Documentation ¶
Overview ¶
Package app does all of the work necessary to create a Kubernetes APIServer by binding together the API, master and APIServer infrastructure. It can be configured and called directly or via the hyperkube framework.
Package origin provides objects for creating an OpenShift Origin server
Index ¶
- Variables
- func LegacyStorage(storage map[schema.GroupVersion]map[string]rest.Storage) map[string]rest.Storage
- func NewAssetServerConfigFromMasterConfig(masterConfigOptions configapi.MasterConfig) (*assetapiserver.AssetServerConfig, error)
- func NewAuthenticator(options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, ...) (authenticator.Request, error)
- func NewAuthorizer(informers InformerAccess, projectRequestMessage string) (kauthorizer.Authorizer, authorizer.SubjectLocator, ...)
- func NewLeaderElection(options configapi.MasterConfig, ...) (plug.Plug, func(), error)
- func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig) (*oauthapiserver.OAuthServerConfig, error)
- func WithPatternPrefixHandler(handler http.Handler, patternHandler http.Handler, prefixes ...string) http.Handler
- type InformerAccess
- type MasterConfig
- func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
- func (c *MasterConfig) Run(controllerPlug plug.Plug, stopCh <-chan struct{}) error
- func (c *MasterConfig) RunDNSServer()
- func (c *MasterConfig) WebConsoleEnabled() bool
- func (c *MasterConfig) WebConsoleStandalone() bool
- type OpenshiftAPIConfig
- type OpenshiftAPIServer
- type OpenshiftNonAPIConfig
- type OpenshiftNonAPIServer
- type SecurityAllocationController
Constants ¶
This section is empty.
Variables ¶
var ( // OriginLegacyKinds lists all kinds that are locked to the legacy Origin API schema. // This list should not grow and adding a new types to the locked Origin API schema will // cause a unit test failure. OriginLegacyKinds = sets.NewString( "AppliedClusterResourceQuota", "AppliedClusterResourceQuotaList", "BinaryBuildRequestOptions", "Build", "BuildConfig", "BuildConfigList", "BuildList", "BuildLog", "BuildLogOptions", "BuildRequest", "ClusterNetwork", "ClusterNetworkList", "ClusterPolicy", "ClusterPolicyBinding", "ClusterPolicyBindingList", "ClusterPolicyList", "ClusterResourceQuota", "ClusterResourceQuotaList", "ClusterRole", "ClusterRoleBinding", "ClusterRoleBindingList", "ClusterRoleList", "DeploymentConfig", "DeploymentConfigList", "DeploymentConfigRollback", "DeploymentLog", "DeploymentLogOptions", "DeploymentRequest", "EgressNetworkPolicy", "EgressNetworkPolicyList", "Group", "GroupList", "HostSubnet", "HostSubnetList", "Identity", "IdentityList", "Image", "ImageList", "ImageSignature", "ImageStream", "ImageStreamImage", "ImageStreamImport", "ImageStreamList", "ImageStreamMapping", "ImageStreamTag", "ImageStreamTagList", "IsPersonalSubjectAccessReview", "LocalResourceAccessReview", "LocalSubjectAccessReview", "NetNamespace", "NetNamespaceList", "OAuthAccessToken", "OAuthAccessTokenList", "OAuthAuthorizeToken", "OAuthAuthorizeTokenList", "OAuthClient", "OAuthClientAuthorization", "OAuthClientAuthorizationList", "OAuthClientList", "OAuthRedirectReference", "PodSecurityPolicyReview", "PodSecurityPolicySelfSubjectReview", "PodSecurityPolicySubjectReview", "Policy", "PolicyBinding", "PolicyBindingList", "PolicyList", "ProcessedTemplate", "Project", "ProjectList", "ProjectRequest", "ResourceAccessReview", "ResourceAccessReviewResponse", "Role", "RoleBinding", "RoleBindingList", "RoleBindingRestriction", "RoleBindingRestrictionList", "RoleList", "Route", "RouteList", "SelfSubjectRulesReview", "SubjectAccessReview", "SubjectAccessReviewResponse", "SubjectRulesReview", "Template", "TemplateConfig", "TemplateList", "User", "UserIdentityMapping", "UserList", ) // OriginLegacyResources lists all Origin resources that are locked for the legacy v1 // Origin API. This list should not grow. OriginLegacyResources = sets.NewString( "appliedClusterResourceQuotas", "buildConfigs", "builds", "clusterNetworks", "clusterPolicies", "clusterPolicyBindings", "clusterResourceQuotas", "clusterRoleBindings", "clusterRoles", "deploymentConfigRollbacks", "deploymentConfigs", "egressNetworkPolicies", "groups", "hostSubnets", "identities", "imageStreamImages", "imageStreamImports", "imageStreamMappings", "imageStreamTags", "imageStreams", "images", "imagesignatures", "localResourceAccessReviews", "localSubjectAccessReviews", "netNamespaces", "oAuthAccessTokens", "oAuthAuthorizeTokens", "oAuthClientAuthorizations", "oAuthClients", "podSecurityPolicyReviews", "podSecurityPolicySelfSubjectReviews", "podSecurityPolicySubjectReviews", "policies", "policyBindings", "processedTemplates", "projectRequests", "projects", "resourceAccessReviews", "roleBindingRestrictions", "roleBindings", "roles", "routes", "selfSubjectRulesReviews", "subjectAccessReviews", "subjectRulesReviews", "templates", "userIdentityMappings", "users", ) // OriginLegacySubresources lists all Origin sub-resources that are locked for the // legacy v1 Origin API. This list should not grow. OriginLegacySubresources = sets.NewString( "clusterResourceQuotas/status", "processedTemplates", "imageStreams/status", "imageStreams/secrets", "generateDeploymentConfigs", "deploymentConfigs/log", "deploymentConfigs/instantiate", "deploymentConfigs/scale", "deploymentConfigs/status", "deploymentConfigs/rollback", "routes/status", "builds/clone", "builds/log", "builds/details", "buildConfigs/webhooks", "buildConfigs/instantiate", "buildConfigs/instantiatebinary", ) )
Functions ¶
func LegacyStorage ¶
LegacyStorage returns a storage for locked legacy types.
func NewAssetServerConfigFromMasterConfig ¶ added in v3.7.0
func NewAssetServerConfigFromMasterConfig(masterConfigOptions configapi.MasterConfig) (*assetapiserver.AssetServerConfig, error)
TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start
func NewAuthenticator ¶ added in v3.7.0
func NewAuthenticator( options configapi.MasterConfig, privilegedLoopbackConfig *rest.Config, informers InformerAccess, ) (authenticator.Request, error)
func NewAuthorizer ¶ added in v3.7.0
func NewAuthorizer(informers InformerAccess, projectRequestMessage string) (kauthorizer.Authorizer, authorizer.SubjectLocator, rbacregistryvalidation.AuthorizationRuleResolver)
func NewLeaderElection ¶
func NewLeaderElection(options configapi.MasterConfig, leader componentconfig.LeaderElectionConfiguration, kc kclientsetexternal.Interface, eventClient v1core.EventInterface) (plug.Plug, func(), error)
NewLeaderElection returns a plug that blocks controller startup until the lease is acquired and a function that will start the process to attain the lease. There are two modes for lease operation - a legacy mode that directly connects to etcd, and the preferred mode which coordinates on a service endpoints object in the kube-system namespace. Because legacy mode and the new mode do not coordinate on the same key, an upgrade must stop all controllers before changing the configuration and starting controllers with the new config.
func NewOAuthServerConfigFromMasterConfig ¶ added in v3.7.0
func NewOAuthServerConfigFromMasterConfig(masterConfig *MasterConfig) (*oauthapiserver.OAuthServerConfig, error)
TODO this is taking a very large config for a small piece of it. The information must be broken up at some point so that we can run this in a pod. This is an indication of leaky abstraction because it spent too much time in openshift start
Types ¶
type InformerAccess ¶
type InformerAccess interface { GetInternalKubeInformers() kinternalinformers.SharedInformerFactory GetExternalKubeInformers() kinformers.SharedInformerFactory GetClientGoKubeInformers() kubeclientgoinformers.SharedInformerFactory GetAuthorizationInformers() authorizationinformer.SharedInformerFactory GetImageInformers() imageinformer.SharedInformerFactory GetQuotaInformers() quotainformer.SharedInformerFactory GetSecurityInformers() securityinformer.SharedInformerFactory GetUserInformers() userinformer.SharedInformerFactory Start(stopCh <-chan struct{}) }
type MasterConfig ¶
type MasterConfig struct { Options configapi.MasterConfig // RESTOptionsGetter provides access to storage and RESTOptions for a particular resource RESTOptionsGetter restoptions.Getter RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator authorizer.SubjectLocator ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the name of the integrated registry, or false if no such registry // is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever KubeletClientConfig *kubeletclient.KubeletClientConfig // PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components // To apply different access control to a system component, create a client config specifically for that component. PrivilegedLoopbackClientConfig restclient.Config // PrivilegedLoopbackKubernetesClientsetInternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetInternal kclientsetinternal.Interface // PrivilegedLoopbackKubernetesClientsetExternal is the client used to call Kubernetes APIs from system components, // built from KubeClientConfig. It should only be accessed via the *TestingClient() helper methods. To apply // different access control to a system component, create a separate client/config specifically for // that component. PrivilegedLoopbackKubernetesClientsetExternal kclientsetexternal.Interface AuditBackend audit.Backend // TODO inspect uses to eliminate them InternalKubeInformers kinternalinformers.SharedInformerFactory ClientGoKubeInformers kubeclientgoinformers.SharedInformerFactory AuthorizationInformers authorizationinformer.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory UserInformers userinformer.SharedInformerFactory // contains filtered or unexported fields }
MasterConfig defines the required parameters for starting the OpenShift master
func BuildMasterConfig ¶
func BuildMasterConfig( options configapi.MasterConfig, informers InformerAccess, ) (*MasterConfig, error)
BuildMasterConfig builds and returns the OpenShift master configuration based on the provided options
func (*MasterConfig) RouteAllocator ¶
func (c *MasterConfig) RouteAllocator() *routeallocationcontroller.RouteAllocationController
RouteAllocator returns a route allocation controller.
func (*MasterConfig) Run ¶
func (c *MasterConfig) Run(controllerPlug plug.Plug, stopCh <-chan struct{}) error
Run launches the OpenShift master by creating a kubernetes master, installing OpenShift APIs into it and then running it.
func (*MasterConfig) RunDNSServer ¶
func (c *MasterConfig) RunDNSServer()
RunDNSServer starts the DNS server
func (*MasterConfig) WebConsoleEnabled ¶
func (c *MasterConfig) WebConsoleEnabled() bool
WebConsoleEnabled says whether web ui is not a disabled feature and asset service is configured.
func (*MasterConfig) WebConsoleStandalone ¶ added in v3.7.0
func (c *MasterConfig) WebConsoleStandalone() bool
type OpenshiftAPIConfig ¶
type OpenshiftAPIConfig struct { GenericConfig *genericapiserver.Config KubeClientInternal kclientsetinternal.Interface KubeletClientConfig *kubeletclient.KubeletClientConfig KubeInternalInformers kinternalinformers.SharedInformerFactory QuotaInformers quotainformer.SharedInformerFactory SecurityInformers securityinformer.SharedInformerFactory // these are all required to build our storage RuleResolver rbacregistryvalidation.AuthorizationRuleResolver SubjectLocator authorizer.SubjectLocator // for Images LimitVerifier imageadmission.LimitVerifier // RegistryHostnameRetriever retrieves the internal and external hostname of // the integrated registry, or false if no such registry is available. RegistryHostnameRetriever imageapi.RegistryHostnameRetriever AllowedRegistriesForImport *configapi.AllowedRegistries MaxImagesBulkImportedPerRepository int RouteAllocator *routeallocationcontroller.RouteAllocationController ProjectAuthorizationCache *projectauth.AuthorizationCache ProjectCache *projectcache.ProjectCache ProjectRequestTemplate string ProjectRequestMessage string EnableBuilds bool // oauth API server ServiceAccountMethod configapi.GrantHandlerType ClusterQuotaMappingController *clusterquotamapping.ClusterQuotaMappingController // SCCStorage is actually created with a kubernetes restmapper options to have the correct prefix, // so we have to have it special cased here to point to the right spot. SCCStorage *sccstorage.REST }
func (*OpenshiftAPIConfig) Complete ¶
func (c *OpenshiftAPIConfig) Complete() completedConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
func (*OpenshiftAPIConfig) SkipComplete ¶
func (c *OpenshiftAPIConfig) SkipComplete() completedConfig
SkipComplete provides a way to construct a server instance without config completion.
func (*OpenshiftAPIConfig) Validate ¶
func (c *OpenshiftAPIConfig) Validate() error
Validate helps ensure that we build this config correctly, because there are lots of bits to remember for now
type OpenshiftAPIServer ¶
type OpenshiftAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftAPIServer is only responsible for serving the APIs for Openshift It does NOT expose oauth, related oauth endpoints, or any kube APIs.
type OpenshiftNonAPIConfig ¶
type OpenshiftNonAPIConfig struct { GenericConfig *genericapiserver.Config // these are only needed for the controller endpoint which should be moved out and made an optional // add-on in the chain (as the final delegate) when running an all-in-one ControllerPlug plug.Plug MasterPublicURL string EnableOAuth bool }
func (*OpenshiftNonAPIConfig) Complete ¶
func (c *OpenshiftNonAPIConfig) Complete() completedOpenshiftNonAPIConfig
Complete fills in any fields not set that are required to have valid data. It's mutating the receiver.
func (*OpenshiftNonAPIConfig) SkipComplete ¶
func (c *OpenshiftNonAPIConfig) SkipComplete() completedOpenshiftNonAPIConfig
SkipComplete provides a way to construct a server instance without config completion.
type OpenshiftNonAPIServer ¶
type OpenshiftNonAPIServer struct {
GenericAPIServer *genericapiserver.GenericAPIServer
}
OpenshiftNonAPIServer serves non-API endpoints for openshift.
type SecurityAllocationController ¶
type SecurityAllocationController struct { SecurityAllocator *configapi.SecurityAllocator OpenshiftRESTOptionsGetter restoptions.Getter ExternalKubeInformers kexternalinformers.SharedInformerFactory KubeExternalClient kclientsetexternal.Interface }
func (SecurityAllocationController) RunSecurityAllocationController ¶
func (c SecurityAllocationController) RunSecurityAllocationController()
RunSecurityAllocationController starts the security allocation controller process.