Documentation ¶
Overview ¶
Package origin provides objects for creating an OpenShift Origin server
Index ¶
- Constants
- Variables
- func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, ...) error
- func LegacyStorage(storage map[unversioned.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
- func OpenShiftOAuthAuthorizeURL(masterAddr string) string
- func OpenShiftOAuthTokenRequestURL(masterAddr string) string
- func OpenShiftOAuthTokenURL(masterAddr string) string
- func WithAssetServerRedirect(handler http.Handler, assetPublicURL string) http.Handler
- func WithPatternsHandler(handler http.Handler, patternHandler http.Handler, patterns ...string) http.Handler
- type AssetConfig
- type AuthConfig
- type MasterConfig
- func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client
- func (c *MasterConfig) BuildControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) BuildLogClient() *kclientset.Clientset
- func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) ClientCARegistrationHook() (*master.ClientCARegistrationHook, error)
- func (c *MasterConfig) DNSServerClient() *kclientset.Clientset
- func (c *MasterConfig) DeploymentClient() *kclientset.Clientset
- func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) DeploymentConfigControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) DeploymentControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) DeploymentLogClient() *kclientset.Clientset
- func (c *MasterConfig) DeploymentTriggerControllerClient() *osclient.Client
- func (c *MasterConfig) GetRestStorage() map[unversioned.GroupVersion]map[string]rest.Storage
- func (c *MasterConfig) GetServiceAccountClients(name string) (*restclient.Config, *osclient.Client, *kclientset.Clientset, error)
- func (c *MasterConfig) GetServiceAccountClientsWithConfig(name string, config restclient.Config) (*restclient.Config, *osclient.Client, *kclientset.Clientset, error)
- func (c *MasterConfig) ImageChangeControllerClient() *osclient.Client
- func (c *MasterConfig) ImageImportControllerClient() *osclient.Client
- func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client
- func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client
- func (c *MasterConfig) ImageStreamSecretClient() *kclientset.Clientset
- func (c *MasterConfig) InitializeObjects()
- func (c *MasterConfig) InstallProtectedAPI(apiserver *genericapiserver.GenericAPIServer) ([]string, error)
- func (c *MasterConfig) KubeClientset() *kclientset.Clientset
- func (c *MasterConfig) OAuthServerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) OriginNamespaceControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) PolicyClient() *osclient.Client
- func (c *MasterConfig) ResourceQuotaManagerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
- func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) Run(kc *kubernetes.MasterConfig, assetConfig *AssetConfig)
- func (c *MasterConfig) RunAssetServer()
- func (c *MasterConfig) RunBuildConfigChangeController()
- func (c *MasterConfig) RunBuildController(informers shared.InformerFactory) error
- func (c *MasterConfig) RunBuildImageChangeTriggerController()
- func (c *MasterConfig) RunBuildPodController()
- func (c *MasterConfig) RunClusterQuotaMappingController()
- func (c *MasterConfig) RunClusterQuotaReconciliationController()
- func (c *MasterConfig) RunDNSServer()
- func (c *MasterConfig) RunDeploymentConfigController()
- func (c *MasterConfig) RunDeploymentController()
- func (c *MasterConfig) RunDeploymentTriggerController()
- func (c *MasterConfig) RunGroupCache()
- func (c *MasterConfig) RunHealth() error
- func (c *MasterConfig) RunImageImportController()
- func (c *MasterConfig) RunIngressIPController(client *kclientset.Clientset)
- func (c *MasterConfig) RunOriginNamespaceController()
- func (c *MasterConfig) RunProjectAuthorizationCache()
- func (c *MasterConfig) RunProjectCache()
- func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)
- func (c *MasterConfig) RunSDNController()
- func (c *MasterConfig) RunSecurityAllocationController()
- func (c *MasterConfig) RunServiceAccountPullSecretsControllers()
- func (c *MasterConfig) RunServiceAccountTokensController(cm *cmapp.CMServer)
- func (c *MasterConfig) RunServiceAccountsController()
- func (c *MasterConfig) RunServiceServingCertController(client *kclientset.Clientset)
- func (c *MasterConfig) RunTemplateController()
- func (c *MasterConfig) RunUnidlingController()
- func (c *MasterConfig) SDNControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) SdnClient() *osclient.Client
- func (c *MasterConfig) SecurityAllocationControllerClient() *kclientset.Clientset
- func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client
- func (c *MasterConfig) UnidlingControllerClients() (*osclient.Client, *kclientset.Clientset)
- func (c *MasterConfig) WebConsoleEnabled() bool
Constants ¶
const ( OpenShiftOAuthAPIPrefix = "/oauth" OpenShiftOAuthCallbackPrefix = "/oauth2callback" OpenShiftWebConsoleClientID = "openshift-web-console" OpenShiftBrowserClientID = "openshift-browser-client" OpenShiftCLIClientID = "openshift-challenging-client" )
Variables ¶
var ( // OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema. // This list should not grow and adding a new types to the locked Origin API schema will // cause a unit test failure. OriginLegacyKinds = sets.NewString( "AppliedClusterResourceQuota", "AppliedClusterResourceQuotaList", "BinaryBuildRequestOptions", "Build", "BuildConfig", "BuildConfigList", "BuildList", "BuildLog", "BuildLogOptions", "BuildRequest", "ClusterNetwork", "ClusterNetworkList", "ClusterPolicy", "ClusterPolicyBinding", "ClusterPolicyBindingList", "ClusterPolicyList", "ClusterResourceQuota", "ClusterResourceQuotaList", "ClusterRole", "ClusterRoleBinding", "ClusterRoleBindingList", "ClusterRoleList", "DeploymentConfig", "DeploymentConfigList", "DeploymentConfigRollback", "DeploymentLog", "DeploymentLogOptions", "DeploymentRequest", "EgressNetworkPolicy", "EgressNetworkPolicyList", "Group", "GroupList", "HostSubnet", "HostSubnetList", "Identity", "IdentityList", "Image", "ImageList", "ImageSignature", "ImageStream", "ImageStreamImage", "ImageStreamImport", "ImageStreamList", "ImageStreamMapping", "ImageStreamTag", "ImageStreamTagList", "IsPersonalSubjectAccessReview", "LocalResourceAccessReview", "LocalSubjectAccessReview", "NetNamespace", "NetNamespaceList", "OAuthAccessToken", "OAuthAccessTokenList", "OAuthAuthorizeToken", "OAuthAuthorizeTokenList", "OAuthClient", "OAuthClientAuthorization", "OAuthClientAuthorizationList", "OAuthClientList", "OAuthRedirectReference", "PodSecurityPolicyReview", "PodSecurityPolicySelfSubjectReview", "PodSecurityPolicySubjectReview", "Policy", "PolicyBinding", "PolicyBindingList", "PolicyList", "ProcessedTemplate", "Project", "ProjectList", "ProjectRequest", "ResourceAccessReview", "ResourceAccessReviewResponse", "Role", "RoleBinding", "RoleBindingList", "RoleBindingRestriction", "RoleBindingRestrictionList", "RoleList", "Route", "RouteList", "SelfSubjectRulesReview", "SubjectAccessReview", "SubjectAccessReviewResponse", "SubjectRulesReview", "Template", "TemplateConfig", "TemplateList", "User", "UserIdentityMapping", "UserList", ) // OriginLegacyResources lists all Origin resources that are locked for the legacy v1 // Origin API. This list should not grow. OriginLegacyResources = sets.NewString( "appliedClusterResourceQuotas", "buildConfigs", "builds", "clusterNetworks", "clusterPolicies", "clusterPolicyBindings", "clusterResourceQuotas", "clusterRoleBindings", "clusterRoles", "deploymentConfigRollbacks", "deploymentConfigs", "egressNetworkPolicies", "groups", "hostSubnets", "identities", "imageStreamImages", "imageStreamImports", "imageStreamMappings", "imageStreamTags", "imageStreams", "images", "imagesignatures", "localResourceAccessReviews", "localSubjectAccessReviews", "netNamespaces", "oAuthAccessTokens", "oAuthAuthorizeTokens", "oAuthClientAuthorizations", "oAuthClients", "podSecurityPolicyReviews", "podSecurityPolicySelfSubjectReviews", "podSecurityPolicySubjectReviews", "policies", "policyBindings", "processedTemplates", "projectRequests", "projects", "resourceAccessReviews", "roleBindingRestrictions", "roleBindings", "roles", "routes", "selfSubjectRulesReviews", "subjectAccessReviews", "subjectRulesReviews", "templates", "userIdentityMappings", "users", ) // OriginLegacySubresources lists all Origin sub-resources that are locked for the // legacy v1 Origin API. This list should not grow. OriginLegacySubresources = sets.NewString( "clusterResourceQuotas/status", "processedTemplates", "imageStreams/status", "imageStreams/secrets", "generateDeploymentConfigs", "deploymentConfigs/log", "deploymentConfigs/instantiate", "deploymentConfigs/scale", "deploymentConfigs/status", "deploymentConfigs/rollback", "routes/status", "builds/clone", "builds/log", "builds/details", "buildConfigs/webhooks", "buildConfigs/instantiate", "buildConfigs/instantiatebinary", ) )
var ( // KubeAdmissionPlugins gives the in-order default admission chain for kube resources. KubeAdmissionPlugins = []string{ lifecycle.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, quotaadmission.PluginName, "openshift.io/ClusterResourceQuota", } // CombinedAdmissionControlPlugins gives the in-order default admission chain for all resources resources. // When possible, this list is used. The set of openshift+kube chains must exactly match this set. In addition, // the order specified in the openshift and kube chains must match the order here. CombinedAdmissionControlPlugins = []string{ lifecycle.PluginName, "ProjectRequestLimit", "OriginNamespaceLifecycle", "openshift.io/RestrictSubjectBindings", "PodNodeConstraints", "openshift.io/JenkinsBootstrapper", "openshift.io/BuildConfigSecretInjector", "BuildByStrategy", imageadmission.PluginName, "RunOnceDuration", "PodNodeConstraints", "OriginPodNodeEnvironment", "PodNodeSelector", overrideapi.PluginName, serviceadmit.ExternalIPPluginName, serviceadmit.RestrictedEndpointsPluginName, imagepolicy.PluginName, "ImagePolicyWebhook", "LimitRanger", "ServiceAccount", "SecurityContextConstraint", storageclassdefaultadmission.PluginName, "AlwaysPullImages", "LimitPodHardAntiAffinityTopology", "SCCExecRestrictions", "PersistentVolumeLabel", "OwnerReferencesPermissionEnforcement", ingressadmission.IngressAdmission, quotaadmission.PluginName, "openshift.io/ClusterResourceQuota", } )
Functions ¶
func CreateOrUpdateDefaultOAuthClients ¶
func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry) error
func LegacyStorage ¶
func LegacyStorage(storage map[unversioned.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
LegacyStorage returns a storage for locked legacy types.
func OpenShiftOAuthTokenURL ¶
func WithAssetServerRedirect ¶
If we know the location of the asset server, redirect to it when / is requested and the Accept header supports text/html
Types ¶
type AssetConfig ¶
type AssetConfig struct { Options oapi.AssetConfig LimitRequestOverrides *api.ClusterResourceOverrideConfig }
AssetConfig defines the required parameters for starting the OpenShift master
func NewAssetConfig ¶
func NewAssetConfig(options oapi.AssetConfig, limitRequestOverrides *api.ClusterResourceOverrideConfig) (*AssetConfig, error)
NewAssetConfig returns a new AssetConfig
func (*AssetConfig) Run ¶
func (c *AssetConfig) Run()
Run starts an http server for the static assets listening on the configured bind address
func (*AssetConfig) WithAssets ¶
WithAssets decorates a handler by serving static assets for the subpath of the public URL and passing through all other requests to the given handler.
type AuthConfig ¶
type AuthConfig struct { Options configapi.OAuthConfig // AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console AssetPublicAddresses []string // KubeClient is kubeclient with enough permission for the auth API KubeClient kclientset.Interface // OpenShiftClient is osclient with enough permission for the auth API OpenShiftClient osclient.Interface // RESTOptionsGetter provides storage and RESTOption lookup RESTOptionsGetter restoptions.Getter // EtcdBackends is a list of storage interfaces, each of which talks to a single etcd backend. // These are only used to ensure newly created tokens are distributed to all backends before returning them for use. // EtcdHelper should normally be used for storage functions. EtcdBackends []storage.Interface UserRegistry userregistry.Registry IdentityRegistry identityregistry.Registry SessionAuth *session.Authenticator HandlerWrapper handlerWrapper }
func BuildAuthConfig ¶
func BuildAuthConfig(masterConfig *MasterConfig) (*AuthConfig, error)
func (*AuthConfig) NewOpenShiftOAuthClientConfig ¶
func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig
NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client
type MasterConfig ¶
type MasterConfig struct { Options configapi.MasterConfig // RESTOptionsGetter provides access to storage and RESTOptions for a particular resource RESTOptionsGetter restoptions.Getter RuleResolver rulevalidation.AuthorizationRuleResolver Authenticator authenticator.Request Authorizer kauthorizer.Authorizer SubjectLocator authorizer.SubjectLocator // TODO(sttts): replace AuthorizationAttributeBuilder with kapiserverfilters.NewRequestAttributeGetter AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder GroupCache *usercache.GroupCache ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController LimitVerifier imageadmission.LimitVerifier // RequestContextMapper maps requests to contexts RequestContextMapper kapi.RequestContextMapper AdmissionControl admission.Interface // KubeAdmissionControl holds the kube admission chain. Because of the way the plugin initializer is built // you'll be passing information in this direction either way. Knowing how to build this chain requires knowledge // of both the origin config AND the kube config, so this spot makes more sense. KubeAdmissionControl admission.Interface TLS bool ControllerPlug plug.Plug ControllerPlugStart func() // ImageFor is a function that returns the appropriate image to use for a named component ImageFor func(component string) string // RegistryNameFn retrieves the name of the integrated registry, or false if no such registry // is available. RegistryNameFn imageapi.DefaultRegistryFunc // ExternalVersionCodec is the codec used when serializing annotations, which cannot be changed // without all clients being aware of the new version. ExternalVersionCodec runtime.Codec KubeletClientConfig *kubeletclient.KubeletClientConfig // ClientCAs will be used to request client certificates in connections to the API. // This CertPool should contain all the CAs that will be used for client certificate verification. ClientCAs *x509.CertPool // APIClientCAs is used to verify client certificates presented for API auth APIClientCAs *x509.CertPool // PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components // To apply different access control to a system component, create a client config specifically for that component. PrivilegedLoopbackClientConfig restclient.Config // PrivilegedLoopbackKubernetesClientset is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientset *kclientset.Clientset // PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components, // built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods. // To apply different access control to a system component, create a separate client/config specifically // for that component. PrivilegedLoopbackOpenShiftClient *osclient.Client // Informers is a shared factory for getting SharedInformers. It is important to get your informers, indexers, and listers // from here so that we only end up with a single cache of objects Informers shared.InformerFactory }
MasterConfig defines the required parameters for starting the OpenShift master
func BuildMasterConfig ¶
func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)
BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options
func (*MasterConfig) BuildConfigChangeControllerClients ¶
func (c *MasterConfig) BuildConfigChangeControllerClients() (*osclient.Client, *kclientset.Clientset)
BuildConfigChangeControllerClients returns the build config change controller client objects
func (*MasterConfig) BuildConfigWebHookClient ¶
func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client
BuildConfigWebHookClient returns the webhook client object
func (*MasterConfig) BuildControllerClients ¶
func (c *MasterConfig) BuildControllerClients() (*osclient.Client, *kclientset.Clientset)
BuildControllerClients returns the build controller client objects
func (*MasterConfig) BuildImageChangeTriggerControllerClients ¶
func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, *kclientset.Clientset)
BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects
func (*MasterConfig) BuildLogClient ¶
func (c *MasterConfig) BuildLogClient() *kclientset.Clientset
BuildLogClient returns the build log client object
func (*MasterConfig) BuildPodControllerClients ¶
func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, *kclientset.Clientset)
BuildPodControllerClients returns the build pod controller client objects
func (*MasterConfig) ClientCARegistrationHook ¶
func (c *MasterConfig) ClientCARegistrationHook() (*master.ClientCARegistrationHook, error)
func (*MasterConfig) DNSServerClient ¶
func (c *MasterConfig) DNSServerClient() *kclientset.Clientset
DNSServerClient returns the DNS server client object It must have the following capabilities:
list, watch all services in all namespaces
func (*MasterConfig) DeploymentClient ¶
func (c *MasterConfig) DeploymentClient() *kclientset.Clientset
DeploymentClient returns the deployment client object
func (*MasterConfig) DeploymentConfigClients ¶
func (c *MasterConfig) DeploymentConfigClients() (*osclient.Client, *kclientset.Clientset)
DeploymentConfigClients returns deploymentConfig and deployment client objects
func (*MasterConfig) DeploymentConfigControllerClients ¶
func (c *MasterConfig) DeploymentConfigControllerClients() (*osclient.Client, *kclientset.Clientset)
DeploymentConfigControllerClients returns the deploymentConfig controller client objects
func (*MasterConfig) DeploymentConfigInstantiateClients ¶
func (c *MasterConfig) DeploymentConfigInstantiateClients() (*osclient.Client, *kclientset.Clientset)
DeploymentConfigInstantiateClients returns the clients used by the instantiate endpoint.
func (*MasterConfig) DeploymentControllerClients ¶
func (c *MasterConfig) DeploymentControllerClients() (*osclient.Client, *kclientset.Clientset)
DeploymentControllerClients returns the deployment controller client objects
func (*MasterConfig) DeploymentLogClient ¶
func (c *MasterConfig) DeploymentLogClient() *kclientset.Clientset
DeploymentLogClient returns the deployment log client object
func (*MasterConfig) DeploymentTriggerControllerClient ¶
func (c *MasterConfig) DeploymentTriggerControllerClient() *osclient.Client
DeploymentTriggerControllerClient returns the deploymentConfig trigger controller client object
func (*MasterConfig) GetRestStorage ¶
func (c *MasterConfig) GetRestStorage() map[unversioned.GroupVersion]map[string]rest.Storage
func (*MasterConfig) GetServiceAccountClients ¶
func (c *MasterConfig) GetServiceAccountClients(name string) (*restclient.Config, *osclient.Client, *kclientset.Clientset, error)
GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace
func (*MasterConfig) GetServiceAccountClientsWithConfig ¶
func (c *MasterConfig) GetServiceAccountClientsWithConfig(name string, config restclient.Config) (*restclient.Config, *osclient.Client, *kclientset.Clientset, error)
func (*MasterConfig) ImageChangeControllerClient ¶
func (c *MasterConfig) ImageChangeControllerClient() *osclient.Client
ImageChangeControllerClient returns the openshift client object
func (*MasterConfig) ImageImportControllerClient ¶
func (c *MasterConfig) ImageImportControllerClient() *osclient.Client
ImageImportControllerClient returns the deployment client object
func (*MasterConfig) ImageStreamImportSARClient ¶
func (c *MasterConfig) ImageStreamImportSARClient() *osclient.Client
ImageStreamImportSARClient returns the client capable of performing self-SAR requests
func (*MasterConfig) ImageStreamImportSecretClient ¶
func (c *MasterConfig) ImageStreamImportSecretClient() *osclient.Client
ImageStreamImportSecretClient returns the client capable of retrieving image secrets for a namespace
func (*MasterConfig) ImageStreamSecretClient ¶
func (c *MasterConfig) ImageStreamSecretClient() *kclientset.Clientset
ImageStreamSecretClient returns the client capable of retrieving secrets for an image secret wrapper
func (*MasterConfig) InitializeObjects ¶
func (c *MasterConfig) InitializeObjects()
InitializeObjects ensures objects in Kubernetes and etcd are properly populated. Requires a Kube client to be established and that etcd be started.
func (*MasterConfig) InstallProtectedAPI ¶
func (c *MasterConfig) InstallProtectedAPI(apiserver *genericapiserver.GenericAPIServer) ([]string, error)
func (*MasterConfig) KubeClientset ¶
func (c *MasterConfig) KubeClientset() *kclientset.Clientset
KubeClientset returns the kubernetes client object
func (*MasterConfig) OAuthServerClients ¶
func (c *MasterConfig) OAuthServerClients() (*osclient.Client, *kclientset.Clientset)
OAuthServerClients returns the openshift and kubernetes OAuth server client objects The returned clients are privileged
func (*MasterConfig) OriginNamespaceControllerClients ¶
func (c *MasterConfig) OriginNamespaceControllerClients() (*osclient.Client, *kclientset.Clientset)
OriginNamespaceControllerClients returns a client for openshift and kubernetes. The openshift client object must have authority to delete openshift content in any namespace The kubernetes client object must have authority to execute a finalize request on a namespace
func (*MasterConfig) PolicyClient ¶
func (c *MasterConfig) PolicyClient() *osclient.Client
PolicyClient returns the policy client object It must have the following capabilities:
list, watch all policyBindings in all namespaces list, watch all policies in all namespaces create resourceAccessReviews in all namespaces
func (*MasterConfig) ResourceQuotaManagerClients ¶
func (c *MasterConfig) ResourceQuotaManagerClients() (*osclient.Client, *kclientset.Clientset)
ResourceQuotaManagerClients returns the client capable of retrieving resources needed for resource quota evaluation
func (*MasterConfig) RouteAllocator ¶
func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
RouteAllocator returns a route allocation controller.
func (*MasterConfig) RouteAllocatorClients ¶
func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, *kclientset.Clientset)
RouteAllocatorClients returns the route allocator client objects
func (*MasterConfig) Run ¶
func (c *MasterConfig) Run(kc *kubernetes.MasterConfig, assetConfig *AssetConfig)
Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.
func (*MasterConfig) RunAssetServer ¶
func (c *MasterConfig) RunAssetServer()
RunAssetServer starts the asset server for the OpenShift UI.
func (*MasterConfig) RunBuildConfigChangeController ¶
func (c *MasterConfig) RunBuildConfigChangeController()
RunBuildConfigChangeController starts the build config change trigger controller process.
func (*MasterConfig) RunBuildController ¶
func (c *MasterConfig) RunBuildController(informers shared.InformerFactory) error
RunBuildController starts the build sync loop for builds and buildConfig processing.
func (*MasterConfig) RunBuildImageChangeTriggerController ¶
func (c *MasterConfig) RunBuildImageChangeTriggerController()
RunBuildImageChangeTriggerController starts the build image change trigger controller process.
func (*MasterConfig) RunBuildPodController ¶
func (c *MasterConfig) RunBuildPodController()
RunBuildPodController starts the build/pod status sync loop for build status
func (*MasterConfig) RunClusterQuotaMappingController ¶
func (c *MasterConfig) RunClusterQuotaMappingController()
func (*MasterConfig) RunClusterQuotaReconciliationController ¶
func (c *MasterConfig) RunClusterQuotaReconciliationController()
func (*MasterConfig) RunDNSServer ¶
func (c *MasterConfig) RunDNSServer()
RunDNSServer starts the DNS server
func (*MasterConfig) RunDeploymentConfigController ¶
func (c *MasterConfig) RunDeploymentConfigController()
RunDeploymentConfigController starts the deployment config controller process.
func (*MasterConfig) RunDeploymentController ¶
func (c *MasterConfig) RunDeploymentController()
RunDeploymentController starts the deployment controller process.
func (*MasterConfig) RunDeploymentTriggerController ¶
func (c *MasterConfig) RunDeploymentTriggerController()
RunDeploymentTriggerController starts the deployment trigger controller process.
func (*MasterConfig) RunGroupCache ¶
func (c *MasterConfig) RunGroupCache()
RunGroupCache starts the group cache
func (*MasterConfig) RunHealth ¶
func (c *MasterConfig) RunHealth() error
func (*MasterConfig) RunImageImportController ¶
func (c *MasterConfig) RunImageImportController()
RunImageImportController starts the image import trigger controller process.
func (*MasterConfig) RunIngressIPController ¶
func (c *MasterConfig) RunIngressIPController(client *kclientset.Clientset)
RunIngressIPController starts the ingress ip controller if IngressIPNetworkCIDR is configured.
func (*MasterConfig) RunOriginNamespaceController ¶
func (c *MasterConfig) RunOriginNamespaceController()
RunOriginNamespaceController starts the controller that takes part in namespace termination of openshift content
func (*MasterConfig) RunProjectAuthorizationCache ¶
func (c *MasterConfig) RunProjectAuthorizationCache()
RunProjectAuthorizationCache starts the project authorization cache
func (*MasterConfig) RunProjectCache ¶
func (c *MasterConfig) RunProjectCache()
RunProjectCache populates project cache, used by scheduler and project admission controller.
func (*MasterConfig) RunResourceQuotaManager ¶
func (c *MasterConfig) RunResourceQuotaManager(cm *cmapp.CMServer)
RunResourceQuotaManager starts resource quota controller for OpenShift resources
func (*MasterConfig) RunSDNController ¶
func (c *MasterConfig) RunSDNController()
RunSDNController runs openshift-sdn if the said network plugin is provided
func (*MasterConfig) RunSecurityAllocationController ¶
func (c *MasterConfig) RunSecurityAllocationController()
RunSecurityAllocationController starts the security allocation controller process.
func (*MasterConfig) RunServiceAccountPullSecretsControllers ¶
func (c *MasterConfig) RunServiceAccountPullSecretsControllers()
RunServiceAccountPullSecretsControllers starts the service account pull secret controllers
func (*MasterConfig) RunServiceAccountTokensController ¶
func (c *MasterConfig) RunServiceAccountTokensController(cm *cmapp.CMServer)
RunServiceAccountTokensController starts the service account token controller
func (*MasterConfig) RunServiceAccountsController ¶
func (c *MasterConfig) RunServiceAccountsController()
RunServiceAccountsController starts the service account controller
func (*MasterConfig) RunServiceServingCertController ¶
func (c *MasterConfig) RunServiceServingCertController(client *kclientset.Clientset)
func (*MasterConfig) RunTemplateController ¶
func (c *MasterConfig) RunTemplateController()
func (*MasterConfig) RunUnidlingController ¶
func (c *MasterConfig) RunUnidlingController()
RunUnidlingController starts the unidling controller
func (*MasterConfig) SDNControllerClients ¶
func (c *MasterConfig) SDNControllerClients() (*osclient.Client, *kclientset.Clientset)
SDNControllerClients returns the SDN controller client objects
func (*MasterConfig) SdnClient ¶
func (c *MasterConfig) SdnClient() *osclient.Client
SdnClient returns the sdn client object It must have the capability to get/list/watch/create/delete HostSubnets. And have the capability to get ClusterNetwork.
func (*MasterConfig) SecurityAllocationControllerClient ¶
func (c *MasterConfig) SecurityAllocationControllerClient() *kclientset.Clientset
SecurityAllocationControllerClient returns the security allocation controller client object
func (*MasterConfig) ServiceAccountRoleBindingClient ¶
func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client
ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:
get, list, update, create policyBindings and clusterPolicyBindings in all namespaces
func (*MasterConfig) UnidlingControllerClients ¶
func (c *MasterConfig) UnidlingControllerClients() (*osclient.Client, *kclientset.Clientset)
UnidlingControllerClients returns the unidling controller clients
func (*MasterConfig) WebConsoleEnabled ¶
func (c *MasterConfig) WebConsoleEnabled() bool
WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.