Documentation ¶
Index ¶
- Constants
- Variables
- func IdentityFromContext(ctx context.Context) string
- func NewTableConverterProvider() *tableConverterProvider
- func UserAgentFrom(ctx context.Context) string
- func WithHomeWorkspaces(apiHandler http.Handler, a authorizer.Authorizer, ...) (http.Handler, error)
- func WithIdentity(ctx context.Context, identity string) context.Context
- func WithImpersonationGatekeeper(handler http.Handler) http.Handler
- func WithInClusterServiceAccountRequestRewrite(handler http.Handler) http.Handler
- func WithLocalProxy(handler http.Handler, shardName, shardBaseURL string, ...) http.Handler
- func WithRequestIdentity(handler http.Handler) http.Handler
- func WithUserAgent(handler http.Handler) http.Handler
- func WithVirtualWorkspacesProxy(apiHandler http.Handler, shardVirtualWorkspaceURL *url.URL, ...) http.HandlerFunc
- func WithWildcardListWatchGuard(apiHandler http.Handler) http.HandlerFunc
- type CompletedConfig
- type CompletedVirtualConfig
- type Config
- type ExtraConfig
- type RunFunc
- type Server
- func (s *Server) AddPostStartHook(name string, hook genericapiserver.PostStartHookFunc) error
- func (s *Server) AddPreShutdownHook(name string, hook genericapiserver.PreShutdownHookFunc) error
- func (s *Server) Run(ctx context.Context) error
- func (s *Server) WaitForPhase1Finished()
- func (s *Server) WaitForSync(stop <-chan struct{}) error
- type TableConverterFunc
- type VirtualConfig
- type WaitFunc
Constants ¶
const KcpBootstrapperUserName = "system:kcp:bootstrapper"
Variables ¶
var SystemCRDClusterName = logicalcluster.Name("system:system-crds")
SystemCRDClusterName is the logical cluster we install system CRDs into for now. These are needed to start wildcard informers until a "real" workspace gets them installed.
Functions ¶
func IdentityFromContext ¶ added in v0.6.0
IdentityFromContext retrieves the APIExport identity from the context, if any.
func NewTableConverterProvider ¶ added in v0.6.0
func NewTableConverterProvider() *tableConverterProvider
func UserAgentFrom ¶ added in v0.6.0
func WithHomeWorkspaces ¶ added in v0.6.0
func WithHomeWorkspaces( apiHandler http.Handler, a authorizer.Authorizer, kubeClusterClient kcpkubernetesclientset.ClusterInterface, kcpClusterClient kcpclientset.ClusterInterface, kubeSharedInformerFactory kcpkubernetesinformers.SharedInformerFactory, kcpSharedInformerFactory kcpinformers.SharedInformerFactory, externalHost string, ) (http.Handler, error)
WithHomeWorkspaces implements an HTTP handler, in the KCP server, which:
- supports a special 'kubectl get workspace ~' request which returns either the old bucket-style workspace if it exists (= a LogicalCluster can be found) or a new parent-less home workspace. It will create the latter on the fly.
When the Home workspace is still not Ready, the handler returns a Retry-After response with a delay in seconds that is configurable (creationDelaySeconds), so that client-go clients will automatically retry the request after this delay.
To find old bucket-style home workspaces, the following bucket parameters still apply: - homePrefix is the workspace that will contains all the user home workspaces, partitioned by bucket workspaces - bucketLevels is the number of bucket workspaces met before reaching a home workspace from the homePefix workspace - bucketSize is the number of chars comprising each bucket.
Bucket workspace names are calculated based on the user name hash.
func WithIdentity ¶ added in v0.6.0
WithIdentity adds an APIExport identity to the context.
func WithImpersonationGatekeeper ¶ added in v0.26.1
WithImpersonationGatekeeper checks the request for impersonations and validates them, if they are valid. If they are not, will return a 403. We check for impersonation in the request headers, early to avoid it being propagated to the backend services.
func WithInClusterServiceAccountRequestRewrite ¶ added in v0.6.0
WithInClusterServiceAccountRequestRewrite adds the /clusters/<clusterName> prefix to the request path if the request comes from an InCluster service account requests (InCluster clients don't support prefixes).
func WithLocalProxy ¶ added in v0.11.0
func WithLocalProxy( handler http.Handler, shardName, shardBaseURL string, workspaceInformer tenancyv1alpha1informers.WorkspaceClusterInformer, logicalClusterInformer corev1alpha1informers.LogicalClusterClusterInformer, ) http.Handler
WithLocalProxy returns a handler with a local-only mini-front-proxy. It is able to translate logical clusters with the data on the local shard. This is mainly interesting for standalone mode, without a real front-proxy in-front.
func WithRequestIdentity ¶ added in v0.9.0
WithRequestIdentity checks list/watch requests for an APIExport identity for the resource in the path. If it finds one (e.g. /api/v1/services:identityabcd1234/default/my-service), it places the identity from the path to the context, updates the request to remove the identity from the path, and updates requestInfo.Resource to also remove the identity. Finally, it hands off to the passed in handler to handle the request.
func WithVirtualWorkspacesProxy ¶ added in v0.11.0
func WithVirtualWorkspacesProxy(apiHandler http.Handler, shardVirtualWorkspaceURL *url.URL, transport http.RoundTripper, proxy *httputil.ReverseProxy) http.HandlerFunc
WithVirtualWorkspacesProxy proxies internal requests to virtual workspaces (i.e., requests that did not go through the front proxy) to the external virtual workspaces server. Proxying is required to avoid certificate verification errors because these requests typically come from the kcp loopback client, and it is impossible to use that client against any server other than kcp.
func WithWildcardListWatchGuard ¶
func WithWildcardListWatchGuard(apiHandler http.Handler) http.HandlerFunc
Types ¶
type CompletedConfig ¶ added in v0.7.0
type CompletedConfig struct {
// contains filtered or unexported fields
}
type CompletedVirtualConfig ¶ added in v0.20.0
type CompletedVirtualConfig struct {
// contains filtered or unexported fields
}
func (CompletedVirtualConfig) NewServer ¶ added in v0.20.0
func (c CompletedVirtualConfig) NewServer(preHandlerChainMux mux) (*virtualrootapiserver.Server, error)
type Config ¶ added in v0.7.0
type Config struct { Options kcpserveroptions.CompletedOptions EmbeddedEtcd *embeddedetcd.Config GenericConfig *genericapiserver.Config // the config embedded into MiniAggregator, the head of the delegation chain MiniAggregator *miniaggregator.MiniAggregatorConfig Apis *controlplaneapiserver.Config ApiExtensions *apiextensionsapiserver.Config OptionalVirtual *VirtualConfig ExtraConfig }
func NewConfig ¶ added in v0.7.0
func NewConfig(opts kcpserveroptions.CompletedOptions) (*Config, error)
func (*Config) Complete ¶ added in v0.7.0
func (c *Config) Complete() (CompletedConfig, error)
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
type ExtraConfig ¶ added in v0.7.0
type ExtraConfig struct { IdentityConfig *rest.Config // clients DynamicClusterClient kcpdynamic.ClusterInterface KubeClusterClient kcpkubernetesclientset.ClusterInterface DeepSARClient kcpkubernetesclientset.ClusterInterface ApiExtensionsClusterClient kcpapiextensionsclientset.ClusterInterface KcpClusterClient kcpclientset.ClusterInterface RootShardKcpClusterClient kcpclientset.ClusterInterface BootstrapDynamicClusterClient kcpdynamic.ClusterInterface BootstrapApiExtensionsClusterClient kcpapiextensionsclientset.ClusterInterface CacheDynamicClient kcpdynamic.ClusterInterface LogicalClusterAdminConfig *rest.Config // client config connecting directly to shards, skipping the front proxy ExternalLogicalClusterAdminConfig *rest.Config // client config connecting to the front proxy // URL getters depending on genericspiserver.ExternalAddress which is initialized on server run ShardBaseURL func() string ShardExternalURL func() string ShardVirtualWorkspaceURL func() string // informers // contains filtered or unexported fields }
type Server ¶
type Server struct { CompletedConfig ApiExtensions *extensionsapiserver.CustomResourceDefinitions Apis *controlplaneapiserver.Server MiniAggregator *miniaggregator.MiniAggregatorServer // contains filtered or unexported fields }
func NewServer ¶
func NewServer(c CompletedConfig) (*Server, error)
func (*Server) AddPostStartHook ¶
func (s *Server) AddPostStartHook(name string, hook genericapiserver.PostStartHookFunc) error
func (*Server) AddPreShutdownHook ¶
func (s *Server) AddPreShutdownHook(name string, hook genericapiserver.PreShutdownHookFunc) error
func (*Server) WaitForPhase1Finished ¶ added in v0.11.0
func (s *Server) WaitForPhase1Finished()
func (*Server) WaitForSync ¶ added in v0.11.0
type TableConverterFunc ¶ added in v0.6.0
type VirtualConfig ¶ added in v0.20.0
type VirtualConfig virtualrootapiserver.Config
func (*VirtualConfig) Complete ¶ added in v0.20.0
func (c *VirtualConfig) Complete(auth genericapiserver.AuthenticationInfo, auditEvaluator kaudit.PolicyRuleEvaluator, auditBackend kaudit.Backend, externalAddress string) CompletedVirtualConfig