server

package
v0.26.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2024 License: Apache-2.0 Imports: 169 Imported by: 4

Documentation

Index

Constants

View Source
const KcpBootstrapperUserName = "system:kcp:bootstrapper"

Variables

View Source
var SystemCRDClusterName = logicalcluster.Name("system:system-crds")

SystemCRDClusterName is the logical cluster we install system CRDs into for now. These are needed to start wildcard informers until a "real" workspace gets them installed.

Functions

func IdentityFromContext added in v0.6.0

func IdentityFromContext(ctx context.Context) string

IdentityFromContext retrieves the APIExport identity from the context, if any.

func NewTableConverterProvider added in v0.6.0

func NewTableConverterProvider() *tableConverterProvider

func UserAgentFrom added in v0.6.0

func UserAgentFrom(ctx context.Context) string

func WithHomeWorkspaces added in v0.6.0

func WithHomeWorkspaces(
	apiHandler http.Handler,
	a authorizer.Authorizer,
	kubeClusterClient kcpkubernetesclientset.ClusterInterface,
	kcpClusterClient kcpclientset.ClusterInterface,
	kubeSharedInformerFactory kcpkubernetesinformers.SharedInformerFactory,
	kcpSharedInformerFactory kcpinformers.SharedInformerFactory,
	externalHost string,
) (http.Handler, error)

WithHomeWorkspaces implements an HTTP handler, in the KCP server, which:

  • supports a special 'kubectl get workspace ~' request which returns either the old bucket-style workspace if it exists (= a LogicalCluster can be found) or a new parent-less home workspace. It will create the latter on the fly.

When the Home workspace is still not Ready, the handler returns a Retry-After response with a delay in seconds that is configurable (creationDelaySeconds), so that client-go clients will automatically retry the request after this delay.

To find old bucket-style home workspaces, the following bucket parameters still apply: - homePrefix is the workspace that will contains all the user home workspaces, partitioned by bucket workspaces - bucketLevels is the number of bucket workspaces met before reaching a home workspace from the homePefix workspace - bucketSize is the number of chars comprising each bucket.

Bucket workspace names are calculated based on the user name hash.

func WithIdentity added in v0.6.0

func WithIdentity(ctx context.Context, identity string) context.Context

WithIdentity adds an APIExport identity to the context.

func WithImpersonationGatekeeper added in v0.26.1

func WithImpersonationGatekeeper(handler http.Handler) http.Handler

WithImpersonationGatekeeper checks the request for impersonations and validates them, if they are valid. If they are not, will return a 403. We check for impersonation in the request headers, early to avoid it being propagated to the backend services.

func WithInClusterServiceAccountRequestRewrite added in v0.6.0

func WithInClusterServiceAccountRequestRewrite(handler http.Handler) http.Handler

WithInClusterServiceAccountRequestRewrite adds the /clusters/<clusterName> prefix to the request path if the request comes from an InCluster service account requests (InCluster clients don't support prefixes).

func WithLocalProxy added in v0.11.0

func WithLocalProxy(
	handler http.Handler,
	shardName, shardBaseURL string,
	workspaceInformer tenancyv1alpha1informers.WorkspaceClusterInformer,
	logicalClusterInformer corev1alpha1informers.LogicalClusterClusterInformer,
) http.Handler

WithLocalProxy returns a handler with a local-only mini-front-proxy. It is able to translate logical clusters with the data on the local shard. This is mainly interesting for standalone mode, without a real front-proxy in-front.

func WithRequestIdentity added in v0.9.0

func WithRequestIdentity(handler http.Handler) http.Handler

WithRequestIdentity checks list/watch requests for an APIExport identity for the resource in the path. If it finds one (e.g. /api/v1/services:identityabcd1234/default/my-service), it places the identity from the path to the context, updates the request to remove the identity from the path, and updates requestInfo.Resource to also remove the identity. Finally, it hands off to the passed in handler to handle the request.

func WithUserAgent added in v0.6.0

func WithUserAgent(handler http.Handler) http.Handler

func WithVirtualWorkspacesProxy added in v0.11.0

func WithVirtualWorkspacesProxy(apiHandler http.Handler, shardVirtualWorkspaceURL *url.URL, transport http.RoundTripper, proxy *httputil.ReverseProxy) http.HandlerFunc

WithVirtualWorkspacesProxy proxies internal requests to virtual workspaces (i.e., requests that did not go through the front proxy) to the external virtual workspaces server. Proxying is required to avoid certificate verification errors because these requests typically come from the kcp loopback client, and it is impossible to use that client against any server other than kcp.

func WithWildcardListWatchGuard

func WithWildcardListWatchGuard(apiHandler http.Handler) http.HandlerFunc

Types

type CompletedConfig added in v0.7.0

type CompletedConfig struct {
	// contains filtered or unexported fields
}

type CompletedVirtualConfig added in v0.20.0

type CompletedVirtualConfig struct {
	// contains filtered or unexported fields
}

func (CompletedVirtualConfig) NewServer added in v0.20.0

func (c CompletedVirtualConfig) NewServer(preHandlerChainMux mux) (*virtualrootapiserver.Server, error)

type Config added in v0.7.0

type Config struct {
	Options kcpserveroptions.CompletedOptions

	EmbeddedEtcd *embeddedetcd.Config

	GenericConfig   *genericapiserver.Config // the config embedded into MiniAggregator, the head of the delegation chain
	MiniAggregator  *miniaggregator.MiniAggregatorConfig
	Apis            *controlplaneapiserver.Config
	ApiExtensions   *apiextensionsapiserver.Config
	OptionalVirtual *VirtualConfig

	ExtraConfig
}

func NewConfig added in v0.7.0

func NewConfig(opts kcpserveroptions.CompletedOptions) (*Config, error)

func (*Config) Complete added in v0.7.0

func (c *Config) Complete() (CompletedConfig, error)

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type ExtraConfig added in v0.7.0

type ExtraConfig struct {
	IdentityConfig *rest.Config

	// clients
	DynamicClusterClient                kcpdynamic.ClusterInterface
	KubeClusterClient                   kcpkubernetesclientset.ClusterInterface
	DeepSARClient                       kcpkubernetesclientset.ClusterInterface
	ApiExtensionsClusterClient          kcpapiextensionsclientset.ClusterInterface
	KcpClusterClient                    kcpclientset.ClusterInterface
	RootShardKcpClusterClient           kcpclientset.ClusterInterface
	BootstrapDynamicClusterClient       kcpdynamic.ClusterInterface
	BootstrapApiExtensionsClusterClient kcpapiextensionsclientset.ClusterInterface

	CacheDynamicClient kcpdynamic.ClusterInterface

	LogicalClusterAdminConfig         *rest.Config // client config connecting directly to shards, skipping the front proxy
	ExternalLogicalClusterAdminConfig *rest.Config // client config connecting to the front proxy

	// URL getters depending on genericspiserver.ExternalAddress which is initialized on server run
	ShardBaseURL             func() string
	ShardExternalURL         func() string
	ShardVirtualWorkspaceURL func() string

	// informers
	KcpSharedInformerFactory                kcpinformers.SharedInformerFactory
	KubeSharedInformerFactory               kcpkubernetesinformers.SharedInformerFactory
	ApiExtensionsSharedInformerFactory      kcpapiextensionsinformers.SharedInformerFactory
	DiscoveringDynamicSharedInformerFactory *informer.DiscoveringDynamicSharedInformerFactory
	CacheKcpSharedInformerFactory           kcpinformers.SharedInformerFactory
	CacheKubeSharedInformerFactory          kcpkubernetesinformers.SharedInformerFactory
	// contains filtered or unexported fields
}

type RunFunc added in v0.21.0

type RunFunc func(ctx context.Context)

type Server

type Server struct {
	CompletedConfig

	ApiExtensions  *extensionsapiserver.CustomResourceDefinitions
	Apis           *controlplaneapiserver.Server
	MiniAggregator *miniaggregator.MiniAggregatorServer
	// contains filtered or unexported fields
}

func NewServer

func NewServer(c CompletedConfig) (*Server, error)

func (*Server) AddPostStartHook

func (s *Server) AddPostStartHook(name string, hook genericapiserver.PostStartHookFunc) error

func (*Server) AddPreShutdownHook

func (s *Server) AddPreShutdownHook(name string, hook genericapiserver.PreShutdownHookFunc) error

func (*Server) Run

func (s *Server) Run(ctx context.Context) error

func (*Server) WaitForPhase1Finished added in v0.11.0

func (s *Server) WaitForPhase1Finished()

func (*Server) WaitForSync added in v0.11.0

func (s *Server) WaitForSync(stop <-chan struct{}) error

type TableConverterFunc added in v0.6.0

type TableConverterFunc func(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error)

func (TableConverterFunc) ConvertToTable added in v0.6.0

func (tcf TableConverterFunc) ConvertToTable(ctx context.Context, object runtime.Object, tableOptions runtime.Object) (*metav1.Table, error)

type VirtualConfig added in v0.20.0

type VirtualConfig virtualrootapiserver.Config

func (*VirtualConfig) Complete added in v0.20.0

func (c *VirtualConfig) Complete(auth genericapiserver.AuthenticationInfo, auditEvaluator kaudit.PolicyRuleEvaluator, auditBackend kaudit.Backend, externalAddress string) CompletedVirtualConfig

type WaitFunc added in v0.21.0

type WaitFunc func(ctx context.Context, s *Server) error

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL