origin

package
v0.0.0-...-d3d374b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 15, 2018 License: Apache-2.0 Imports: 265 Imported by: 0

Documentation

Overview

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

View Source
const (
	OpenShiftOAuthAPIPrefix = "/oauth"

	OpenShiftOAuthCallbackPrefix = "/oauth2callback"
	OpenShiftWebConsoleClientID  = "openshift-web-console"
	OpenShiftBrowserClientID     = "openshift-browser-client"
	OpenShiftCLIClientID         = "openshift-challenging-client"
)
View Source
const (
	LegacyOpenShiftAPIPrefix = "/osapi" // TODO: make configurable
	OpenShiftAPIPrefix       = "/oapi"  // TODO: make configurable
	KubernetesAPIPrefix      = "/api"   // TODO: make configurable
	KubernetesAPIGroupPrefix = "/apis"  // TODO: make configurable
	OpenShiftAPIV1           = "v1"
	OpenShiftAPIPrefixV1     = OpenShiftAPIPrefix + "/" + OpenShiftAPIV1
)

Variables

View Source
var (

	// KubeAdmissionPlugins gives the in-order default admission chain for kube resources.
	KubeAdmissionPlugins = []string{
		lifecycle.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",

		quotaadmission.PluginName,
		"openshift.io/ClusterResourceQuota",
	}

	// CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources.
	// When possible, this list is used.  The set of openshift+kube chains must exactly match this set.  In addition,
	// the order specified in the openshift and kube chains must match the order here.
	CombinedAdmissionControlPlugins = []string{
		lifecycle.PluginName,
		"ProjectRequestLimit",
		"OriginNamespaceLifecycle",
		"PodNodeConstraints",
		"openshift.io/JenkinsBootstrapper",
		"BuildByStrategy",
		imageadmission.PluginName,
		"RunOnceDuration",
		"PodNodeConstraints",
		"OriginPodNodeEnvironment",
		overrideapi.PluginName,
		serviceadmit.ExternalIPPluginName,
		serviceadmit.RestrictedEndpointsPluginName,
		imagepolicy.PluginName,
		"ImagePolicyWebhook",
		"LimitRanger",
		"ServiceAccount",
		"SecurityContextConstraint",
		storageclassdefaultadmission.PluginName,
		"AlwaysPullImages",
		"LimitPodHardAntiAffinityTopology",
		"SCCExecRestrictions",
		"PersistentVolumeLabel",
		"OwnerReferencesPermissionEnforcement",

		quotaadmission.PluginName,
		"openshift.io/ClusterResourceQuota",
	}
)

Functions

func CreateOrUpdateDefaultOAuthClients

func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error

func OpenShiftOAuthAuthorizeURL

func OpenShiftOAuthAuthorizeURL(masterAddr string) string

func OpenShiftOAuthTokenRequestURL

func OpenShiftOAuthTokenRequestURL(masterAddr string) string

func OpenShiftOAuthTokenURL

func OpenShiftOAuthTokenURL(masterAddr string) string

Types

type APIInstallFunc

type APIInstallFunc func(*restful.Container) ([]string, error)

APIInstallFunc is a function for installing APIs

func (APIInstallFunc) InstallAPI

func (fn APIInstallFunc) InstallAPI(container *restful.Container) ([]string, error)

InstallAPI implements APIInstaller

type APIInstaller

type APIInstaller interface {
	// InstallAPI returns an array of strings describing what was installed
	InstallAPI(*restful.Container) ([]string, error)
}

APIInstaller installs additional API components into this server

type AssetConfig

type AssetConfig struct {
	Options               oapi.AssetConfig
	LimitRequestOverrides *api.ClusterResourceOverrideConfig
}

AssetConfig defines the required parameters for starting the OpenShift master

func NewAssetConfig

func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)

NewAssetConfig returns a new AssetConfig

func (*AssetConfig) InstallAPI

func (c *AssetConfig) InstallAPI(container *restful.Container) ([]string, error)

InstallAPI adds handlers for serving static assets into the provided mux, then returns an array of strings indicating what endpoints were started (these are format strings that will expect to be sent a single string value).

func (*AssetConfig) Run

func (c *AssetConfig) Run()

Run starts an http server for the static assets listening on the configured bind address

type AuthConfig

type AuthConfig struct {
	Options configapi.OAuthConfig

	// AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console
	AssetPublicAddresses []string

	// KubeClient is kubeclient with enough permission for the auth API
	KubeClient kclient.Interface

	// OpenShiftClient is osclient with enough permission for the auth API
	OpenShiftClient osclient.Interface

	// RESTOptionsGetter provides storage and RESTOption lookup
	RESTOptionsGetter restoptions.Getter

	// EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend.
	// These are only used to ensure newly created tokens are distributed to all backends before returning them for use.
	// EtcdHelper should normally be used for storage functions.
	EtcdBackends []storage.Interface

	UserRegistry     userregistry.Registry
	IdentityRegistry identityregistry.Registry

	SessionAuth *session.Authenticator

	HandlerWrapper handlerWrapper
}

func BuildAuthConfig

func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)

func (*AuthConfig) InstallAPI

func (c *AuthConfig) InstallAPI(container *restful.Container) ([]string, error)

InstallAPI registers endpoints for an OAuth2 server into the provided mux, then returns an array of strings indicating what endpoints were started (these are format strings that will expect to be sent a single string value).

func (*AuthConfig) NewOpenShiftOAuthClientConfig

func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig

NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver                  rulevalidation.AuthorizationRuleResolver
	Authenticator                 authenticator.Request
	Authorizer                    authorizer.Authorizer
	AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder

	GroupCache                    *usercache.GroupCache
	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RequestContextMapper maps requests to contexts
	RequestContextMapper kapi.RequestContextMapper
	// RequestInfoResolver is responsible for reading request attributes
	RequestInfoResolver *apiserver.RequestInfoResolver

	AdmissionControl admission.Interface

	// KubeAdmissionControl holds the kube admission chain.  Because of the way the plugin initializer is built
	// you'll be passing information in this direction either way.  Knowing how to build this chain requires knowledge
	// of both the origin config AND the kube config, so this spot makes more sense.
	KubeAdmissionControl admission.Interface

	TLS bool

	ControllerPlug      plug.Plug
	ControllerPlugStart func()

	// ImageFor is a function that returns the appropriate image to use for a named component
	ImageFor func(component string) string
	// RegistryNameFn retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryNameFn imageapi.DefaultRegistryFunc

	// ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed
	// without all clients being aware of the new version.
	ExternalVersionCodec runtime.Codec

	KubeletClientConfig *kubeletclient.KubeletClientConfig

	// ClientCAs will be used to request client certificates in connections to the API.
	// This CertPool should contain all the CAs that will be used for client certificate verification.
	ClientCAs *x509.CertPool
	// APIClientCAs is used to verify client certificates presented for API auth
	APIClientCAs *x509.CertPool

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClient is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClient *kclient.Client
	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods.
	// To apply different access control to a system component, create a separate client/config specifically
	// for that component.
	PrivilegedLoopbackOpenShiftClient *osclient.Client

	// Informers is a shared factory for getting SharedInformers. It is important to get your informers, indexers, and listers
	// from here so that we only end up with a single cache of objects
	Informers shared.InformerFactory
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig

func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) BuildConfigChangeControllerClients

func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, *kclient.Client)

BuildConfigChangeControllerClients returns the build config change controller client objects

func (*MasterConfig) BuildConfigWebHookClient

func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client

BuildConfigWebHookClient returns the webhook client object

func (*MasterConfig) BuildControllerClients

func (c *MasterConfig) BuildControllerClients() (*osclient.Client, *kclient.Client)

BuildControllerClients returns the build controller client objects

func (*MasterConfig) BuildImageChangeTriggerControllerClients

func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, *kclient.Client)

BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects

func (*MasterConfig) BuildLogClient

func (c *MasterConfig) BuildLogClient() *kclient.Client

BuildLogClient returns the build log client object

func (*MasterConfig) BuildPodControllerClients

func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, *kclient.Client)

BuildPodControllerClients returns the build pod controller client objects

func (*MasterConfig) DNSServerClient

func (c *MasterConfig) DNSServerClient() *kclient.Client

DNSServerClient returns the DNS server client object It must have the following capabilities:

list, watch all services in all namespaces

func (*MasterConfig) DeploymentClient

func (c *MasterConfig) DeploymentClient() *kclient.Client

DeploymentClient returns the deployment client object

func (*MasterConfig) DeploymentConfigClients

func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, *kclient.Client)

DeploymentConfigClients returns deploymentConfig and deployment client objects

func (*MasterConfig) DeploymentConfigControllerClients

func (c *MasterConfig) DeploymentConfigControllerClients() (*osclient.Client, *kclient.Client)

DeploymentConfigControllerClients returns the deploymentConfig controller client objects

func (*MasterConfig) DeploymentConfigInstantiateClients

func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, *kclient.Client)

DeploymentConfigInstantiateClients returns the clients used by the instantiate endpoint.

func (*MasterConfig) DeploymentControllerClients

func (c *MasterConfig) DeploymentControllerClients() (*osclient.Client, *kclient.Client)

DeploymentControllerClients returns the deployment controller client objects

func (*MasterConfig) DeploymentLogClient

func (c *MasterConfig) DeploymentLogClient() *kclient.Client

DeploymentLogClient returns the deployment log client object

func (*MasterConfig) DeploymentTriggerControllerClient

func (c *MasterConfig) DeploymentTriggerControllerClient() *osclient.Client

DeploymentTriggerControllerClient returns the deploymentConfig trigger controller client object

func (*MasterConfig) GetRestStorage

func (c *MasterConfig) GetRestStorage() map[string]rest.Storage

func (*MasterConfig) GetServiceAccountClients

func (c *MasterConfig) GetServiceAccountClients(name string) (*restclient.Config, *osclient.Client, *kclient.Client, error)

GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace

func (*MasterConfig) ImageChangeControllerClient

func (c *MasterConfig) ImageChangeControllerClient() *osclient.Client

ImageChangeControllerClient returns the openshift client object

func (*MasterConfig) ImageImportControllerClient

func (c *MasterConfig) ImageImportControllerClient() *osclient.Client

ImageImportControllerClient returns the deployment client object

func (*MasterConfig) ImageStreamImportSecretClient

func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client

ImageStreamImportSecretClient returns the client capable of retrieving image secrets for a namespace

func (*MasterConfig) ImageStreamSecretClient

func (c *MasterConfig) ImageStreamSecretClient() *kclient.Client

ImageStreamSecretClient returns the client capable of retrieving secrets for an image secret wrapper

func (*MasterConfig) InitializeObjects

func (c *MasterConfig) InitializeObjects()

InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.

func (*MasterConfig) InstallProtectedAPI

func (c *MasterConfig) InstallProtectedAPI(container *restful.Container) ([]string, error)

func (*MasterConfig) InstallUnprotectedAPI

func (c *MasterConfig) InstallUnprotectedAPI(container *restful.Container) ([]string, error)

func (*MasterConfig) KubeClient

func (c *MasterConfig) KubeClient() *kclient.Client

KubeClient returns the kubernetes client object

func (*MasterConfig) OAuthServerClients

func (c *MasterConfig) OAuthServerClients() (*osclient.Client, *kclient.Client)

OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged

func (*MasterConfig) OriginNamespaceControllerClients

func (c *MasterConfig) OriginNamespaceControllerClients() (*osclient.Client, *kclient.Client)

OriginNamespaceControllerClients returns a client for openshift and kubernetes. The openshift client object must have authority to delete openshift content in any namespace The kubernetes client object must have authority to execute a finalize request on a namespace

func (*MasterConfig) PolicyClient

func (c *MasterConfig) PolicyClient() *osclient.Client

PolicyClient returns the policy client object It must have the following capabilities:

list, watch all policyBindings in all namespaces
list, watch all policies in all namespaces
create resourceAccessReviews in all namespaces

func (*MasterConfig) ResourceQuotaManagerClients

func (c *MasterConfig) ResourceQuotaManagerClients() (*osclient.Client, *internalclientset.Clientset)

ResourceQuotaManagerClients returns the client capable of retrieving resources needed for resource quota evaluation

func (*MasterConfig) RouteAllocator

RouteAllocator returns a route allocation controller.

func (*MasterConfig) RouteAllocatorClients

func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, *kclient.Client)

RouteAllocatorClients returns the route allocator client objects

func (*MasterConfig) Run

func (c *MasterConfig) Run(protected []APIInstaller, unprotected []APIInstaller)

Run launches the OpenShift master. It takes optional installers that may install additional endpoints into the server. All endpoints get configured CORS behavior Protected installers' endpoints are protected by API authentication and authorization. Unprotected installers' endpoints do not have any additional protection added.

func (*MasterConfig) RunAssetServer

func (c *MasterConfig) RunAssetServer()

RunAssetServer starts the asset server for the OpenShift UI.

func (*MasterConfig) RunBuildConfigChangeController

func (c *MasterConfig) RunBuildConfigChangeController()

RunBuildConfigChangeController starts the build config change trigger controller process.

func (*MasterConfig) RunBuildController

func (c *MasterConfig) RunBuildController(informers shared.InformerFactory) error

RunBuildController starts the build sync loop for builds and buildConfig processing.

func (*MasterConfig) RunBuildImageChangeTriggerController

func (c *MasterConfig) RunBuildImageChangeTriggerController()

RunBuildImageChangeTriggerController starts the build image change trigger controller process.

func (*MasterConfig) RunBuildPodController

func (c *MasterConfig) RunBuildPodController()

RunBuildPodController starts the build/pod status sync loop for build status

func (*MasterConfig) RunClusterQuotaMappingController

func (c *MasterConfig) RunClusterQuotaMappingController()

func (*MasterConfig) RunClusterQuotaReconciliationController

func (c *MasterConfig) RunClusterQuotaReconciliationController()

func (*MasterConfig) RunDNSServer

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunDeploymentConfigController

func (c *MasterConfig) RunDeploymentConfigController()

RunDeploymentConfigController starts the deployment config controller process.

func (*MasterConfig) RunDeploymentController

func (c *MasterConfig) RunDeploymentController()

RunDeploymentController starts the deployment controller process.

func (*MasterConfig) RunDeploymentTriggerController

func (c *MasterConfig) RunDeploymentTriggerController()

RunDeploymentTriggerController starts the deployment trigger controller process.

func (*MasterConfig) RunGroupCache

func (c *MasterConfig) RunGroupCache()

RunGroupCache starts the group cache

func (*MasterConfig) RunHealth

func (c *MasterConfig) RunHealth()

func (*MasterConfig) RunImageImportController

func (c *MasterConfig) RunImageImportController()

RunImageImportController starts the image import trigger controller process.

func (*MasterConfig) RunIngressIPController

func (c *MasterConfig) RunIngressIPController(client *kclient.Client)

RunIngressIPController starts the ingress ip controller if IngressIPNetworkCIDR is configured.

func (*MasterConfig) RunOriginNamespaceController

func (c *MasterConfig) RunOriginNamespaceController()

RunOriginNamespaceController starts the controller that takes part in namespace termination of openshift content

func (*MasterConfig) RunProjectAuthorizationCache

func (c *MasterConfig) RunProjectAuthorizationCache()

RunProjectAuthorizationCache starts the project authorization cache

func (*MasterConfig) RunProjectCache

func (c *MasterConfig) RunProjectCache()

RunProjectCache populates project cache, used by scheduler and project admission controller.

func (*MasterConfig) RunResourceQuotaManager

func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)

RunResourceQuotaManager starts resource quota controller for OpenShift resources

func (*MasterConfig) RunSDNController

func (c *MasterConfig) RunSDNController()

RunSDNController runs openshift-sdn if the said network plugin is provided

func (*MasterConfig) RunSecurityAllocationController

func (c *MasterConfig) RunSecurityAllocationController()

RunSecurityAllocationController starts the security allocation controller process.

func (*MasterConfig) RunServiceAccountPullSecretsControllers

func (c *MasterConfig) RunServiceAccountPullSecretsControllers()

RunServiceAccountPullSecretsControllers starts the service account pull secret controllers

func (*MasterConfig) RunServiceAccountTokensController

func (c *MasterConfig) RunServiceAccountTokensController(cm *cmapp.CMServer)

RunServiceAccountTokensController starts the service account token controller

func (*MasterConfig) RunServiceAccountsController

func (c *MasterConfig) RunServiceAccountsController()

RunServiceAccountsController starts the service account controller

func (*MasterConfig) RunServiceServingCertController

func (c *MasterConfig) RunServiceServingCertController(client *kclient.Client)

func (*MasterConfig) RunUnidlingController

func (c *MasterConfig) RunUnidlingController()

RunUnidlingController starts the unidling controller

func (*MasterConfig) SDNControllerClients

func (c *MasterConfig) SDNControllerClients() (*osclient.Client, *kclient.Client)

SDNControllerClients returns the SDN controller client objects

func (*MasterConfig) SdnClient

func (c *MasterConfig) SdnClient() *osclient.Client

SdnClient returns the sdn client object It must have the capability to get/list/watch/create/delete HostSubnets. And have the capability to get ClusterNetwork.

func (*MasterConfig) SecurityAllocationControllerClient

func (c *MasterConfig) SecurityAllocationControllerClient() *kclient.Client

SecurityAllocationControllerClient returns the security allocation controller client object

func (*MasterConfig) ServiceAccountRoleBindingClient

func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client

ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:

get, list, update, create policyBindings and clusterPolicyBindings in all namespaces

func (*MasterConfig) UnidlingControllerClients

func (c *MasterConfig) UnidlingControllerClients() (*osclient.Client, *kclient.Client)

UnidlingControllerClients returns the unidling controller clients

func (*MasterConfig) WebConsoleEnabled

func (c *MasterConfig) WebConsoleEnabled() bool

WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL