origin

package
v0.0.0-...-4d083f9 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 29, 2017 License: Apache-2.0 Imports: 310 Imported by: 0

Documentation

Overview

Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

View Source
const (
	OpenShiftOAuthAPIPrefix = "/oauth"

	OpenShiftOAuthCallbackPrefix = "/oauth2callback"
	OpenShiftWebConsoleClientID  = "openshift-web-console"
	OpenShiftBrowserClientID     = "openshift-browser-client"
	OpenShiftCLIClientID         = "openshift-challenging-client"
)

Variables

View Source
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterPolicy",
		"ClusterPolicyBinding",
		"ClusterPolicyBindingList",
		"ClusterPolicyList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"Policy",
		"PolicyBinding",
		"PolicyBindingList",
		"PolicyList",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterPolicies",
		"clusterPolicyBindings",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source
var (

	// KubeAdmissionPlugins gives the in-order default admission chain for kube resources.
	KubeAdmissionPlugins = []string{
		lifecycle.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}

	// CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources.
	// When possible, this list is used.  The set of openshift+kube chains must exactly match this set.  In addition,
	// the order specified in the openshift and kube chains must match the order here.
	CombinedAdmissionControlPlugins = []string{
		lifecycle.PluginName,
		"ProjectRequestLimit",
		"OriginNamespaceLifecycle",
		"openshift.io/RestrictSubjectBindings",
		"PodNodeConstraints",
		"openshift.io/JenkinsBootstrapper",
		"openshift.io/BuildConfigSecretInjector",
		"BuildByStrategy",
		imageadmission.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		"PodNodeSelector",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"PodPreset",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",
		ingressadmission.IngressAdmission,
		"DefaultTolerationSeconds",

		"ResourceQuota",
		"openshift.io/ClusterResourceQuota",
	}
)

Functions

func CreateOrUpdateDefaultOAuthClients

func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error

func LegacyStorage

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewLeaderElection

NewLeaderElection returns a plug that blocks controller startup until the lease is acquired and a function that will start the process to attain the lease. There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a service endpoints object in the kube-system namespace. The legacy mode will periodically poll to see if the endpoints object exists, and if so will stand down, allowing newer controllers to take over.

func OpenShiftOAuthAuthorizeURL

func OpenShiftOAuthAuthorizeURL(masterAddr string) string

func OpenShiftOAuthTokenRequestURL

func OpenShiftOAuthTokenRequestURL(masterAddr string) string

func OpenShiftOAuthTokenURL

func OpenShiftOAuthTokenURL(masterAddr string) string

func WithAssetServerRedirect

func WithAssetServerRedirect(handler http.Handler, assetPublicURL string) http.Handler

If we know the location of the asset server, redirect to it when / is requested and the Accept header supports text/html

func WithPatternsHandler

func WithPatternsHandler(handler http.Handler, patternHandler http.Handler, patterns ...string) http.Handler

Types

type AssetConfig

type AssetConfig struct {
	Options               oapi.AssetConfig
	LimitRequestOverrides *api.ClusterResourceOverrideConfig
}

AssetConfig defines the required parameters for starting the OpenShift master

func NewAssetConfig

func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)

NewAssetConfig returns a new AssetConfig

func (*AssetConfig) Run

func (c *AssetConfig) Run()

Run starts an http server for the static assets listening on the configured bind address

func (*AssetConfig) WithAssets

func (c *AssetConfig) WithAssets(handler http.Handler) (http.Handler, error)

WithAssets decorates a handler by serving static assets for the subpath of the public URL and passing through all other requests to the given handler.

type AuthConfig

type AuthConfig struct {
	Options configapi.OAuthConfig

	// AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console
	AssetPublicAddresses []string

	// KubeClient is kubeclient with enough permission for the auth API
	KubeClient kclientset.Interface

	// OpenShiftClient is osclient with enough permission for the auth API
	OpenShiftClient osclient.Interface

	// RESTOptionsGetter provides storage and RESTOption lookup
	RESTOptionsGetter restoptions.Getter

	// EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend.
	// These are only used to ensure newly created tokens are distributed to all backends before returning them for use.
	// EtcdHelper should normally be used for storage functions.
	EtcdBackends []storage.Interface

	UserRegistry     userregistry.Registry
	IdentityRegistry identityregistry.Registry

	SessionAuth *session.Authenticator

	HandlerWrapper handlerWrapper
}

func BuildAuthConfig

func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)

func (*AuthConfig) NewOpenShiftOAuthClientConfig

func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig

NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client

func (*AuthConfig) WithOAuth

func (c *AuthConfig) WithOAuth(handler http.Handler) (http.Handler, error)

WithOAuth decorates the given handler by serving the OAuth2 endpoints while passing through all other requests to the given handler.

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rulevalidation.AuthorizationRuleResolver
	Authenticator  authenticator.Request
	Authorizer     kauthorizer.Authorizer
	SubjectLocator authorizer.SubjectLocator

	// TODO(sttts): replace AuthorizationAttributeBuilder with apiserverfilters.NewRequestAttributeGetter
	AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder

	GroupCache                    *usercache.GroupCache
	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RequestContextMapper maps requests to contexts
	RequestContextMapper apirequest.RequestContextMapper

	AdmissionControl admission.Interface

	// KubeAdmissionControl holds the kube admission chain.  Because of the way the plugin initializer is built
	// you'll be passing information in this direction either way.  Knowing how to build this chain requires knowledge
	// of both the origin config AND the kube config, so this spot makes more sense.
	KubeAdmissionControl admission.Interface

	TLS bool

	ControllerPlug      plug.Plug
	ControllerPlugStart func()

	// ImageFor is a function that returns the appropriate image to use for a named component
	ImageFor func(component string) string
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn imageapi.DefaultRegistryFunc

	// ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed
	// without all clients being aware of the new version.
	ExternalVersionCodec runtime.Codec

	KubeletClientConfig *kubeletclient.KubeletClientConfig

	// ClientCAs will be used to request client certificates in connections to the API.
	// This CertPool should contain all the CAs that will be used for client certificate verification.
	ClientCAs *x509.CertPool
	// APIClientCAs is used to verify client certificates presented for API auth
	APIClientCAs *x509.CertPool

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface
	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods.
	// To apply different access control to a system component, create a separate client/config specifically
	// for that component.
	PrivilegedLoopbackOpenShiftClient *osclient.Client

	// Informers is a shared factory for getting SharedInformers. It is important to get your informers, indexers, and listers
	// from here so that we only end up with a single cache of objects
	Informers shared.InformerFactory

	AppInformers           appinformer.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	ImageInformers         imageinformer.SharedInformerFactory
	TemplateInformers      templateinformer.SharedInformerFactory
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig

func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) BuildConfigChangeControllerClients

func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)

BuildConfigChangeControllerClients returns the build config change controller client objects

func (*MasterConfig) BuildConfigWebHookClient

func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client

BuildConfigWebHookClient returns the webhook client object

func (*MasterConfig) BuildControllerClients

BuildControllerClients returns the build controller client objects

func (*MasterConfig) BuildImageChangeTriggerControllerClients

func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface)

BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects

func (*MasterConfig) BuildLogClient

func (c *MasterConfig) BuildLogClient() kclientsetinternal.Interface

BuildLogClient returns the build log client object

func (*MasterConfig) BuildPodControllerClients

BuildPodControllerClients returns the build pod controller client objects

func (*MasterConfig) DeploymentConfigClients

func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, kclientsetinternal.Interface)

DeploymentConfigClients returns deploymentConfig and deployment client objects

func (*MasterConfig) DeploymentConfigInstantiateClients

func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, kclientsetinternal.Interface)

func (*MasterConfig) DeploymentLogClient

func (c *MasterConfig) DeploymentLogClient() kclientsetinternal.Interface

DeploymentLogClient returns the deployment log client object

func (*MasterConfig) GetOpenShiftClientEnvVars

func (c *MasterConfig) GetOpenShiftClientEnvVars() ([]kapi.EnvVar, error)

func (*MasterConfig) GetServiceAccountClients

GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace

func (*MasterConfig) ImageImportControllerClient

func (c *MasterConfig) ImageImportControllerClient() *osclient.Client

ImageImportControllerClient returns the deployment client object

func (*MasterConfig) ImageStreamImportSARClient

func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client

ImageStreamImportSARClient returns the client capable of performing self-SAR requests

func (*MasterConfig) ImageStreamImportSecretClient

func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client

ImageStreamImportSecretClient returns the client capable of retrieving image secrets for a namespace

func (*MasterConfig) ImageStreamSecretClient

func (c *MasterConfig) ImageStreamSecretClient() kclientsetinternal.Interface

ImageStreamSecretClient returns the client capable of retrieving secrets for an image secret wrapper

func (*MasterConfig) ImageTriggerControllerClients

func (c *MasterConfig) ImageTriggerControllerClients() (*osclient.Client, kclientsetinternal.Interface, kclientsetexternal.Interface)

ImageTriggerControllerClients returns the trigger controller client objects

func (*MasterConfig) InitializeObjects

func (c *MasterConfig) InitializeObjects()

InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.

func (*MasterConfig) KubeClientsetExternal

func (c *MasterConfig) KubeClientsetExternal() kclientsetexternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) KubeClientsetInternal

func (c *MasterConfig) KubeClientsetInternal() kclientsetinternal.Interface

KubeClientsetInternal returns the kubernetes client object

func (*MasterConfig) NewOpenShiftControllerPreStartInitializers

func (c *MasterConfig) NewOpenShiftControllerPreStartInitializers() (map[string]controller.InitFunc, error)

NewOpenShiftControllerPreStartInitializers returns list of initializers for controllers that needed to be run before any other controller is started. Typically this has to done for the serviceaccount-tokens controller as it provides tokens to other controllers.

func (*MasterConfig) NewOpenshiftControllerInitializers

func (c *MasterConfig) NewOpenshiftControllerInitializers() (map[string]controller.InitFunc, error)

func (*MasterConfig) OAuthServerClients

func (c *MasterConfig) OAuthServerClients() (*osclient.Client, kclientsetinternal.Interface)

OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged

func (*MasterConfig) OriginNamespaceControllerClient

func (c *MasterConfig) OriginNamespaceControllerClient() kclientsetinternal.Interface

OriginNamespaceControllerClient returns a client for openshift and kubernetes. The kubernetes client object must have authority to execute a finalize request on a namespace

func (*MasterConfig) PolicyClient

func (c *MasterConfig) PolicyClient() *osclient.Client

PolicyClient returns the policy client object It must have the following capabilities:

list, watch all policyBindings in all namespaces
list, watch all policies in all namespaces
create resourceAccessReviews in all namespaces

func (*MasterConfig) ResourceQuotaManagerClients

ResourceQuotaManagerClients returns the client capable of retrieving resources needed for resource quota evaluation

func (*MasterConfig) RouteAllocator

RouteAllocator returns a route allocation controller.

func (*MasterConfig) RouteAllocatorClients

func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, kclientsetinternal.Interface)

RouteAllocatorClients returns the route allocator client objects

func (*MasterConfig) Run

func (c *MasterConfig) Run(kubeAPIServerConfig *kubeapiserver.Config, assetConfig *AssetConfig, stopCh <-chan struct{})

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.

func (*MasterConfig) RunAssetServer

func (c *MasterConfig) RunAssetServer()

RunAssetServer starts the asset server for the OpenShift UI.

func (*MasterConfig) RunClusterQuotaMappingController

func (c *MasterConfig) RunClusterQuotaMappingController()

func (*MasterConfig) RunClusterQuotaReconciliationController

func (c *MasterConfig) RunClusterQuotaReconciliationController()

func (*MasterConfig) RunDNSServer

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunGroupCache

func (c *MasterConfig) RunGroupCache()

RunGroupCache starts the group cache

func (*MasterConfig) RunHealth

func (c *MasterConfig) RunHealth() error

func (*MasterConfig) RunImageImportController

func (c *MasterConfig) RunImageImportController()

RunImageImportController starts the image import trigger controller process.

func (*MasterConfig) RunImageTriggerController

func (c *MasterConfig) RunImageTriggerController()

func (*MasterConfig) RunIngressIPController

func (c *MasterConfig) RunIngressIPController(internalKubeClientset kclientsetinternal.Interface, externalKubeClientset kclientsetexternal.Interface)

RunIngressIPController starts the ingress ip controller if IngressIPNetworkCIDR is configured.

func (*MasterConfig) RunOriginToRBACSyncControllers

func (c *MasterConfig) RunOriginToRBACSyncControllers()

func (*MasterConfig) RunProjectAuthorizationCache

func (c *MasterConfig) RunProjectAuthorizationCache()

RunProjectAuthorizationCache starts the project authorization cache

func (*MasterConfig) RunProjectCache

func (c *MasterConfig) RunProjectCache()

RunProjectCache populates project cache, used by scheduler and project admission controller.

func (*MasterConfig) RunResourceQuotaManager

func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)

RunResourceQuotaManager starts resource quota controller for OpenShift resources

func (*MasterConfig) RunSDNController

func (c *MasterConfig) RunSDNController()

RunSDNController runs openshift-sdn if the said network plugin is provided

func (*MasterConfig) RunSecurityAllocationController

func (c *MasterConfig) RunSecurityAllocationController()

RunSecurityAllocationController starts the security allocation controller process.

func (*MasterConfig) RunServiceServingCertController

func (c *MasterConfig) RunServiceServingCertController(client kclientsetinternal.Interface)

func (*MasterConfig) RunUnidlingController

func (c *MasterConfig) RunUnidlingController()

RunUnidlingController starts the unidling controller

func (*MasterConfig) SDNControllerClients

func (c *MasterConfig) SDNControllerClients() (*osclient.Client, kclientsetinternal.Interface)

SDNControllerClients returns the SDN controller client objects

func (*MasterConfig) SecurityAllocationControllerClient

func (c *MasterConfig) SecurityAllocationControllerClient() kclientsetinternal.Interface

SecurityAllocationControllerClient returns the security allocation controller client object

func (*MasterConfig) ServiceAccountRoleBindingClient

func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client

ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:

get, list, update, create policyBindings and clusterPolicyBindings in all namespaces

func (*MasterConfig) UnidlingControllerClients

UnidlingControllerClients returns the unidling controller clients

func (*MasterConfig) WebConsoleEnabled

func (c *MasterConfig) WebConsoleEnabled() bool

WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.

type OpenshiftAPIConfig

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.Config

	KubeClientExternal    kclientsetexternal.Interface
	KubeClientInternal    kclientsetinternal.Interface
	KubeletClientConfig   *kubeletclient.KubeletClientConfig
	KubeInternalInformers kinternalinformers.SharedInformerFactory

	// DeprecatedInformers is a shared factory for getting old style openshift informers
	DeprecatedInformers       deprecatedinformers.InformerFactory
	DeprecatedOpenshiftClient *osclient.Client

	// these are all required to build our storage
	RuleResolver   rulevalidation.AuthorizationRuleResolver
	SubjectLocator authorizer.SubjectLocator
	LimitVerifier  imageadmission.LimitVerifier
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn                     imageapi.DefaultRegistryFunc
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	EnableBuilds bool

	ServiceAccountMethod configapi.GrantHandlerType

	EnableTemplateServiceBroker bool

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
}

func (*OpenshiftAPIConfig) Complete

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (OpenshiftAPIConfig) GetRestStorage

func (c OpenshiftAPIConfig) GetRestStorage() (map[schema.GroupVersion]map[string]rest.Storage, error)

TODO this function needs to be broken apart with each API group owning their own storage, probably with two method per API group to give us legacy and current storage

func (*OpenshiftAPIConfig) SkipComplete

func (c *OpenshiftAPIConfig) SkipComplete() completedConfig

SkipComplete provides a way to construct a server instance without config completion.

func (*OpenshiftAPIConfig) Validate

func (c *OpenshiftAPIConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.Config

	// these are only needed for the controller endpoint which should be moved out and made an optional
	// add-on in the chain (as the final delegate) when running an all-in-one
	EnableControllers bool
	ControllerPlug    plug.Plug

	MasterPublicURL string
	EnableOAuth     bool

	// these are only needed for the template service broker, which should move out
	KubeClientInternal          kclientsetinternal.Interface
	EnableTemplateServiceBroker bool
	TemplateInformers           templateinformer.SharedInformerFactory
	TemplateNamespaces          []string
}

func (*OpenshiftNonAPIConfig) Complete

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

func (*OpenshiftNonAPIConfig) SkipComplete

func (c *OpenshiftNonAPIConfig) SkipComplete() completedOpenshiftNonAPIConfig

SkipComplete provides a way to construct a server instance without config completion.

type OpenshiftNonAPIServer

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL