origin

package
v3.10.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 2, 2018 License: Apache-2.0 Imports: 192 Imported by: 0

Documentation

Overview

Package origin provides objects for creating an OpenShift Origin server

Index

Constants

This section is empty.

Variables

View Source
var (
	// OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema.
	// This list should not grow and adding a new types to the locked Origin API schema will
	// cause a unit test failure.
	OriginLegacyKinds = sets.NewString(
		"AppliedClusterResourceQuota",
		"AppliedClusterResourceQuotaList",
		"BinaryBuildRequestOptions",
		"Build",
		"BuildConfig",
		"BuildConfigList",
		"BuildList",
		"BuildLog",
		"BuildLogOptions",
		"BuildRequest",
		"ClusterNetwork",
		"ClusterNetworkList",
		"ClusterResourceQuota",
		"ClusterResourceQuotaList",
		"ClusterRole",
		"ClusterRoleBinding",
		"ClusterRoleBindingList",
		"ClusterRoleList",
		"DeploymentConfig",
		"DeploymentConfigList",
		"DeploymentConfigRollback",
		"DeploymentLog",
		"DeploymentLogOptions",
		"DeploymentRequest",
		"EgressNetworkPolicy",
		"EgressNetworkPolicyList",
		"Group",
		"GroupList",
		"HostSubnet",
		"HostSubnetList",
		"Identity",
		"IdentityList",
		"Image",
		"ImageList",
		"ImageSignature",
		"ImageStream",
		"ImageStreamImage",
		"ImageStreamImport",
		"ImageStreamList",
		"ImageStreamMapping",
		"ImageStreamTag",
		"ImageStreamTagList",
		"IsPersonalSubjectAccessReview",
		"LocalResourceAccessReview",
		"LocalSubjectAccessReview",
		"NetNamespace",
		"NetNamespaceList",
		"OAuthAccessToken",
		"OAuthAccessTokenList",
		"OAuthAuthorizeToken",
		"OAuthAuthorizeTokenList",
		"OAuthClient",
		"OAuthClientAuthorization",
		"OAuthClientAuthorizationList",
		"OAuthClientList",
		"OAuthRedirectReference",
		"PodSecurityPolicyReview",
		"PodSecurityPolicySelfSubjectReview",
		"PodSecurityPolicySubjectReview",
		"ProcessedTemplate",
		"Project",
		"ProjectList",
		"ProjectRequest",
		"ResourceAccessReview",
		"ResourceAccessReviewResponse",
		"Role",
		"RoleBinding",
		"RoleBindingList",
		"RoleBindingRestriction",
		"RoleBindingRestrictionList",
		"RoleList",
		"Route",
		"RouteList",
		"SelfSubjectRulesReview",
		"SubjectAccessReview",
		"SubjectAccessReviewResponse",
		"SubjectRulesReview",
		"Template",
		"TemplateConfig",
		"TemplateList",
		"User",
		"UserIdentityMapping",
		"UserList",
	)

	// OriginLegacyResources lists all Origin resources that are locked for the legacy v1
	// Origin API. This list should not grow.
	OriginLegacyResources = sets.NewString(
		"appliedClusterResourceQuotas",
		"buildConfigs",
		"builds",
		"clusterNetworks",
		"clusterResourceQuotas",
		"clusterRoleBindings",
		"clusterRoles",
		"deploymentConfigRollbacks",
		"deploymentConfigs",
		"egressNetworkPolicies",
		"groups",
		"hostSubnets",
		"identities",
		"imageStreamImages",
		"imageStreamImports",
		"imageStreamMappings",
		"imageStreamTags",
		"imageStreams",
		"images",
		"imagesignatures",
		"localResourceAccessReviews",
		"localSubjectAccessReviews",
		"netNamespaces",
		"oAuthAccessTokens",
		"oAuthAuthorizeTokens",
		"oAuthClientAuthorizations",
		"oAuthClients",
		"podSecurityPolicyReviews",
		"podSecurityPolicySelfSubjectReviews",
		"podSecurityPolicySubjectReviews",
		"policies",
		"policyBindings",
		"processedTemplates",
		"projectRequests",
		"projects",
		"resourceAccessReviews",
		"roleBindingRestrictions",
		"roleBindings",
		"roles",
		"routes",
		"selfSubjectRulesReviews",
		"subjectAccessReviews",
		"subjectRulesReviews",
		"templates",
		"userIdentityMappings",
		"users",
	)

	// OriginLegacySubresources lists all Origin sub-resources that are locked for the
	// legacy v1 Origin API. This list should not grow.
	OriginLegacySubresources = sets.NewString(
		"clusterResourceQuotas/status",
		"processedTemplates",
		"imageStreams/status",
		"imageStreams/secrets",
		"generateDeploymentConfigs",
		"deploymentConfigs/log",
		"deploymentConfigs/instantiate",
		"deploymentConfigs/scale",
		"deploymentConfigs/status",
		"deploymentConfigs/rollback",
		"routes/status",
		"builds/clone",
		"builds/log",
		"builds/details",
		"buildConfigs/webhooks",
		"buildConfigs/instantiate",
		"buildConfigs/instantiatebinary",
	)
)
View Source
var GRPCThreadLimit = 0

Functions

func LegacyStorage

func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage

LegacyStorage returns a storage for locked legacy types.

func NewAuthenticator

func NewAuthenticator(
	options configapi.MasterConfig,
	privilegedLoopbackConfig *rest.Config,
	informers InformerAccess,
) (authenticator.Request, map[string]genericapiserver.PostStartHookFunc, error)

func NewAuthorizer

func NewAuthorizer(informers InformerAccess, projectRequestDenyMessage string) authorizer.Authorizer

func NewInformers

func NewInformers(clientConfig *rest.Config) (*informerHolder, error)

NewInformers is only exposed for the build's integration testing until it can be fixed more appropriately.

func NewOAuthServerConfigFromMasterConfig

func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig, listener net.Listener) (*oauthserver.OAuthServerConfig, error)

TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start

func NewServiceProxyHandler

func NewServiceProxyHandler(serviceName string, serviceNamespace string, serviceResolver ServiceResolver, caBundle []byte, applicationDisplayName string) (*serviceProxyHandler, error)

NewServiceProxyHandler is a simple proxy that doesn't handle upgrades, passes headers directly through, and doesn't assert any identity.

func NewSubjectLocator

func NewSubjectLocator(informers rbacinformers.Interface) rbacauthorizer.SubjectLocator

func PanicOnGRPCStuckThreads

func PanicOnGRPCStuckThreads(interval time.Duration, stopCh <-chan struct{})

func StartProfiler

func StartProfiler()

func WithPatternPrefixHandler

func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler

Types

type CompletedConfig

type CompletedConfig struct {
	// contains filtered or unexported fields
}

func (CompletedConfig) New

func (c CompletedConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftAPIServer, error)

type CompletedOpenshiftNonAPIConfig

type CompletedOpenshiftNonAPIConfig struct {
	// contains filtered or unexported fields
}

func (CompletedOpenshiftNonAPIConfig) New

func (c CompletedOpenshiftNonAPIConfig) New(delegationTarget genericapiserver.DelegationTarget) (*OpenshiftNonAPIServer, error)

type GenericResourceInformer

type GenericResourceInformer interface {
	ForResource(resource schema.GroupVersionResource) (kexternalinformers.GenericInformer, error)
	Start(stopCh <-chan struct{})
}

type InformerAccess

type InformerAccess interface {
	GetInternalKubeInformers() kinternalinformers.SharedInformerFactory
	GetExternalKubeInformers() kinformers.SharedInformerFactory
	GetAppInformers() appinformer.SharedInformerFactory
	GetAuthorizationInformers() authorizationinformer.SharedInformerFactory
	GetBuildInformers() buildinformer.SharedInformerFactory
	GetImageInformers() imageinformer.SharedInformerFactory
	GetNetworkInformers() networkinformer.SharedInformerFactory
	GetOauthInformers() oauthinformer.SharedInformerFactory
	GetQuotaInformers() quotainformer.SharedInformerFactory
	GetSecurityInformers() securityinformer.SharedInformerFactory
	GetRouteInformers() routeinformer.SharedInformerFactory
	GetUserInformers() userinformer.SharedInformerFactory
	GetTemplateInformers() templateinformer.SharedInformerFactory
	ToGenericInformer() GenericResourceInformer

	Start(stopCh <-chan struct{})
}

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	// RESTOptionsGetter provides access to storage and RESTOptions for a particular resource
	RESTOptionsGetter restoptions.Getter

	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	ProjectAuthorizationCache     *projectauth.AuthorizationCache
	ProjectCache                  *projectcache.ProjectCache
	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController
	LimitVerifier                 imageadmission.LimitVerifier

	// RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry
	// is available.
	RegistryHostnameRetriever imageapi.RegistryHostnameRetriever

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig restclient.Config

	// PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface
	// PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface

	AuditBackend audit.Backend

	// TODO inspect uses to eliminate them
	InternalKubeInformers  kinternalinformers.SharedInformerFactory
	ClientGoKubeInformers  kubeclientgoinformers.SharedInformerFactory
	AuthorizationInformers authorizationinformer.SharedInformerFactory
	RouteInformers         routeinformer.SharedInformerFactory
	QuotaInformers         quotainformer.SharedInformerFactory
	SecurityInformers      securityinformer.SharedInformerFactory
	// contains filtered or unexported fields
}

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig

func BuildMasterConfig(
	options configapi.MasterConfig,
	informers InformerAccess,
) (*MasterConfig, error)

BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options

func (*MasterConfig) RouteAllocator

RouteAllocator returns a route allocation controller.

func (*MasterConfig) Run

func (c *MasterConfig) Run(stopCh <-chan struct{}) error

Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it. TODO this method only exists to support the old openshift start path. It should be removed a little ways into 3.10.

func (*MasterConfig) RunDNSServer

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunKubeAPIServer

func (c *MasterConfig) RunKubeAPIServer(stopCh <-chan struct{}) error

func (*MasterConfig) RunOpenShift

func (c *MasterConfig) RunOpenShift(stopCh <-chan struct{}) error

type NonAPIExtraConfig

type NonAPIExtraConfig struct {
	OAuthMetadata []byte
}

type OpenshiftAPIConfig

type OpenshiftAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   OpenshiftAPIExtraConfig
}

func (*OpenshiftAPIConfig) Complete

func (c *OpenshiftAPIConfig) Complete() completedConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftAPIExtraConfig

type OpenshiftAPIExtraConfig struct {
	KubeAPIServerClientConfig *restclient.Config
	KubeClientInternal        kclientsetinternal.Interface
	KubeInternalInformers     kinternalinformers.SharedInformerFactory

	QuotaInformers    quotainformer.SharedInformerFactory
	SecurityInformers securityinformer.SharedInformerFactory

	// these are all required to build our storage
	RuleResolver   rbacregistryvalidation.AuthorizationRuleResolver
	SubjectLocator rbacauthorizer.SubjectLocator

	// for Images
	LimitVerifier imageadmission.LimitVerifier
	// RegistryHostnameRetriever retrieves the internal and external hostname of
	// the integrated registry, or false if no such registry is available.
	RegistryHostnameRetriever          imageapi.RegistryHostnameRetriever
	AllowedRegistriesForImport         *configapi.AllowedRegistries
	MaxImagesBulkImportedPerRepository int

	RouteAllocator *routeallocationcontroller.RouteAllocationController

	ProjectAuthorizationCache *projectauth.AuthorizationCache
	ProjectCache              *projectcache.ProjectCache
	ProjectRequestTemplate    string
	ProjectRequestMessage     string

	// oauth API server
	ServiceAccountMethod configapi.GrantHandlerType

	ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController

	// SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix,
	// so we have to have it special cased here to point to the right spot.
	SCCStorage *sccstorage.REST
}

func (*OpenshiftAPIExtraConfig) Validate

func (c *OpenshiftAPIExtraConfig) Validate() error

Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now

type OpenshiftAPIServer

type OpenshiftAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.

type OpenshiftNonAPIConfig

type OpenshiftNonAPIConfig struct {
	GenericConfig *genericapiserver.RecommendedConfig
	ExtraConfig   NonAPIExtraConfig
}

func (*OpenshiftNonAPIConfig) Complete

func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig

Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.

type OpenshiftNonAPIServer

type OpenshiftNonAPIServer struct {
	GenericAPIServer *genericapiserver.GenericAPIServer
}

OpenshiftNonAPIServer serves non-API endpoints for openshift.

type ServiceResolver

type ServiceResolver interface {
	ResolveEndpoint(namespace, name string) (*url.URL, error)
}

A ServiceResolver knows how to get a URL given a service.

type TooManyThreadsStuckHealth

type TooManyThreadsStuckHealth struct {
	// contains filtered or unexported fields
}

TooManyThreadsStuckHealth is a health checker that indicates when we have too many thread in a particular method. This condition usually indicates that we got stuck and we should restart ourselves

func NewGRPCStuckThreads

func NewGRPCStuckThreads() *TooManyThreadsStuckHealth

func (*TooManyThreadsStuckHealth) Check

func (*TooManyThreadsStuckHealth) Count

func (h *TooManyThreadsStuckHealth) Count() int

func (*TooManyThreadsStuckHealth) Name

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL