Documentation ¶
Overview ¶
Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.
Package origin provides objects for creating an OpenShift Origin server
Index ¶
- Constants
- Variables
- func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, ...) error
- func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
- func NewLeaderElection(options configapi.MasterConfig, ...) (plug.Plug, func(), error)
- func OpenShiftOAuthAuthorizeURL(masterAddr string) string
- func OpenShiftOAuthTokenRequestURL(masterAddr string) string
- func OpenShiftOAuthTokenURL(masterAddr string) string
- func WithAssetServerRedirect(handler http.Handler, assetPublicURL string) http.Handler
- func WithPatternsHandler(handler http.Handler, patternHandler http.Handler, patterns ...string) http.Handler
- type AssetConfig
- type AuthConfig
- type MasterConfig
- func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
- func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client
- func (c *MasterConfig) BuildControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
- func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) BuildLogClient() kclientsetinternal.Interface
- func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
- func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) DeploymentLogClient() kclientsetinternal.Interface
- func (c *MasterConfig) GetOpenShiftClientEnvVars() ([]kapi.EnvVar, error)
- func (c *MasterConfig) GetServiceAccountClients(name string) (*restclient.Config, *osclient.Client, kclientsetinternal.Interface, ...)
- func (c *MasterConfig) GetServiceAccountClientsWithConfig(name string, config restclient.Config) (*restclient.Config, *osclient.Client, kclientsetinternal.Interface, ...)
- func (c *MasterConfig) ImageImportControllerClient() *osclient.Client
- func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client
- func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client
- func (c *MasterConfig) ImageStreamSecretClient() kclientsetinternal.Interface
- func (c *MasterConfig) ImageTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
- func (c *MasterConfig) InitializeObjects()
- func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface
- func (c *MasterConfig) KubeClientsetInternal() kclientsetinternal.Interface
- func (c *MasterConfig) NewOpenShiftControllerPreStartInitializers() (map[string]controller.InitFunc, error)
- func (c *MasterConfig) NewOpenshiftControllerInitializers() (map[string]controller.InitFunc, error)
- func (c *MasterConfig) OAuthServerClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) OriginNamespaceControllerClient() kclientsetinternal.Interface
- func (c *MasterConfig) PolicyClient() *osclient.Client
- func (c *MasterConfig) ResourceQuotaManagerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
- func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
- func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) Run(kubeAPIServerConfig *kubeapiserver.Config, assetConfig *AssetConfig, ...)
- func (c *MasterConfig) RunAssetServer()
- func (c *MasterConfig) RunClusterQuotaMappingController()
- func (c *MasterConfig) RunClusterQuotaReconciliationController()
- func (c *MasterConfig) RunDNSServer()
- func (c *MasterConfig) RunGroupCache()
- func (c *MasterConfig) RunHealth() error
- func (c *MasterConfig) RunImageImportController()
- func (c *MasterConfig) RunImageTriggerController()
- func (c *MasterConfig) RunIngressIPController(internalKubeClientset kclientsetinternal.Interface, ...)
- func (c *MasterConfig) RunOriginToRBACSyncControllers()
- func (c *MasterConfig) RunProjectAuthorizationCache()
- func (c *MasterConfig) RunProjectCache()
- func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)
- func (c *MasterConfig) RunSDNController()
- func (c *MasterConfig) RunSecurityAllocationController()
- func (c *MasterConfig) RunServiceServingCertController(client kclientsetinternal.Interface)
- func (c *MasterConfig) RunUnidlingController()
- func (c *MasterConfig) SDNControllerClients() (*osclient.Client, kclientsetinternal.Interface)
- func (c *MasterConfig) SecurityAllocationControllerClient() kclientsetinternal.Interface
- func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client
- func (c *MasterConfig) UnidlingControllerClients() (*osclient.Client, kclientsetinternal.Interface, kextensionsclient.ScalesGetter)
- func (c *MasterConfig) WebConsoleEnabled() bool
- type OpenshiftAPIConfig
- type OpenshiftAPIServer
- type OpenshiftNonAPIConfig
- type OpenshiftNonAPIServer
Constants ¶
const ( OpenShiftOAuthAPIPrefix = "/oauth" OpenShiftOAuthCallbackPrefix = "/oauth2callback" OpenShiftWebConsoleClientID = "openshift-web-console" OpenShiftBrowserClientID = "openshift-browser-client" OpenShiftCLIClientID = "openshift-challenging-client" )
Variables ¶
var ( // OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema. // This list should not grow and adding a new types to the locked Origin API schema will // cause a unit test failure. OriginLegacyKinds = sets.NewString( "AppliedClusterResourceQuota", "AppliedClusterResourceQuotaList", "BinaryBuildRequestOptions", "Build", "BuildConfig", "BuildConfigList", "BuildList", "BuildLog", "BuildLogOptions", "BuildRequest", "ClusterNetwork", "ClusterNetworkList", "ClusterPolicy", "ClusterPolicyBinding", "ClusterPolicyBindingList", "ClusterPolicyList", "ClusterResourceQuota", "ClusterResourceQuotaList", "ClusterRole", "ClusterRoleBinding", "ClusterRoleBindingList", "ClusterRoleList", "DeploymentConfig", "DeploymentConfigList", "DeploymentConfigRollback", "DeploymentLog", "DeploymentLogOptions", "DeploymentRequest", "EgressNetworkPolicy", "EgressNetworkPolicyList", "Group", "GroupList", "HostSubnet", "HostSubnetList", "Identity", "IdentityList", "Image", "ImageList", "ImageSignature", "ImageStream", "ImageStreamImage", "ImageStreamImport", "ImageStreamList", "ImageStreamMapping", "ImageStreamTag", "ImageStreamTagList", "IsPersonalSubjectAccessReview", "LocalResourceAccessReview", "LocalSubjectAccessReview", "NetNamespace", "NetNamespaceList", "OAuthAccessToken", "OAuthAccessTokenList", "OAuthAuthorizeToken", "OAuthAuthorizeTokenList", "OAuthClient", "OAuthClientAuthorization", "OAuthClientAuthorizationList", "OAuthClientList", "OAuthRedirectReference", "PodSecurityPolicyReview", "PodSecurityPolicySelfSubjectReview", "PodSecurityPolicySubjectReview", "Policy", "PolicyBinding", "PolicyBindingList", "PolicyList", "ProcessedTemplate", "Project", "ProjectList", "ProjectRequest", "ResourceAccessReview", "ResourceAccessReviewResponse", "Role", "RoleBinding", "RoleBindingList", "RoleBindingRestriction", "RoleBindingRestrictionList", "RoleList", "Route", "RouteList", "SelfSubjectRulesReview", "SubjectAccessReview", "SubjectAccessReviewResponse", "SubjectRulesReview", "Template", "TemplateConfig", "TemplateList", "User", "UserIdentityMapping", "UserList", ) // OriginLegacyResources lists all Origin resources that are locked for the legacy v1 // Origin API. This list should not grow. OriginLegacyResources = sets.NewString( "appliedClusterResourceQuotas", "buildConfigs", "builds", "clusterNetworks", "clusterPolicies", "clusterPolicyBindings", "clusterResourceQuotas", "clusterRoleBindings", "clusterRoles", "deploymentConfigRollbacks", "deploymentConfigs", "egressNetworkPolicies", "groups", "hostSubnets", "identities", "imageStreamImages", "imageStreamImports", "imageStreamMappings", "imageStreamTags", "imageStreams", "images", "imagesignatures", "localResourceAccessReviews", "localSubjectAccessReviews", "netNamespaces", "oAuthAccessTokens", "oAuthAuthorizeTokens", "oAuthClientAuthorizations", "oAuthClients", "podSecurityPolicyReviews", "podSecurityPolicySelfSubjectReviews", "podSecurityPolicySubjectReviews", "policies", "policyBindings", "processedTemplates", "projectRequests", "projects", "resourceAccessReviews", "roleBindingRestrictions", "roleBindings", "roles", "routes", "selfSubjectRulesReviews", "subjectAccessReviews", "subjectRulesReviews", "templates", "userIdentityMappings", "users", ) // OriginLegacySubresources lists all Origin sub-resources that are locked for the // legacy v1 Origin API. This list should not grow. OriginLegacySubresources = sets.NewString( "clusterResourceQuotas/status", "processedTemplates", "imageStreams/status", "imageStreams/secrets", "generateDeploymentConfigs", "deploymentConfigs/log", "deploymentConfigs/instantiate", "deploymentConfigs/scale", "deploymentConfigs/status", "deploymentConfigs/rollback", "routes/status", "builds/clone", "builds/log", "builds/details", "buildConfigs/webhooks", "buildConfigs/instantiate", "buildConfigs/instantiatebinary", ) )
var ( // KubeAdmissionPlugins gives the in-order default admission chain for kube resources. KubeAdmissionPlugins = []string{ lifecycle.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "PodPreset", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, "DefaultTolerationSeconds", "ResourceQuota", "openshift.io/ClusterResourceQuota", } // CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources. // When possible, this list is used. The set of openshift+kube chains must exactly match this set. In addition, // the order specified in the openshift and kube chains must match the order here. CombinedAdmissionControlPlugins = []string{ lifecycle.PluginName, "ProjectRequestLimit", "OriginNamespaceLifecycle", "openshift.io/RestrictSubjectBindings", "PodNodeConstraints", "openshift.io/JenkinsBootstrapper", "openshift.io/BuildConfigSecretInjector", "BuildByStrategy", imageadmission.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "PodPreset", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, "DefaultTolerationSeconds", "ResourceQuota", "openshift.io/ClusterResourceQuota", } )
Functions ¶
func CreateOrUpdateDefaultOAuthClients ¶
func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error
func LegacyStorage ¶
LegacyStorage returns a storage for locked legacy types.
func NewLeaderElection ¶
func NewLeaderElection(options configapi.MasterConfig, leader componentconfig.LeaderElectionConfiguration, kc kclientsetexternal.Interface) (plug.Plug, func(), error)
NewLeaderElection returns a plug that blocks controller startup until the lease is acquired and a function that will start the process to attain the lease. There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a service endpoints object in the kube-system namespace. The legacy mode will periodically poll to see if the endpoints object exists, and if so will stand down, allowing newer controllers to take over.
func OpenShiftOAuthTokenURL ¶
func WithAssetServerRedirect ¶
If we know the location of the asset server, redirect to it when / is requested and the Accept header supports text/html
Types ¶
type AssetConfig ¶
type AssetConfig struct { Options oapi.AssetConfig LimitRequestOverrides *api.ClusterResourceOverrideConfig }
AssetConfig defines the required parameters for starting the OpenShift master
func NewAssetConfig ¶
func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)
NewAssetConfig returns a new AssetConfig
func (*AssetConfig) Run ¶
func (c *AssetConfig) Run()
Run starts an http server for the static assets listening on the configured bind address
func (*AssetConfig) WithAssets ¶
WithAssets decorates a handler by serving static assets for the subpath of the public URL and passing through all other requests to the given handler.
type AuthConfig ¶
type AuthConfig struct { Options configapi.OAuthConfig // AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console AssetPublicAddresses []string // KubeClient is kubeclient with enough permission for the auth API KubeClient kclientset.Interface // OpenShiftClient is osclient with enough permission for the auth API OpenShiftClient osclient.Interface // RESTOptionsGetter provides storage and RESTOption lookup RESTOptionsGetter restoptions.Getter // EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend. // These are only used to ensure newly created tokens are distributed to all backends before returning them for use. // EtcdHelper should normally be used for storage functions. EtcdBackends []storage.Interface UserRegistry userregistry.Registry IdentityRegistry identityregistry.Registry SessionAuth *session.Authenticator HandlerWrapper handlerWrapper }
func BuildAuthConfig ¶
func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)
func (*AuthConfig) NewOpenShiftOAuthClientConfig ¶
func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig
NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client
type MasterConfig ¶
type MasterConfig struct { Options configapi.MasterConfig // RESTOptionsGetter provides access to storage and RESTOptions for a particular resource RESTOptionsGetter restoptions.Getter RuleResolver rulevalidation.AuthorizationRuleResolver Authenticator authenticator.Request Authorizer kauthorizer.Authorizer SubjectLocator authorizer.SubjectLocator // TODO(sttts): replace AuthorizationAttributeBuilder with apiserverfilters.NewRequestAttributeGetter AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder GroupCache *usercache.GroupCache ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController LimitVerifier imageadmission.LimitVerifier // RequestContextMapper maps requests to contexts RequestContextMapper apirequest.RequestContextMapper AdmissionControl admission.Interface // KubeAdmissionControl holds the kube admission chain. Because of the way the plugin initializer is built // you'll be passing information in this direction either way. Knowing how to build this chain requires knowledge // of both the origin config AND the kube config, so this spot makes more sense. KubeAdmissionControl admission.Interface TLS bool ControllerPlug plug.Plug ControllerPlugStart func() // ImageFor is a function that returns the appropriate image to use for a named component ImageFor func(component string) string // RegistryNameFn retrieves the name of the integrated registry, or false if no such registry // is available. RegistryNameFn imageapi.DefaultRegistryFunc // ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed // without all clients being aware of the new version. ExternalVersionCodec runtime.Codec KubeletClientConfig *kubeletclient.KubeletClientConfig // ClientCAs will be used to request client certificates in connections to the API. // This CertPool should contain all the CAs that will be used for client certificate verification. ClientCAs *x509.CertPool // APIClientCAs is used to verify client certificates presented for API auth APIClientCAs *x509.CertPool // PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components // To apply different access control to a system component, create a client config specifically for that component. PrivilegedLoopbackClientConfig restclient.Config // PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface // PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface // PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components, // built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods. // To apply different access control to a system component, create a separate client/config specifically // for that component. PrivilegedLoopbackOpenShiftClient *osclient.Client // Informers is a shared factory for getting SharedInformers. It is important to get your informers, indexers, and listers // from here so that we only end up with a single cache of objects Informers shared.InformerFactory AppInformers appinformer.SharedInformerFactory AuthorizationInformers authorizationinformer.SharedInformerFactory ImageInformers imageinformer.SharedInformerFactory TemplateInformers templateinformer.SharedInformerFactory }
MasterConfig defines the required parameters for starting the OpenShift master
func BuildMasterConfig ¶
func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)
BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options
func (*MasterConfig) BuildConfigChangeControllerClients ¶
func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
BuildConfigChangeControllerClients returns the build config change controller client objects
func (*MasterConfig) BuildConfigWebHookClient ¶
func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client
BuildConfigWebHookClient returns the webhook client object
func (*MasterConfig) BuildControllerClients ¶
func (c *MasterConfig) BuildControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
BuildControllerClients returns the build controller client objects
func (*MasterConfig) BuildImageChangeTriggerControllerClients ¶
func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface)
BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects
func (*MasterConfig) BuildLogClient ¶
func (c *MasterConfig) BuildLogClient() kclientsetinternal.Interface
BuildLogClient returns the build log client object
func (*MasterConfig) BuildPodControllerClients ¶
func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
BuildPodControllerClients returns the build pod controller client objects
func (*MasterConfig) DeploymentConfigClients ¶
func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, kclientsetinternal.Interface)
DeploymentConfigClients returns deploymentConfig and deployment client objects
func (*MasterConfig) DeploymentConfigInstantiateClients ¶
func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, kclientsetinternal.Interface)
func (*MasterConfig) DeploymentLogClient ¶
func (c *MasterConfig) DeploymentLogClient() kclientsetinternal.Interface
DeploymentLogClient returns the deployment log client object
func (*MasterConfig) GetOpenShiftClientEnvVars ¶
func (c *MasterConfig) GetOpenShiftClientEnvVars() ([]kapi.EnvVar, error)
func (*MasterConfig) GetServiceAccountClients ¶
func (c *MasterConfig) GetServiceAccountClients(name string) (*restclient.Config, *osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface, error)
GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace
func (*MasterConfig) GetServiceAccountClientsWithConfig ¶
func (c *MasterConfig) GetServiceAccountClientsWithConfig(name string, config restclient.Config) (*restclient.Config, *osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface, error)
func (*MasterConfig) ImageImportControllerClient ¶
func (c *MasterConfig) ImageImportControllerClient() *osclient.Client
ImageImportControllerClient returns the deployment client object
func (*MasterConfig) ImageStreamImportSARClient ¶
func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client
ImageStreamImportSARClient returns the client capable of performing self-SAR requests
func (*MasterConfig) ImageStreamImportSecretClient ¶
func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client
ImageStreamImportSecretClient returns the client capable of retrieving image secrets for a namespace
func (*MasterConfig) ImageStreamSecretClient ¶
func (c *MasterConfig) ImageStreamSecretClient() kclientsetinternal.Interface
ImageStreamSecretClient returns the client capable of retrieving secrets for an image secret wrapper
func (*MasterConfig) ImageTriggerControllerClients ¶
func (c *MasterConfig) ImageTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
ImageTriggerControllerClients returns the trigger controller client objects
func (*MasterConfig) InitializeObjects ¶
func (c *MasterConfig) InitializeObjects()
InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.
func (*MasterConfig) KubeClientsetExternal ¶
func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface
KubeClientsetInternal returns the kubernetes client object
func (*MasterConfig) KubeClientsetInternal ¶
func (c *MasterConfig) KubeClientsetInternal() kclientsetinternal.Interface
KubeClientsetInternal returns the kubernetes client object
func (*MasterConfig) NewOpenShiftControllerPreStartInitializers ¶
func (c *MasterConfig) NewOpenShiftControllerPreStartInitializers() (map[string]controller.InitFunc, error)
NewOpenShiftControllerPreStartInitializers returns list of initializers for controllers that needed to be run before any other controller is started. Typically this has to done for the serviceaccount-tokens controller as it provides tokens to other controllers.
func (*MasterConfig) NewOpenshiftControllerInitializers ¶
func (c *MasterConfig) NewOpenshiftControllerInitializers() (map[string]controller.InitFunc, error)
func (*MasterConfig) OAuthServerClients ¶
func (c *MasterConfig) OAuthServerClients() (*osclient.Client, kclientsetinternal.Interface)
OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged
func (*MasterConfig) OriginNamespaceControllerClient ¶
func (c *MasterConfig) OriginNamespaceControllerClient() kclientsetinternal.Interface
OriginNamespaceControllerClient returns a client for openshift and kubernetes. The kubernetes client object must have authority to execute a finalize request on a namespace
func (*MasterConfig) PolicyClient ¶
func (c *MasterConfig) PolicyClient() *osclient.Client
PolicyClient returns the policy client object It must have the following capabilities:
list, watch all policyBindings in all namespaces list, watch all policies in all namespaces create resourceAccessReviews in all namespaces
func (*MasterConfig) ResourceQuotaManagerClients ¶
func (c *MasterConfig) ResourceQuotaManagerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)
ResourceQuotaManagerClients returns the client capable of retrieving resources needed for resource quota evaluation
func (*MasterConfig) RouteAllocator ¶
func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
RouteAllocator returns a route allocation controller.
func (*MasterConfig) RouteAllocatorClients ¶
func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface)
RouteAllocatorClients returns the route allocator client objects
func (*MasterConfig) Run ¶
func (c *MasterConfig) Run(kubeAPIServerConfig *kubeapiserver.Config, assetConfig *AssetConfig, stopCh <-chan struct{})
Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.
func (*MasterConfig) RunAssetServer ¶
func (c *MasterConfig) RunAssetServer()
RunAssetServer starts the asset server for the OpenShift UI.
func (*MasterConfig) RunClusterQuotaMappingController ¶
func (c *MasterConfig) RunClusterQuotaMappingController()
func (*MasterConfig) RunClusterQuotaReconciliationController ¶
func (c *MasterConfig) RunClusterQuotaReconciliationController()
func (*MasterConfig) RunDNSServer ¶
func (c *MasterConfig) RunDNSServer()
RunDNSServer starts the DNS server
func (*MasterConfig) RunGroupCache ¶
func (c *MasterConfig) RunGroupCache()
RunGroupCache starts the group cache
func (*MasterConfig) RunHealth ¶
func (c *MasterConfig) RunHealth() error
func (*MasterConfig) RunImageImportController ¶
func (c *MasterConfig) RunImageImportController()
RunImageImportController starts the image import trigger controller process.
func (*MasterConfig) RunImageTriggerController ¶
func (c *MasterConfig) RunImageTriggerController()
func (*MasterConfig) RunIngressIPController ¶
func (c *MasterConfig) RunIngressIPController(internalKubeClientset kclientsetinternal.Interface, externalKubeClientset kclientsetexternal.Interface)
RunIngressIPController starts the ingress ip controller if IngressIPNetworkCIDR is configured.
func (*MasterConfig) RunOriginToRBACSyncControllers ¶
func (c *MasterConfig) RunOriginToRBACSyncControllers()
func (*MasterConfig) RunProjectAuthorizationCache ¶
func (c *MasterConfig) RunProjectAuthorizationCache()
RunProjectAuthorizationCache starts the project authorization cache
func (*MasterConfig) RunProjectCache ¶
func (c *MasterConfig) RunProjectCache()
RunProjectCache populates project cache, used by scheduler and project admission controller.
func (*MasterConfig) RunResourceQuotaManager ¶
func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)
RunResourceQuotaManager starts resource quota controller for OpenShift resources
func (*MasterConfig) RunSDNController ¶
func (c *MasterConfig) RunSDNController()
RunSDNController runs openshift-sdn if the said network plugin is provided
func (*MasterConfig) RunSecurityAllocationController ¶
func (c *MasterConfig) RunSecurityAllocationController()
RunSecurityAllocationController starts the security allocation controller process.
func (*MasterConfig) RunServiceServingCertController ¶
func (c *MasterConfig) RunServiceServingCertController(client kclientsetinternal.Interface)
func (*MasterConfig) RunUnidlingController ¶
func (c *MasterConfig) RunUnidlingController()
RunUnidlingController starts the unidling controller
func (*MasterConfig) SDNControllerClients ¶
func (c *MasterConfig) SDNControllerClients() (*osclient.Client, kclientsetinternal.Interface)
SDNControllerClients returns the SDN controller client objects
func (*MasterConfig) SecurityAllocationControllerClient ¶
func (c *MasterConfig) SecurityAllocationControllerClient() kclientsetinternal.Interface
SecurityAllocationControllerClient returns the security allocation controller client object
func (*MasterConfig) ServiceAccountRoleBindingClient ¶
func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client
ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:
get, list, update, create policyBindings and clusterPolicyBindings in all namespaces
func (*MasterConfig) UnidlingControllerClients ¶
func (c *MasterConfig) UnidlingControllerClients() (*osclient.Client, kclientsetinternal.Interface, kextensionsclient.ScalesGetter)
UnidlingControllerClients returns the unidling controller clients
func (*MasterConfig) WebConsoleEnabled ¶
func (c *MasterConfig) WebConsoleEnabled() bool
WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.
type OpenshiftAPIConfig ¶
type OpenshiftAPIConfig struct { GenericConfig *genericapiserver.Config KubeClientExternal kclientsetexternal.Interface KubeClientInternal kclientsetinternal.Interface KubeletClientConfig *kubeletclient.KubeletClientConfig KubeInternalInformers kinternalinformers.SharedInformerFactory // DeprecatedInformers is a shared factory for getting old style openshift informers DeprecatedInformers deprecatedinformers.InformerFactory DeprecatedOpenshiftClient *osclient.Client // these are all required to build our storage RuleResolver rulevalidation.AuthorizationRuleResolver SubjectLocator authorizer.SubjectLocator LimitVerifier imageadmission.LimitVerifier // RegistryNameFn retrieves the name of the integrated registry, or false if no such registry // is available. RegistryNameFn imageapi.DefaultRegistryFunc AllowedRegistriesForImport *configapi.AllowedRegistries MaxImagesBulkImportedPerRepository int RouteAllocator *routeallocationcontroller.RouteAllocationController ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ProjectRequestTemplate string ProjectRequestMessage string EnableBuilds bool ServiceAccountMethod configapi.GrantHandlerType EnableTemplateServiceBroker bool ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController }
func (*OpenshiftAPIConfig) Complete ¶
func (c *OpenshiftAPIConfig) Complete() completedConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
func (OpenshiftAPIConfig) GetRestStorage ¶
func (c OpenshiftAPIConfig) GetRestStorage() (map[schema.GroupVersion]map[string]rest.Storage, error)
TODO this function needs to be broken apart with each API group owning their own storage, probably with two method per API group to give us legacy and current storage
func (*OpenshiftAPIConfig) SkipComplete ¶
func (c *OpenshiftAPIConfig) SkipComplete() completedConfig
SkipComplete provides a way to construct a server instance without config completion.
func (*OpenshiftAPIConfig) Validate ¶
func (c *OpenshiftAPIConfig) Validate() error
Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now
type OpenshiftAPIServer ¶
type OpenshiftAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.
type OpenshiftNonAPIConfig ¶
type OpenshiftNonAPIConfig struct { GenericConfig *genericapiserver.Config // these are only needed for the controller endpoint which should be moved out and made an optional // add-on in the chain (as the final delegate) when running an all-in-one EnableControllers bool ControllerPlug plug.Plug MasterPublicURL string EnableOAuth bool // these are only needed for the template service broker, which should move out KubeClientInternal kclientsetinternal.Interface EnableTemplateServiceBroker bool TemplateInformers templateinformer.SharedInformerFactory TemplateNamespaces []string }
func (*OpenshiftNonAPIConfig) Complete ¶
func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
func (*OpenshiftNonAPIConfig) SkipComplete ¶
func (c *OpenshiftNonAPIConfig) SkipComplete() completedOpenshiftNonAPIConfig
SkipComplete provides a way to construct a server instance without config completion.
type OpenshiftNonAPIServer ¶
type OpenshiftNonAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftNonAPIServer serves non-API endpoints for openshift.