BuildAuthConfig added in v0.4.2

func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)

func (*AuthConfig) NewOpenShiftOAuthClientConfig added in v0.2.1

func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig

NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client

func (*AuthConfig) WithOAuth added in v1.5.0

func (c *AuthConfig) WithOAuth(handler http.Handler) (http.Handler, error)

WithOAuth decorates the given handler by serving the OAuth2 endpoints while passing through all other requests to the given handler.

type LastSyncResourceVersioner

type LastSyncResourceVersioner interface {
	LastSyncResourceVersion() string
}

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rulevalidation.AuthorizationRuleResolver
	Authenticator  authenticator.Request
	Authorizer     kauthorizer.Authorizer
	SubjectLocator authorizer.SubjectLocator

	// TODO(sttts): replace AuthorizationAttributeBuilder with apiserverfilters.NewRequestAttributeGetter
	AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder

	GroupCache                    *usercache.GroupCache
	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RequestContextMapper maps requests to contexts
	RequestContextMapper apirequest.RequestContextMapper

	AdmissionControl admission.Interface

	// KubeAdmissionControl holds the kube admission chain.  Because of the way the plugin initializer is built
	// you'll be passing information in this direction either way.  Knowing how to build this chain requires knowledge
	// of both the origin config AND the kube config, so this spot makes more sense.
	KubeAdmissionControl admission.Interface

	TLS bool

	ControllerPlug      plug.Plug
	ControllerPlugStart func()

	// ImageFor is a function that returns the appropriate image to use for a named component
	ImageFor func(component string) string
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn imageapi.DefaultRegistryFunc

	// ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed
	// without all clients being aware of the new version.
	ExternalVersionCodec runtime.Codec

	KubeletClientConfig *kubeletclient.KubeletClientConfig

	// ClientCAs will be used to request client certificates in connections to the API.
	// This CertPool should contain all the CAs that will be used for client certificate verification.
	ClientCAs *x509.CertPool
	// APIClientCAs is used to verify client certificates presented for API auth
	APIClientCAs *x509.CertPool

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface
	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods.
	// To apply different access control to a system component, create a separate client/config specifically
	// for that component.
	PrivilegedLoopbackOpenShiftClient *osclient.Client

	// Informers is a shared factory for getting SharedInformers. It is important to get your informers, indexers, and listers
	// from here so that we only end up with a single cache of objects
	Informers shared.InformerFactory

	AppInformers           appinformer.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	ImageInformers         imageinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	TemplateInformers      templateinformer.SharedInformerFactory
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig added in v0.3.3

func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) BuildConfigChangeControllerClients added in v1.0.5

func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)

BuildConfigChangeControllerClients returns the build config change controller client objects

func (*MasterConfig) BuildConfigWebHookClient added in v0.6.1

func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client

BuildConfigWebHookClient returns the webhook client object

func (*MasterConfig) BuildControllerClients added in v0.2.1

BuildControllerClients returns the build controller client objects

func (*MasterConfig) BuildImageChangeTriggerControllerClients added in v0.6.1

func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface)

BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects

func (*MasterConfig) BuildLogClient added in v0.2.1

func (c *MasterConfig) BuildLogClient() kclientsetinternal.Interface

BuildLogClient returns the build log client object

func (*MasterConfig) DeploymentConfigClients added in v1.0.7

func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, kclientsetinternal.Interface)

DeploymentConfigClients returns deploymentConfig and deployment client objects

func (*MasterConfig) DeploymentConfigInstantiateClients added in v1.4.0

func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, kclientsetinternal.Interface)

func (*MasterConfig) DeploymentLogClient added in v1.0.7

func (c *MasterConfig) DeploymentLogClient() kclientsetinternal.Interface

DeploymentLogClient returns the deployment log client object

func (*MasterConfig) GetOpenShiftClientEnvVars

func (c *MasterConfig) GetOpenShiftClientEnvVars() ([]kapi.EnvVar, error)

func (*MasterConfig) GetServiceAccountClients added in v0.6.1

GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace

func (*MasterConfig) GetServiceAccountClientsWithConfig added in v1.5.0

func (*MasterConfig) ImageImportControllerClient added in v0.4.2

func (c *MasterConfig) ImageImportControllerClient() *osclient.Client

ImageImportControllerClient returns the deployment client object

func (*MasterConfig) ImageStreamImportSARClient

func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client

ImageStreamImportSARClient returns the client capable of performing self-SAR requests

func (*MasterConfig) ImageStreamImportSecretClient added in v1.1.2

func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client

ImageStreamImportSecretClient returns the client capable of retrieving image secrets for a namespace

func (*MasterConfig) ImageStreamSecretClient added in v1.1.2

func (c *MasterConfig) ImageStreamSecretClient() kclientsetinternal.Interface

ImageStreamSecretClient returns the client capable of retrieving secrets for an image secret wrapper

func (*MasterConfig) InitializeObjects added in v1.0.5

func (c *MasterConfig) InitializeObjects()

InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.

func (*MasterConfig) KubeClientsetExternal

func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) KubeClientsetInternal

func (c *MasterConfig) KubeClientsetInternal() kclientsetinternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) NewOpenShiftControllerPreStartInitializers

func (c *MasterConfig) NewOpenShiftControllerPreStartInitializers() (map[string]controller.InitFunc, error)

NewOpenShiftControllerPreStartInitializers returns list of initializers for controllers that needed to be run before any other controller is started. Typically this has to done for the serviceaccount-token controller as it provides tokens to other controllers.

func (*MasterConfig) NewOpenshiftControllerInitializers

func (c *MasterConfig) NewOpenshiftControllerInitializers() (map[string]controller.InitFunc, error)

func (*MasterConfig) OAuthServerClients added in v1.4.0

func (c *MasterConfig) OAuthServerClients() (*osclient.Client, kclientsetinternal.Interface)

OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged

func (*MasterConfig) OriginNamespaceControllerClient

func (c *MasterConfig) OriginNamespaceControllerClient() kclientsetinternal.Interface

OriginNamespaceControllerClient returns a client for openshift and kubernetes. The kubernetes client object must have authority to execute a finalize request on a namespace

func (*MasterConfig) PolicyClient added in v0.3.2

func (c *MasterConfig) PolicyClient() *osclient.Client

PolicyClient returns the policy client object It must have the following capabilities:

list, watch all policyBindings in all namespaces
list, watch all policies in all namespaces
create resourceAccessReviews in all namespaces

func (*MasterConfig) ResourceQuotaManagerClients added in v1.1.4

ResourceQuotaManagerClients returns the client capable of retrieving resources needed for resource quota evaluation

func (*MasterConfig) RouteAllocator added in v0.4.2

RouteAllocator returns a route allocation controller.

func (*MasterConfig) RouteAllocatorClients added in v0.6.1

func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface)

RouteAllocatorClients returns the route allocator client objects

func (*MasterConfig) Run added in v0.2.1

func (c *MasterConfig) Run(kubeAPIServerConfig *kubeapiserver.Config, assetConfig *AssetConfig, stopCh <-chan struct{})

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.

func (*MasterConfig) RunAssetServer

func (c *MasterConfig) RunAssetServer()

RunAssetServer starts the asset server for the OpenShift UI.

func (*MasterConfig) RunClusterQuotaMappingController added in v1.3.0

func (c *MasterConfig) RunClusterQuotaMappingController()

func (*MasterConfig) RunClusterQuotaReconciliationController added in v1.3.0

func (c *MasterConfig) RunClusterQuotaReconciliationController()

func (*MasterConfig) RunDNSServer added in v0.4.2

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunGroupCache added in v1.0.5

func (c *MasterConfig) RunGroupCache()

RunGroupCache starts the group cache

func (*MasterConfig) RunHealth added in v1.0.5

func (c *MasterConfig) RunHealth() error

func (*MasterConfig) RunIngressIPController added in v1.3.0

func (c *MasterConfig) RunIngressIPController(internalKubeClientset kclientsetinternal.Interface, externalKubeClientset kclientsetexternal.Interface)

RunIngressIPController starts the ingress ip controller if IngressIPNetworkCIDR is configured.

func (*MasterConfig) RunOriginToRBACSyncControllers

func (c *MasterConfig) RunOriginToRBACSyncControllers()

func (*MasterConfig) RunProjectAuthorizationCache added in v0.3.2

func (c *MasterConfig) RunProjectAuthorizationCache()

RunProjectAuthorizationCache starts the project authorization cache

func (*MasterConfig) RunProjectCache added in v0.5.1

func (c *MasterConfig) RunProjectCache()

RunProjectCache populates project cache, used by scheduler and project admission controller.

func (*MasterConfig) RunResourceQuotaManager added in v1.1.4

func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)

RunResourceQuotaManager starts resource quota controller for OpenShift resources

func (*MasterConfig) RunSDNController added in v0.5.2

func (c *MasterConfig) RunSDNController()

RunSDNController runs openshift-sdn if the said network plugin is provided

func (*MasterConfig) RunSecurityAllocationController added in v0.5.4

func (c *MasterConfig) RunSecurityAllocationController()

RunSecurityAllocationController starts the security allocation controller process.

func (*MasterConfig) RunUnidlingController added in v1.3.0

func (c *MasterConfig) RunUnidlingController()

RunUnidlingController starts the unidling controller

func (*MasterConfig) SDNControllerClients added in v0.6.1

func (c *MasterConfig) SDNControllerClients() (*osclient.Client, kclientsetinternal.Interface)

SDNControllerClients returns the SDN controller client objects

func (*MasterConfig) SecurityAllocationControllerClient added in v0.6.1

func (c *MasterConfig) SecurityAllocationControllerClient() kclientsetinternal.Interface

SecurityAllocationControllerClient returns the security allocation controller client object

func (*MasterConfig) ServiceAccountRoleBindingClient added in v0.5.4

func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client

ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:

get, list, update, create policyBindings and clusterPolicyBindings in all namespaces

func (*MasterConfig) UnidlingControllerClients added in v1.3.0

UnidlingControllerClients returns the unidling controller clients

func (*MasterConfig) WebConsoleEnabled added in v1.0.5

func (c *MasterConfig) WebConsoleEnabled() bool

WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.

type OpenshiftAPIConfig

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.Config

	KubeClientExternal    kclientsetexternal.Interface
	KubeClientInternal    kclientsetinternal.Interface
	KubeletClientConfig   *kubeletclient.KubeletClientConfig
	KubeInternalInformers kinternalinformers.SharedInformerFactory

	AuthorizationInformers authorizationinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory

	// DeprecatedInformers is a shared factory for getting old style openshift informers
	DeprecatedOpenshiftClient *osclient.Client

	// these are all required to build our storage
	RuleResolver   rulevalidation.AuthorizationRuleResolver
	SubjectLocator authorizer.SubjectLocator
	LimitVerifier  imageadmission.LimitVerifier
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn                     imageapi.DefaultRegistryFunc
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	EnableBuilds bool

	ServiceAccountMethod configapi.GrantHandlerType

	EnableTemplateServiceBroker bool

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
}

func (*OpenshiftAPIConfig) Complete

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (OpenshiftAPIConfig) GetRestStorage

func (c OpenshiftAPIConfig) GetRestStorage() (map[schema.GroupVersion]map[string]rest.Storage, error)

TODO this function needs to be broken apart with each API group owning their own storage, probably with two method per API group to give us legacy and current storage

func (*OpenshiftAPIConfig) SkipComplete

func (c *OpenshiftAPIConfig) SkipComplete() completedConfig

SkipComplete provides a way to construct a server instance without config completion.

func (*OpenshiftAPIConfig) Validate

func (c *OpenshiftAPIConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.Config

	// these are only needed for the controller endpoint which should be moved out and made an optional
	// add-on in the chain (as the final delegate) when running an all-in-one
	EnableControllers bool
	ControllerPlug    plug.Plug

	MasterPublicURL string
	EnableOAuth     bool

	// these are only needed for the template service broker, which should move out
	KubeClientInternal          kclientsetinternal.Interface
	EnableTemplateServiceBroker bool
	TemplateInformers           templateinformer.SharedInformerFactory
	TemplateNamespaces          []string
}

func (*OpenshiftNonAPIConfig) Complete

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (*OpenshiftNonAPIConfig) SkipComplete

func (c *OpenshiftNonAPIConfig) SkipComplete() completedOpenshiftNonAPIConfig

SkipComplete provides a way to construct a server instance without config completion.

type OpenshiftNonAPIServer

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL