Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var (
AddToScheme = schemeBuilder.AddToScheme
)
Functions ¶
func InstallStore ¶
func InstallStore[T runtime.Object, TList runtime.Object]( s *ExtensionAPIServer, t T, tList TList, resourceName string, singularName string, gvk schema.GroupVersionKind, store Store[T, TList], ) error
InstallStore installs a store on the given ExtensionAPIServer object.
t and TList must be non-nil.
Here's an example store for a Token and TokenList resource in the ext.cattle.io/v1 apiVersion:
gvk := schema.GroupVersionKind{
Group: "ext.cattle.io",
Version: "v1",
Kind: "Token",
}
InstallStore(s, &Token{}, &TokenList{}, "tokens", "token", gvk, store)
Note: Not using a method on ExtensionAPIServer object due to Go generic limitations.
Types ¶
type AccessSetAuthorizer ¶
type AccessSetAuthorizer struct {
// contains filtered or unexported fields
}
func NewAccessSetAuthorizer ¶
func NewAccessSetAuthorizer(asl accesscontrol.AccessSetLookup) *AccessSetAuthorizer
func (*AccessSetAuthorizer) Authorize ¶
func (a *AccessSetAuthorizer) Authorize(ctx context.Context, attrs authorizer.Attributes) (authorized authorizer.Decision, reason string, err error)
Authorize implements authorizer.Authorizer.
type Context ¶
type Context struct {
context.Context
// User is the user making the request
User user.Info
// Authorizer helps you determines if a user is authorized to perform
// actions to specific resources.
Authorizer authorizer.Authorizer
// GroupVersionResource is the GVR of the request.
// It makes it easy to create errors such as in:
// apierrors.NewNotFound(ctx.GroupVersionResource.GroupResource(), name)
GroupVersionResource schema.GroupVersionResource
}
Context wraps a context.Context and adds a few fields that will be useful for each requests handled by a Store.
It will allow us to add more such fields without breaking Store implementation.
type ExtensionAPIServer ¶
type ExtensionAPIServer struct {
// contains filtered or unexported fields
}
ExtensionAPIServer wraps a genericapiserver.GenericAPIServer to implement a Kubernetes extension API server.
Use NewExtensionAPIServer to create an ExtensionAPIServer.
Use InstallStore to add a new resource store onto an existing ExtensionAPIServer. Each resources will then be reachable via /apis/<group>/<version>/<resource> as defined by the Kubernetes API.
When Run() is called, a separate HTTPS server is started. This server is meant for the main kube-apiserver to communicate with our extension API server. We can expect the following requests from the main kube-apiserver:
<path> <user> <groups> /openapi/v2 system:aggregator [system:authenticated] /openapi/v3 system:aggregator [system:authenticated] /apis system:kube-aggregator [system:masters system:authenticated] /apis/ext.cattle.io/v1 system:kube-aggregator [system:masters system:authenticated]
func NewExtensionAPIServer ¶
func NewExtensionAPIServer(scheme *runtime.Scheme, codecs serializer.CodecFactory, opts ExtensionAPIServerOptions) (*ExtensionAPIServer, error)
func (*ExtensionAPIServer) Run ¶
func (s *ExtensionAPIServer) Run(ctx context.Context) error
Run prepares and runs the separate HTTPS server. It also configures the handler so that ServeHTTP can be used.
func (*ExtensionAPIServer) ServeHTTP ¶
func (s *ExtensionAPIServer) ServeHTTP(w http.ResponseWriter, req *http.Request)
type ExtensionAPIServerOptions ¶
type ExtensionAPIServerOptions struct {
// GetOpenAPIDefinitions is collection of all definitions. Required.
GetOpenAPIDefinitions openapicommon.GetOpenAPIDefinitions
OpenAPIDefinitionNameReplacements map[string]string
// Authenticator will be used to authenticate requests coming to the
// extension API server. Required.
Authenticator authenticator.Request
// Authorizer will be used to authorize requests based on the user,
// operation and resources. Required.
//
// Use [NewAccessSetAuthorizer] for an authorizer that uses Steve's access set.
Authorizer authorizer.Authorizer
// Listener is the TCP listener that is used to listen to the extension API server
// that is reached by the main kube-apiserver. Required.
Listener net.Listener
// EffectiveVersion determines which features and apis are supported
// by our custom API server.
//
// This is a new alpha feature from Kubernetes, the details can be
// found here: https://github.com/kubernetes/enhancements/tree/master/keps/sig-architecture/4330-compatibility-versions
//
// If nil, the default version is the version of the Kubernetes Go library
// compiled in the final binary.
EffectiveVersion utilversion.EffectiveVersion
}
type Store ¶
type Store[T runtime.Object, TList runtime.Object] interface { // Create should store the resource to some backing storage. // // It can apply modifications as necessary before storing it. It must // return a resource of the type of the store, but can // create/update/delete arbitrary objects in Kubernetes without // returning them to the user. // // It is called either when a request creates a resource, or when a // request updates a resource that doesn't exist. Create(ctx Context, obj T, opts *metav1.CreateOptions) (T, error) // Update should overwrite a resource that is present in the backing storage. // // It can apply modifications as necessary before storing it. It must // return a resource of the type of the store, but can // create/update/delete arbitrary objects in Kubernetes without // returning them to the user. // // It is called when a request updates a resource (eg: through a patch or update request) Update(ctx Context, obj T, opts *metav1.UpdateOptions) (T, error) // Get retrieves the resource with the given name from the backing storage. // // Get is called for the following requests: // - get requests: The object must be returned. // - update requests: The object is needed to apply a JSON patch and to make some validation on the change. // - delete requests: The object is needed to make some validation on it. Get(ctx Context, name string, opts *metav1.GetOptions) (T, error) // List retrieves all resources matching the given ListOptions from the backing storage. List(ctx Context, opts *metav1.ListOptions) (TList, error) // Watch sends change events to a returned channel. // // The store is responsible for closing the channel. Watch(ctx Context, opts *metav1.ListOptions) (<-chan WatchEvent[T], error) // Delete deletes the resource of the given name from the backing storage. Delete(ctx Context, name string, opts *metav1.DeleteOptions) error }
Store should provide all required operations to serve a given resource. A resource is defined by the resource itself (T) and a list type for the resource (TList). For example, Store[*Token, *TokenList] is a store that allows CRUD operations on *Token objects and allows listing tokens in a *TokenList object.
Store does not define the backing storage for a resource. The storage is up to the implementer. For example, resources could be stored in another ETCD database, in a SQLite database, in another built-in resource such as Secrets. It is also possible to have no storage at all.
Errors returned by the Store should use errors from k8s.io/apimachinery/pkg/api/errors. This will ensure that the right error will be returned to the clients (eg: kubectl, client-go) so they can react accordingly. For example, if an object is not found, store should return the following error:
apierrors.NewNotFound(ctx.GroupVersionResource.GroupResource(), name)
Stores should make use of the various metav1.*Options as best as possible. Those options are the same options coming from client-go or kubectl, generally meant to control the behavior of the stores. Note: We currently don't have field-manager enabled.
Source Files