origin

package
v3.6.164-1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 21, 2017 License: Apache-2.0 Imports: 285 Imported by: 0

Documentation

Overview

Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

View Source
const (
	OpenShiftOAuthCallbackPrefix = "/oauth2callback"
	OpenShiftWebConsoleClientID  = "openshift-web-console"
	OpenShiftBrowserClientID     = "openshift-browser-client"
	OpenShiftCLIClientID         = "openshift-challenging-client"
)

Variables

View Source
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterPolicy",
		"ClusterPolicyBinding",
		"ClusterPolicyBindingList",
		"ClusterPolicyList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"Policy",
		"PolicyBinding",
		"PolicyBindingList",
		"PolicyList",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterPolicies",
		"clusterPolicyBindings",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source
var (

	// KubeAdmissionPlugins gives the in-order default admission chain for kube resources.
	KubeAdmissionPlugins = []string{
		lifecycle.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}

	// CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources.
	// When possible, this list is used.  The set of openshift+kube chains must exactly match this set.  In addition,
	// the order specified in the openshift and kube chains must match the order here.
	CombinedAdmissionControlPlugins = []string{
		lifecycle.PluginName,
		"ProjectRequestLimit",
		"OriginNamespaceLifecycle",
		"openshift.io/RestrictSubjectBindings",
		"PodNodeConstraints",
		"openshift.io/JenkinsBootstrapper",
		"openshift.io/BuildConfigSecretInjector",
		"BuildByStrategy",
		imageadmission.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}
)

Functions

func CreateOrUpdateDefaultOAuthClients added in v0.2.1

func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error

func LegacyStorage

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewLeaderElection

NewLeaderElection returns a plug that blocks controller startup until the lease is acquired and a function that will start the process to attain the lease. There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a service endpoints object in the kube-system namespace. The legacy mode will periodically poll to see if the endpoints object exists, and if so will stand down, allowing newer controllers to take over.

func RunControllerServer

func RunControllerServer(servingInfo configapi.HTTPServingInfo, kubeInternal kclientsetinternal.Interface) error

TODO refactor this out of this package and split apiserver and controllers for good!

func WithAssetServerRedirect added in v1.5.0

func WithAssetServerRedirect(handler http.Handler, assetPublicURL string) http.Handler

If we know the location of the asset server, redirect to it when / is requested and the Accept header supports text/html

func WithPatternsHandler added in v1.5.0

func WithPatternsHandler(handler http.Handler, patternHandler http.Handler, patterns ...string) http.Handler

Types

type AssetConfig added in v0.4.2

type AssetConfig struct {
	Options               oapi.AssetConfig
	LimitRequestOverrides *api.ClusterResourceOverrideConfig
}

AssetConfig defines the required parameters for starting the OpenShift master

func NewAssetConfig added in v1.1.3

func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)

NewAssetConfig returns a new AssetConfig

func (*AssetConfig) Run added in v0.4.2

func (c *AssetConfig) Run()

Run starts an http server for the static assets listening on the configured bind address

func (*AssetConfig) WithAssets added in v1.5.0

func (c *AssetConfig) WithAssets(handler http.Handler) (http.Handler, error)

WithAssets decorates a handler by serving static assets for the subpath of the public URL and passing through all other requests to the given handler.

type AuthConfig

type AuthConfig struct {
	Options configapi.OAuthConfig

	// AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console
	AssetPublicAddresses []string

	// KubeClient is kubeclient with enough permission for the auth API
	KubeClient kclientset.Interface

	// OpenShiftClient is osclient with enough permission for the auth API
	OpenShiftClient osclient.Interface

	// RESTOptionsGetter provides storage and RESTOption lookup
	RESTOptionsGetter restoptions.Getter

	// EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend.
	// These are only used to ensure newly created tokens are distributed to all backends before returning them for use.
	// EtcdHelper should normally be used for storage functions.
	EtcdBackends []storage.Interface

	UserRegistry     userregistry.Registry
	IdentityRegistry identityregistry.Registry

	SessionAuth *session.Authenticator

	HandlerWrapper handlerWrapper
}

func BuildAuthConfig added in v0.4.2

func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)

func (*AuthConfig) NewOpenShiftOAuthClientConfig added in v0.2.1

func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig

NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client

func (*AuthConfig) WithOAuth added in v1.5.0

func (c *AuthConfig) WithOAuth(handler http.Handler) (http.Handler, error)

WithOAuth decorates the given handler by serving the OAuth2 endpoints while passing through all other requests to the given handler.

type InformerAccess

type InformerAccess interface {
	GetInternalKubeInformers() kinternalinformers.SharedInformerFactory
	GetExternalKubeInformers() kinformers.SharedInformerFactory
	GetAuthorizationInformers() authorizationinformer.SharedInformerFactory
	GetAppInformers() appinformer.SharedInformerFactory
	GetBuildInformers() buildinformer.SharedInformerFactory
	GetImageInformers() imageinformer.SharedInformerFactory
	GetQuotaInformers() quotainformer.SharedInformerFactory
	GetSecurityInformers() securityinformer.SharedInformerFactory
	GetTemplateInformers() templateinformer.SharedInformerFactory
}

type LastSyncResourceVersioner

type LastSyncResourceVersioner interface {
	LastSyncResourceVersion() string
}

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rulevalidation.AuthorizationRuleResolver
	Authenticator  authenticator.Request
	Authorizer     kauthorizer.Authorizer
	SubjectLocator authorizer.SubjectLocator

	// TODO(sttts): replace AuthorizationAttributeBuilder with apiserverfilters.NewRequestAttributeGetter
	AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder

	GroupCache                    *usercache.GroupCache
	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RequestContextMapper maps requests to contexts
	RequestContextMapper apirequest.RequestContextMapper

	AdmissionControl admission.Interface

	// KubeAdmissionControl holds the kube admission chain.  Because of the way the plugin initializer is built
	// you'll be passing information in this direction either way.  Knowing how to build this chain requires knowledge
	// of both the origin config AND the kube config, so this spot makes more sense.
	KubeAdmissionControl admission.Interface

	TLS bool

	// ImageFor is a function that returns the appropriate image to use for a named component
	ImageFor func(component string) string
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn imageapi.DefaultRegistryFunc

	// ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed
	// without all clients being aware of the new version.
	ExternalVersionCodec runtime.Codec

	KubeletClientConfig *kubeletclient.KubeletClientConfig

	// ClientCAs will be used to request client certificates in connections to the API.
	// This CertPool should contain all the CAs that will be used for client certificate verification.
	ClientCAs *x509.CertPool
	// APIClientCAs is used to verify client certificates presented for API auth
	APIClientCAs *x509.CertPool

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface
	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods.
	// To apply different access control to a system component, create a separate client/config specifically
	// for that component.
	PrivilegedLoopbackOpenShiftClient *osclient.Client

	// TODO inspect uses to eliminate them
	InternalKubeInformers  kinternalinformers.SharedInformerFactory
	ExternalKubeInformers  kinformers.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	AppInformers           appinformer.SharedInformerFactory
	BuildInformers         buildinformer.SharedInformerFactory
	ImageInformers         imageinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	SecurityInformers      securityinformer.SharedInformerFactory
	TemplateInformers      templateinformer.SharedInformerFactory
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig added in v0.3.3

func BuildMasterConfig(options configapi.MasterConfig, informers InformerAccess) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) InitializeObjects added in v1.0.5

func (c *MasterConfig) InitializeObjects()

InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.

func (*MasterConfig) KubeClientsetExternal

func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) KubeClientsetInternal

func (c *MasterConfig) KubeClientsetInternal() kclientsetinternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) OAuthServerClients added in v1.4.0

func (c *MasterConfig) OAuthServerClients() (*osclient.Client, kclientsetinternal.Interface)

OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged

func (*MasterConfig) PolicyClient added in v0.3.2

func (c *MasterConfig) PolicyClient() *osclient.Client

PolicyClient returns the policy client object It must have the following capabilities:

list, watch all policyBindings in all namespaces
list, watch all policies in all namespaces
create resourceAccessReviews in all namespaces

func (*MasterConfig) RouteAllocator added in v0.4.2

RouteAllocator returns a route allocation controller.

func (*MasterConfig) RouteAllocatorClients added in v0.6.1

func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface)

RouteAllocatorClients returns the route allocator client objects

func (*MasterConfig) Run added in v0.2.1

func (c *MasterConfig) Run(kubeAPIServerConfig *kubeapiserver.Config, assetConfig *AssetConfig, controllerPlug plug.Plug, stopCh <-chan struct{})

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.

func (*MasterConfig) RunAssetServer

func (c *MasterConfig) RunAssetServer()

RunAssetServer starts the asset server for the OpenShift UI.

func (*MasterConfig) RunDNSServer added in v0.4.2

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunGroupCache added in v1.0.5

func (c *MasterConfig) RunGroupCache()

RunGroupCache starts the group cache

func (*MasterConfig) RunProjectAuthorizationCache added in v0.3.2

func (c *MasterConfig) RunProjectAuthorizationCache()

RunProjectAuthorizationCache starts the project authorization cache

func (*MasterConfig) RunProjectCache added in v0.5.1

func (c *MasterConfig) RunProjectCache()

RunProjectCache populates project cache, used by scheduler and project admission controller.

func (*MasterConfig) SecurityAllocationControllerClient added in v0.6.1

func (c *MasterConfig) SecurityAllocationControllerClient() kclientsetexternal.Interface

SecurityAllocationControllerClient returns the security allocation controller client object

func (*MasterConfig) ServiceAccountRoleBindingClient added in v0.5.4

func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client

ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:

get, list, update, create policyBindings and clusterPolicyBindings in all namespaces

func (*MasterConfig) WebConsoleEnabled added in v1.0.5

func (c *MasterConfig) WebConsoleEnabled() bool

WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.

type OpenshiftAPIConfig

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.Config

	KubeClientExternal    kclientsetexternal.Interface
	KubeClientInternal    kclientsetinternal.Interface
	KubeletClientConfig   *kubeletclient.KubeletClientConfig
	KubeInternalInformers kinternalinformers.SharedInformerFactory

	AuthorizationInformers authorizationinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	SecurityInformers      securityinformer.SharedInformerFactory

	// DeprecatedInformers is a shared factory for getting old style openshift informers
	DeprecatedOpenshiftClient *osclient.Client

	// these are all required to build our storage
	RuleResolver   rulevalidation.AuthorizationRuleResolver
	SubjectLocator authorizer.SubjectLocator
	LimitVerifier  imageadmission.LimitVerifier
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn                     imageapi.DefaultRegistryFunc
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	EnableBuilds bool

	ServiceAccountMethod configapi.GrantHandlerType

	EnableTemplateServiceBroker bool

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController

	// SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix,
	// so we have to have it special cased here to point to the right spot.
	SCCStorage *sccstorage.REST
}

func (*OpenshiftAPIConfig) Complete

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (OpenshiftAPIConfig) GetRestStorage

func (c OpenshiftAPIConfig) GetRestStorage() (map[schema.GroupVersion]map[string]rest.Storage, error)

TODO this function needs to be broken apart with each API group owning their own storage, probably with two method per API group to give us legacy and current storage

func (*OpenshiftAPIConfig) SkipComplete

func (c *OpenshiftAPIConfig) SkipComplete() completedConfig

SkipComplete provides a way to construct a server instance without config completion.

func (*OpenshiftAPIConfig) Validate

func (c *OpenshiftAPIConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.Config

	// these are only needed for the controller endpoint which should be moved out and made an optional
	// add-on in the chain (as the final delegate) when running an all-in-one
	ControllerPlug plug.Plug

	MasterPublicURL string
	EnableOAuth     bool

	// these are only needed for the template service broker, which should move out
	KubeClientInternal          kclientsetinternal.Interface
	EnableTemplateServiceBroker bool
	TemplateInformers           templateinformer.SharedInformerFactory
	TemplateNamespaces          []string
}

func (*OpenshiftNonAPIConfig) Complete

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (*OpenshiftNonAPIConfig) SkipComplete

func (c *OpenshiftNonAPIConfig) SkipComplete() completedOpenshiftNonAPIConfig

SkipComplete provides a way to construct a server instance without config completion.

type OpenshiftNonAPIServer

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

type SecurityAllocationController

type SecurityAllocationController struct {
	SecurityAllocator          *configapi.SecurityAllocator
	OpenshiftRESTOptionsGetter restoptions.Getter
	ExternalKubeInformers      kexternalinformers.SharedInformerFactory
	KubeExternalClient         kclientsetexternal.Interface
}

func (SecurityAllocationController) RunSecurityAllocationController

func (c SecurityAllocationController) RunSecurityAllocationController()

RunSecurityAllocationController starts the security allocation controller process.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL