Documentation ¶
Overview ¶
Package server contains the plumbing to create kubernetes-like API server command.
Index ¶
- Constants
- func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, ...)
- func BuildHandlerChainWithStorageVersionPrecondition(apiHandler http.Handler, c *Config) http.Handler
- func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler
- func DefaultOpenAPIConfig(getDefinitions openapicommon.GetOpenAPIDefinitions, ...) *openapicommon.Config
- func LoopbackHostPort(bindAddress string) (string, string, error)
- func NewRequestInfoResolver(c *Config) *apirequest.RequestInfoFactory
- func RegisterAllAdmissionPlugins(plugins *admission.Plugins)
- func RequestShutdown() bool
- func RunServer(server *http.Server, ln net.Listener, shutDownTimeout time.Duration, ...) (<-chan struct{}, <-chan struct{}, error)
- func SetupSignalContext() context.Context
- func SetupSignalHandler() <-chan struct{}
- type APIGroupInfo
- type APIServerHandler
- type AuthenticationInfo
- type AuthorizationInfo
- type CompletedConfig
- type Config
- func (c *Config) AddHealthChecks(healthChecks ...healthz.HealthChecker)
- func (c *Config) AddPostStartHook(name string, hook PostStartHookFunc) error
- func (c *Config) AddPostStartHookOrDie(name string, hook PostStartHookFunc)
- func (c *Config) Complete(informers informers.SharedInformerFactory) CompletedConfig
- type DelegationTarget
- type DeprecatedInsecureServingInfo
- type GenericAPIServer
- func (s *GenericAPIServer) AddBootSequenceHealthChecks(checks ...healthz.HealthChecker) error
- func (s *GenericAPIServer) AddHealthChecks(checks ...healthz.HealthChecker) error
- func (s *GenericAPIServer) AddLivezChecks(delay time.Duration, checks ...healthz.HealthChecker) error
- func (s *GenericAPIServer) AddPostStartHook(name string, hook PostStartHookFunc) error
- func (s *GenericAPIServer) AddPostStartHookOrDie(name string, hook PostStartHookFunc)
- func (s *GenericAPIServer) AddPreShutdownHook(name string, hook PreShutdownHookFunc) error
- func (s *GenericAPIServer) AddPreShutdownHookOrDie(name string, hook PreShutdownHookFunc)
- func (s *GenericAPIServer) AddReadyzChecks(checks ...healthz.HealthChecker) error
- func (s *GenericAPIServer) HealthzChecks() []healthz.HealthChecker
- func (s *GenericAPIServer) InstallAPIGroup(apiGroupInfo *APIGroupInfo) error
- func (s *GenericAPIServer) InstallAPIGroups(apiGroupInfos ...*APIGroupInfo) error
- func (s *GenericAPIServer) InstallLegacyAPIGroup(apiPrefix string, apiGroupInfo *APIGroupInfo) error
- func (s *GenericAPIServer) ListedPaths() []string
- func (s *GenericAPIServer) NextDelegate() DelegationTarget
- func (s *GenericAPIServer) PostStartHooks() map[string]postStartHookEntry
- func (s *GenericAPIServer) PreShutdownHooks() map[string]preShutdownHookEntry
- func (s *GenericAPIServer) PrepareRun() preparedGenericAPIServer
- func (s *GenericAPIServer) RunPostStartHooks(stopCh <-chan struct{})
- func (s *GenericAPIServer) RunPreShutdownHooks() error
- func (s *GenericAPIServer) UnprotectedHandler() http.Handler
- type HandlerChainBuilderFn
- type InsecureSuperuser
- type PostStartHookConfigEntry
- type PostStartHookContext
- type PostStartHookFunc
- type PostStartHookProvider
- type PreShutdownHookFunc
- type RecommendedConfig
- type ResourceExpirationEvaluator
- type SecureServingInfo
- func (s *SecureServingInfo) HostPort() (string, int, error)
- func (s *SecureServingInfo) NewClientConfig(caCert []byte) (*restclient.Config, error)
- func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert []byte) (*restclient.Config, error)
- func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, error)
- func (s *SecureServingInfo) ServeWithListenerStopped(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, <-chan struct{}, error)
Constants ¶
const ( // DefaultLegacyAPIPrefix is where the legacy APIs will be located. DefaultLegacyAPIPrefix = "/api" // APIGroupPrefix is where non-legacy API group will be located. APIGroupPrefix = "/apis" )
const LoopbackClientServerNameOverride = "apiserver-loopback-client"
LoopbackClientServerNameOverride is passed to the apiserver from the loopback client in order to select the loopback certificate via SNI if TLS is used.
Variables ¶
This section is empty.
Functions ¶
func AuthorizeClientBearerToken ¶
func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, authz *AuthorizationInfo)
AuthorizeClientBearerToken wraps the authenticator and authorizer in loopback authentication logic if the loopback client config is specified AND it has a bearer token. Note that if either authn or authz is nil, this function won't add a token authenticator or authorizer.
func BuildHandlerChainWithStorageVersionPrecondition ¶ added in v0.20.0
func DefaultOpenAPIConfig ¶
func DefaultOpenAPIConfig(getDefinitions openapicommon.GetOpenAPIDefinitions, defNamer *apiopenapi.DefinitionNamer) *openapicommon.Config
func LoopbackHostPort ¶
LoopbackHostPort returns the host and port loopback REST clients should use to contact the server.
func NewRequestInfoResolver ¶
func NewRequestInfoResolver(c *Config) *apirequest.RequestInfoFactory
func RegisterAllAdmissionPlugins ¶
RegisterAllAdmissionPlugins registers all admission plugins
func RequestShutdown ¶
func RequestShutdown() bool
RequestShutdown emulates a received event that is considered as shutdown signal (SIGTERM/SIGINT) This returns whether a handler was notified
func RunServer ¶
func RunServer( server *http.Server, ln net.Listener, shutDownTimeout time.Duration, stopCh <-chan struct{}, ) (<-chan struct{}, <-chan struct{}, error)
RunServer spawns a go-routine continuously serving until the stopCh is closed. It returns a stoppedCh that is closed when all non-hijacked active requests have been processed. This function does not block TODO: make private when insecure serving is gone from the kube-apiserver
func SetupSignalContext ¶ added in v0.19.0
SetupSignalContext is same as SetupSignalHandler, but a context.Context is returned. Only one of SetupSignalContext and SetupSignalHandler should be called, and only can be called once.
func SetupSignalHandler ¶
func SetupSignalHandler() <-chan struct{}
SetupSignalHandler registered for SIGTERM and SIGINT. A stop channel is returned which is closed on one of these signals. If a second signal is caught, the program is terminated with exit code 1. Only one of SetupSignalContext and SetupSignalHandler should be called, and only can be called once.
Types ¶
type APIGroupInfo ¶
type APIGroupInfo struct { PrioritizedVersions []schema.GroupVersion // Info about the resources in this group. It's a map from version to resource to the storage. VersionedResourcesStorageMap map[string]map[string]rest.Storage // OptionsExternalVersion controls the APIVersion used for common objects in the // schema like api.Status, api.DeleteOptions, and metav1.ListOptions. Other implementors may // define a version "v1beta1" but want to use the Kubernetes "v1" internal objects. // If nil, defaults to groupMeta.GroupVersion. // TODO: Remove this when https://github.com/kubernetes/kubernetes/issues/19018 is fixed. OptionsExternalVersion *schema.GroupVersion // MetaGroupVersion defaults to "meta.k8s.io/v1" and is the scheme group version used to decode // common API implementations like ListOptions. Future changes will allow this to vary by group // version (for when the inevitable meta/v2 group emerges). MetaGroupVersion *schema.GroupVersion // Scheme includes all of the types used by this group and how to convert between them (or // to convert objects from outside of this group that are accepted in this API). // TODO: replace with interfaces Scheme *runtime.Scheme // NegotiatedSerializer controls how this group encodes and decodes data NegotiatedSerializer runtime.NegotiatedSerializer // ParameterCodec performs conversions for query parameters passed to API calls ParameterCodec runtime.ParameterCodec // StaticOpenAPISpec is the spec derived from the definitions of all resources installed together. // It is set during InstallAPIGroups, InstallAPIGroup, and InstallLegacyAPIGroup. StaticOpenAPISpec *spec.Swagger }
Info about an API group.
func NewDefaultAPIGroupInfo ¶
func NewDefaultAPIGroupInfo(group string, scheme *runtime.Scheme, parameterCodec runtime.ParameterCodec, codecs serializer.CodecFactory) APIGroupInfo
NewDefaultAPIGroupInfo returns an APIGroupInfo stubbed with "normal" values exposed for easier composition from other packages
type APIServerHandler ¶
type APIServerHandler struct { // FullHandlerChain is the one that is eventually served with. It should include the full filter // chain and then call the Director. FullHandlerChain http.Handler // The registered APIs. InstallAPIs uses this. Other servers probably shouldn't access this directly. GoRestfulContainer *restful.Container // NonGoRestfulMux is the final HTTP handler in the chain. // It comes after all filters and the API handling // This is where other servers can attach handler to various parts of the chain. NonGoRestfulMux *mux.PathRecorderMux // Director is here so that we can properly handle fall through and proxy cases. // This looks a bit bonkers, but here's what's happening. We need to have /apis handling registered in gorestful in order to have // swagger generated for compatibility. Doing that with `/apis` as a webservice, means that it forcibly 404s (no defaulting allowed) // all requests which are not /apis or /apis/. We need those calls to fall through behind goresful for proper delegation. Trying to // register for a pattern which includes everything behind it doesn't work because gorestful negotiates for verbs and content encoding // and all those things go crazy when gorestful really just needs to pass through. In addition, openapi enforces unique verb constraints // which we don't fit into and it still muddies up swagger. Trying to switch the webservices into a route doesn't work because the // containing webservice faces all the same problems listed above. // This leads to the crazy thing done here. Our mux does what we need, so we'll place it in front of gorestful. It will introspect to // decide if the route is likely to be handled by goresful and route there if needed. Otherwise, it goes to PostGoRestful mux in // order to handle "normal" paths and delegation. Hopefully no API consumers will ever have to deal with this level of detail. I think // we should consider completely removing gorestful. // Other servers should only use this opaquely to delegate to an API server. Director http.Handler }
APIServerHandlers holds the different http.Handlers used by the API server. This includes the full handler chain, the director (which chooses between gorestful and nonGoRestful, the gorestful handler (used for the API) which falls through to the nonGoRestful handler on unregistered paths, and the nonGoRestful handler (which can contain a fallthrough of its own) FullHandlerChain -> Director -> {GoRestfulContainer,NonGoRestfulMux} based on inspection of registered web services
func NewAPIServerHandler ¶
func NewAPIServerHandler(name string, s runtime.NegotiatedSerializer, handlerChainBuilder HandlerChainBuilderFn, notFoundHandler http.Handler) *APIServerHandler
func (*APIServerHandler) ListedPaths ¶
func (a *APIServerHandler) ListedPaths() []string
ListedPaths returns the paths that should be shown under /
func (*APIServerHandler) ServeHTTP ¶
func (a *APIServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
ServeHTTP makes it an http.Handler
type AuthenticationInfo ¶
type AuthenticationInfo struct { // APIAudiences is a list of identifier that the API identifies as. This is // used by some authenticators to validate audience bound credentials. APIAudiences authenticator.Audiences // Authenticator determines which subject is making the request Authenticator authenticator.Request }
func (*AuthenticationInfo) ApplyClientCert ¶
func (c *AuthenticationInfo) ApplyClientCert(clientCA dynamiccertificates.CAContentProvider, servingInfo *SecureServingInfo) error
type AuthorizationInfo ¶
type AuthorizationInfo struct { // Authorizer determines whether the subject is allowed to make the request based only // on the RequestURI Authorizer authorizer.Authorizer }
type CompletedConfig ¶
type CompletedConfig struct {
// contains filtered or unexported fields
}
func (CompletedConfig) New ¶
func (c CompletedConfig) New(name string, delegationTarget DelegationTarget) (*GenericAPIServer, error)
New creates a new server which logically combines the handling chain with the passed server. name is used to differentiate for logging. The handler chain in particular can be difficult as it starts delegating. delegationTarget may not be nil.
type Config ¶
type Config struct { // SecureServing is required to serve https SecureServing *SecureServingInfo // Authentication is the configuration for authentication Authentication AuthenticationInfo // Authorization is the configuration for authorization Authorization AuthorizationInfo // LoopbackClientConfig is a config for a privileged loopback connection to the API server // This is required for proper functioning of the PostStartHooks on a GenericAPIServer // TODO: move into SecureServing(WithLoopback) as soon as insecure serving is gone LoopbackClientConfig *restclient.Config // EgressSelector provides a lookup mechanism for dialing outbound connections. // It does so based on a EgressSelectorConfiguration which was read at startup. EgressSelector *egressselector.EgressSelector // RuleResolver is required to get the list of rules that apply to a given user // in a given namespace RuleResolver authorizer.RuleResolver // AdmissionControl performs deep inspection of a given request (including content) // to set values and determine whether its allowed AdmissionControl admission.Interface CorsAllowedOriginList []string HSTSDirectives []string // FlowControl, if not nil, gives priority and fairness to request handling FlowControl utilflowcontrol.Interface EnableIndex bool EnableProfiling bool EnableDiscovery bool // Requires generic profiling enabled EnableContentionProfiling bool EnableMetrics bool DisabledPostStartHooks sets.String // done values in this values for this map are ignored. PostStartHooks map[string]PostStartHookConfigEntry // Version will enable the /version endpoint if non-nil Version *version.Info // AuditBackend is where audit events are sent to. AuditBackend audit.Backend // AuditPolicyRuleEvaluator makes the decision of whether and how to audit log a request. AuditPolicyRuleEvaluator audit.PolicyRuleEvaluator // ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger) // Will default to a value based on secure serving info and available ipv4 IPs. ExternalAddress string // TracerProvider can provide a tracer, which records spans for distributed tracing. TracerProvider *trace.TracerProvider // BuildHandlerChainFunc allows you to build custom handler chains by decorating the apiHandler. BuildHandlerChainFunc func(apiHandler http.Handler, c *Config) (secure http.Handler) // HandlerChainWaitGroup allows you to wait for all chain handlers exit after the server shutdown. HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup // DiscoveryAddresses is used to build the IPs pass to discovery. If nil, the ExternalAddress is // always reported DiscoveryAddresses discovery.Addresses // The default set of healthz checks. There might be more added via AddHealthChecks dynamically. HealthzChecks []healthz.HealthChecker // The default set of livez checks. There might be more added via AddHealthChecks dynamically. LivezChecks []healthz.HealthChecker // The default set of readyz-only checks. There might be more added via AddReadyzChecks dynamically. ReadyzChecks []healthz.HealthChecker // LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests // to InstallLegacyAPIGroup. New API servers don't generally have legacy groups at all. LegacyAPIGroupPrefixes sets.String // RequestInfoResolver is used to assign attributes (used by admission and authorization) based on a request URL. // Use-cases that are like kubelets may need to customize this. RequestInfoResolver apirequest.RequestInfoResolver // Serializer is required and provides the interface for serializing and converting objects to and from the wire // The default (api.Codecs) usually works fine. Serializer runtime.NegotiatedSerializer // OpenAPIConfig will be used in generating OpenAPI spec. This is nil by default. Use DefaultOpenAPIConfig for "working" defaults. OpenAPIConfig *openapicommon.Config // SkipOpenAPIInstallation avoids installing the OpenAPI handler if set to true. SkipOpenAPIInstallation bool // RESTOptionsGetter is used to construct RESTStorage types via the generic registry. RESTOptionsGetter genericregistry.RESTOptionsGetter // If specified, all requests except those which match the LongRunningFunc predicate will timeout // after this duration. RequestTimeout time.Duration // If specified, long running requests such as watch will be allocated a random timeout between this value, and // twice this value. Note that it is up to the request handlers to ignore or honor this timeout. In seconds. MinRequestTimeout int // This represents the maximum amount of time it should take for apiserver to complete its startup // sequence and become healthy. From apiserver's start time to when this amount of time has // elapsed, /livez will assume that unfinished post-start hooks will complete successfully and // therefore return true. LivezGracePeriod time.Duration // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server // have converged on all node. During this time, the API server keeps serving, /healthz will return 200, // but /readyz will return failure. ShutdownDelayDuration time.Duration // The limit on the total size increase all "copy" operations in a json // patch may cause. // This affects all places that applies json patch in the binary. JSONPatchMaxCopyBytes int64 // The limit on the request size that would be accepted and decoded in a write request // 0 means no limit. MaxRequestBodyBytes int64 // MaxRequestsInFlight is the maximum number of parallel non-long-running requests. Every further // request has to wait. Applies only to non-mutating requests. MaxRequestsInFlight int // MaxMutatingRequestsInFlight is the maximum number of parallel mutating requests. Every further // request has to wait. MaxMutatingRequestsInFlight int // Predicate which is true for paths of long-running http requests LongRunningFunc apirequest.LongRunningRequestCheck // GoawayChance is the probability that send a GOAWAY to HTTP/2 clients. When client received // GOAWAY, the in-flight requests will not be affected and new requests will use // a new TCP connection to triggering re-balancing to another server behind the load balance. // Default to 0, means never send GOAWAY. Max is 0.02 to prevent break the apiserver. GoawayChance float64 // MergedResourceConfig indicates which groupVersion enabled and its resources enabled/disabled. // This is composed of genericapiserver defaultAPIResourceConfig and those parsed from flags. // If not specify any in flags, then genericapiserver will only enable defaultAPIResourceConfig. MergedResourceConfig *serverstore.ResourceConfig // StorageObjectCountTracker is used to keep track of the total number of objects // in the storage per resource, so we can estimate width of incoming requests. StorageObjectCountTracker flowcontrolrequest.StorageObjectCountTracker // ShutdownSendRetryAfter dictates when to initiate shutdown of the HTTP // Server during the graceful termination of the apiserver. If true, we wait // for non longrunning requests in flight to be drained and then initiate a // shutdown of the HTTP Server. If false, we initiate a shutdown of the HTTP // Server as soon as ShutdownDelayDuration has elapsed. // If enabled, after ShutdownDelayDuration elapses, any incoming request is // rejected with a 429 status code and a 'Retry-After' response. ShutdownSendRetryAfter bool // StartupSendRetryAfterUntilReady once set will reject incoming requests with // a 429 status code and a 'Retry-After' response header until the apiserver // hasn't fully initialized. // This option ensures that the system stays consistent even when requests // are received before the server has been initialized. // In particular, it prevents child deletion in case of GC or/and orphaned // content in case of the namespaces controller. StartupSendRetryAfterUntilReady bool // PublicAddress is the IP address where members of the cluster (kubelet, // kube-proxy, services, etc.) can reach the GenericAPIServer. // If nil or 0.0.0.0, the host's default interface will be used. PublicAddress net.IP // EquivalentResourceRegistry provides information about resources equivalent to a given resource, // and the kind associated with a given resource. As resources are installed, they are registered here. EquivalentResourceRegistry runtime.EquivalentResourceRegistry // APIServerID is the ID of this API server APIServerID string // StorageVersionManager holds the storage versions of the API resources installed by this server. StorageVersionManager storageversion.Manager // contains filtered or unexported fields }
Config is a structure used to configure a GenericAPIServer. Its members are sorted roughly in order of importance for composers.
func NewConfig ¶
func NewConfig(codecs serializer.CodecFactory) *Config
NewConfig returns a Config struct with the default values
func (*Config) AddHealthChecks ¶ added in v0.16.4
func (c *Config) AddHealthChecks(healthChecks ...healthz.HealthChecker)
AddHealthChecks adds a health check to our config to be exposed by the health endpoints of our configured apiserver. We should prefer this to adding healthChecks directly to the config unless we explicitly want to add a healthcheck only to a specific health endpoint.
func (*Config) AddPostStartHook ¶ added in v0.17.0
func (c *Config) AddPostStartHook(name string, hook PostStartHookFunc) error
AddPostStartHook allows you to add a PostStartHook that will later be added to the server itself in a New call. Name conflicts will cause an error.
func (*Config) AddPostStartHookOrDie ¶ added in v0.17.0
func (c *Config) AddPostStartHookOrDie(name string, hook PostStartHookFunc)
AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure.
func (*Config) Complete ¶
func (c *Config) Complete(informers informers.SharedInformerFactory) CompletedConfig
Complete fills in any fields not set that are required to have valid data and can be derived from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver.
type DelegationTarget ¶
type DelegationTarget interface { // UnprotectedHandler returns a handler that is NOT protected by a normal chain UnprotectedHandler() http.Handler // PostStartHooks returns the post-start hooks that need to be combined PostStartHooks() map[string]postStartHookEntry // PreShutdownHooks returns the pre-stop hooks that need to be combined PreShutdownHooks() map[string]preShutdownHookEntry // HealthzChecks returns the healthz checks that need to be combined HealthzChecks() []healthz.HealthChecker // ListedPaths returns the paths for supporting an index ListedPaths() []string // NextDelegate returns the next delegationTarget in the chain of delegations NextDelegate() DelegationTarget // PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates. PrepareRun() preparedGenericAPIServer }
DelegationTarget is an interface which allows for composition of API servers with top level handling that works as expected.
func NewEmptyDelegate ¶
func NewEmptyDelegate() DelegationTarget
type DeprecatedInsecureServingInfo ¶
type DeprecatedInsecureServingInfo struct { // Listener is the secure server network listener. Listener net.Listener // optional server name for log messages Name string }
DeprecatedInsecureServingInfo is the main context object for the insecure http server. HTTP does NOT include authentication or authorization. You shouldn't be using this. It makes sig-auth sad.
func (*DeprecatedInsecureServingInfo) NewLoopbackClientConfig ¶
func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, error)
func (*DeprecatedInsecureServingInfo) Serve ¶
func (s *DeprecatedInsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error
Serve starts an insecure http server with the given handler. It fails only if the initial listen call fails. It does not block.
type GenericAPIServer ¶
type GenericAPIServer struct { // LoopbackClientConfig is a config for a privileged loopback connection to the API server LoopbackClientConfig *restclient.Config // ShutdownTimeout is the timeout used for server shutdown. This specifies the timeout before server // gracefully shutdown returns. ShutdownTimeout time.Duration // SecureServingInfo holds configuration of the TLS server. SecureServingInfo *SecureServingInfo // ExternalAddress is the address (hostname or IP and port) that should be used in // external (public internet) URLs for this GenericAPIServer. ExternalAddress string // Serializer controls how common API objects not in a group/version prefix are serialized for this server. // Individual APIGroups may define their own serializers. Serializer runtime.NegotiatedSerializer // "Outputs" // Handler holds the handlers being used by this API server Handler *APIServerHandler // DiscoveryGroupManager serves /apis DiscoveryGroupManager discovery.GroupManager // OpenAPIVersionedService controls the /openapi/v2 endpoint, and can be used to update the served spec. // It is set during PrepareRun if `openAPIConfig` is non-nil unless `skipOpenAPIInstallation` is true. OpenAPIVersionedService *handler.OpenAPIService // StaticOpenAPISpec is the spec derived from the restful container endpoints. // It is set during PrepareRun. StaticOpenAPISpec *spec.Swagger // auditing. The backend is started after the server starts listening. AuditBackend audit.Backend // Authorizer determines whether a user is allowed to make a certain request. The Handler does a preliminary // authorization check using the request URI but it may be necessary to make additional checks, such as in // the create-on-update case Authorizer authorizer.Authorizer // EquivalentResourceRegistry provides information about resources equivalent to a given resource, // and the kind associated with a given resource. As resources are installed, they are registered here. EquivalentResourceRegistry runtime.EquivalentResourceRegistry // HandlerChainWaitGroup allows you to wait for all chain handlers finish after the server shutdown. HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server // have converged on all node. During this time, the API server keeps serving, /healthz will return 200, // but /readyz will return failure. ShutdownDelayDuration time.Duration // APIServerID is the ID of this API server APIServerID string // StorageVersionManager holds the storage versions of the API resources installed by this server. StorageVersionManager storageversion.Manager // Version will enable the /version endpoint if non-nil Version *version.Info // ShutdownSendRetryAfter dictates when to initiate shutdown of the HTTP // Server during the graceful termination of the apiserver. If true, we wait // for non longrunning requests in flight to be drained and then initiate a // shutdown of the HTTP Server. If false, we initiate a shutdown of the HTTP // Server as soon as ShutdownDelayDuration has elapsed. // If enabled, after ShutdownDelayDuration elapses, any incoming request is // rejected with a 429 status code and a 'Retry-After' response. ShutdownSendRetryAfter bool // contains filtered or unexported fields }
GenericAPIServer contains state for a Kubernetes cluster api server.
func (*GenericAPIServer) AddBootSequenceHealthChecks ¶ added in v0.16.4
func (s *GenericAPIServer) AddBootSequenceHealthChecks(checks ...healthz.HealthChecker) error
AddBootSequenceHealthChecks adds health checks to the old healthz endpoint (for backwards compatibility reasons) as well as livez and readyz. The livez grace period is defined by the value of the command-line flag --livez-grace-period; before the grace period elapses, the livez health checks will default to healthy. One may want to set a grace period in order to prevent the kubelet from restarting the kube-apiserver due to long-ish boot sequences. Readyz health checks, on the other hand, have no grace period, since readyz should fail until boot fully completes.
func (*GenericAPIServer) AddHealthChecks ¶ added in v0.16.4
func (s *GenericAPIServer) AddHealthChecks(checks ...healthz.HealthChecker) error
AddHealthChecks adds HealthCheck(s) to health endpoints (healthz, livez, readyz) but configures the liveness grace period to be zero, which means we expect this health check to immediately indicate that the apiserver is unhealthy.
func (*GenericAPIServer) AddLivezChecks ¶ added in v0.21.0
func (s *GenericAPIServer) AddLivezChecks(delay time.Duration, checks ...healthz.HealthChecker) error
AddLivezChecks allows you to add a HealthCheck to livez.
func (*GenericAPIServer) AddPostStartHook ¶
func (s *GenericAPIServer) AddPostStartHook(name string, hook PostStartHookFunc) error
AddPostStartHook allows you to add a PostStartHook.
func (*GenericAPIServer) AddPostStartHookOrDie ¶
func (s *GenericAPIServer) AddPostStartHookOrDie(name string, hook PostStartHookFunc)
AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure
func (*GenericAPIServer) AddPreShutdownHook ¶
func (s *GenericAPIServer) AddPreShutdownHook(name string, hook PreShutdownHookFunc) error
AddPreShutdownHook allows you to add a PreShutdownHook.
func (*GenericAPIServer) AddPreShutdownHookOrDie ¶
func (s *GenericAPIServer) AddPreShutdownHookOrDie(name string, hook PreShutdownHookFunc)
AddPreShutdownHookOrDie allows you to add a PostStartHook, but dies on failure
func (*GenericAPIServer) AddReadyzChecks ¶ added in v0.21.0
func (s *GenericAPIServer) AddReadyzChecks(checks ...healthz.HealthChecker) error
AddReadyzChecks allows you to add a HealthCheck to readyz.
func (*GenericAPIServer) HealthzChecks ¶
func (s *GenericAPIServer) HealthzChecks() []healthz.HealthChecker
func (*GenericAPIServer) InstallAPIGroup ¶
func (s *GenericAPIServer) InstallAPIGroup(apiGroupInfo *APIGroupInfo) error
Exposes the given api group in the API.
func (*GenericAPIServer) InstallAPIGroups ¶
func (s *GenericAPIServer) InstallAPIGroups(apiGroupInfos ...*APIGroupInfo) error
Exposes given api groups in the API.
func (*GenericAPIServer) InstallLegacyAPIGroup ¶
func (s *GenericAPIServer) InstallLegacyAPIGroup(apiPrefix string, apiGroupInfo *APIGroupInfo) error
func (*GenericAPIServer) ListedPaths ¶
func (s *GenericAPIServer) ListedPaths() []string
func (*GenericAPIServer) NextDelegate ¶
func (s *GenericAPIServer) NextDelegate() DelegationTarget
func (*GenericAPIServer) PostStartHooks ¶
func (s *GenericAPIServer) PostStartHooks() map[string]postStartHookEntry
func (*GenericAPIServer) PreShutdownHooks ¶
func (s *GenericAPIServer) PreShutdownHooks() map[string]preShutdownHookEntry
func (*GenericAPIServer) PrepareRun ¶
func (s *GenericAPIServer) PrepareRun() preparedGenericAPIServer
PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates.
func (*GenericAPIServer) RunPostStartHooks ¶
func (s *GenericAPIServer) RunPostStartHooks(stopCh <-chan struct{})
RunPostStartHooks runs the PostStartHooks for the server
func (*GenericAPIServer) RunPreShutdownHooks ¶
func (s *GenericAPIServer) RunPreShutdownHooks() error
RunPreShutdownHooks runs the PreShutdownHooks for the server
func (*GenericAPIServer) UnprotectedHandler ¶
func (s *GenericAPIServer) UnprotectedHandler() http.Handler
type HandlerChainBuilderFn ¶
HandlerChainBuilderFn is used to wrap the GoRestfulContainer handler using the provided handler chain. It is normally used to apply filtering like authentication and authorization
type InsecureSuperuser ¶
type InsecureSuperuser struct{}
InsecureSuperuser implements authenticator.Request to always return a superuser. This is functionally equivalent to skipping authentication and authorization, but allows apiserver code to stop special-casing a nil user to skip authorization checks.
func (InsecureSuperuser) AuthenticateRequest ¶
func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)
type PostStartHookConfigEntry ¶ added in v0.17.0
type PostStartHookConfigEntry struct {
// contains filtered or unexported fields
}
type PostStartHookContext ¶
type PostStartHookContext struct { // LoopbackClientConfig is a config for a privileged loopback connection to the API server LoopbackClientConfig *restclient.Config // StopCh is the channel that will be closed when the server stops StopCh <-chan struct{} }
PostStartHookContext provides information about this API server to a PostStartHookFunc
type PostStartHookFunc ¶
type PostStartHookFunc func(context PostStartHookContext) error
PostStartHookFunc is a function that is called after the server has started. It must properly handle cases like:
- asynchronous start in multiple API server processes
- conflicts between the different processes all trying to perform the same action
- partially complete work (API server crashes while running your hook)
- API server access **BEFORE** your hook has completed
Think of it like a mini-controller that is super privileged and gets to run in-process If you use this feature, tag @deads2k on github who has promised to review code for anyone's PostStartHook until it becomes easier to use.
type PostStartHookProvider ¶
type PostStartHookProvider interface {
PostStartHook() (string, PostStartHookFunc, error)
}
PostStartHookProvider is an interface in addition to provide a post start hook for the api server
type PreShutdownHookFunc ¶
type PreShutdownHookFunc func() error
PreShutdownHookFunc is a function that can be added to the shutdown logic.
type RecommendedConfig ¶
type RecommendedConfig struct { Config // RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. It uses an in-cluster client config // by default, or the kubeconfig given with kubeconfig command line flag. SharedInformerFactory informers.SharedInformerFactory // ClientConfig holds the kubernetes client configuration. // This value is set by RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. // By default in-cluster client config is used. ClientConfig *restclient.Config }
func NewRecommendedConfig ¶
func NewRecommendedConfig(codecs serializer.CodecFactory) *RecommendedConfig
NewRecommendedConfig returns a RecommendedConfig struct with the default values
func (*RecommendedConfig) Complete ¶
func (c *RecommendedConfig) Complete() CompletedConfig
Complete fills in any fields not set that are required to have valid data and can be derived from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver.
type ResourceExpirationEvaluator ¶ added in v0.21.0
type ResourceExpirationEvaluator interface { // RemoveDeletedKinds inspects the storage map and modifies it in place by removing storage for kinds that have been deleted. // versionedResourcesStorageMap mirrors the field on APIGroupInfo, it's a map from version to resource to the storage. RemoveDeletedKinds(groupName string, versioner runtime.ObjectVersioner, versionedResourcesStorageMap map[string]map[string]rest.Storage) // ShouldServeForVersion returns true if a particular version cut off is after the current version ShouldServeForVersion(majorRemoved, minorRemoved int) bool }
ResourceExpirationEvaluator indicates whether or not a resource should be served.
func NewResourceExpirationEvaluator ¶ added in v0.21.0
func NewResourceExpirationEvaluator(currentVersion apimachineryversion.Info) (ResourceExpirationEvaluator, error)
type SecureServingInfo ¶
type SecureServingInfo struct { // Listener is the secure server network listener. Listener net.Listener // Cert is the main server cert which is used if SNI does not match. Cert must be non-nil and is // allowed to be in SNICerts. Cert dynamiccertificates.CertKeyContentProvider // SNICerts are the TLS certificates used for SNI. SNICerts []dynamiccertificates.SNICertKeyContentProvider // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates ClientCA dynamiccertificates.CAContentProvider // MinTLSVersion optionally overrides the minimum TLS version supported. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). MinTLSVersion uint16 // CipherSuites optionally overrides the list of allowed cipher suites for the server. // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants). CipherSuites []uint16 // HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client. // A value of zero means to use the default provided by golang's HTTP/2 support. HTTP2MaxStreamsPerConnection int // DisableHTTP2 indicates that http2 should not be enabled. DisableHTTP2 bool }
func (*SecureServingInfo) NewClientConfig ¶
func (s *SecureServingInfo) NewClientConfig(caCert []byte) (*restclient.Config, error)
func (*SecureServingInfo) NewLoopbackClientConfig ¶
func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert []byte) (*restclient.Config, error)
func (*SecureServingInfo) Serve ¶
func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, error)
Serve runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails. The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. Serve does not block. It returns a stoppedCh that is closed when all non-hijacked active requests have been processed.
func (*SecureServingInfo) ServeWithListenerStopped ¶ added in v0.22.0
func (s *SecureServingInfo) ServeWithListenerStopped(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, <-chan struct{}, error)
ServeWithListenerStopped runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails. The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. ServeWithListenerStopped does not block. It returns a stoppedCh that is closed when all non-hijacked active requests have been processed. It returns a listenerStoppedCh that is closed when the underlying http Server has stopped listening. TODO: do a follow up PR to remove this function, change 'Serve' to return listenerStoppedCh
and update all components that call 'Serve'
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package filters contains all the http handler chain filters which are not api related.
|
Package filters contains all the http handler chain filters which are not api related. |
Package healthz implements basic http server health checking.
|
Package healthz implements basic http server health checking. |
Package httplog contains a helper object and functions to maintain a log along with an http response.
|
Package httplog contains a helper object and functions to maintain a log along with an http response. |
Package mux contains abstractions for http multiplexing of APIs.
|
Package mux contains abstractions for http multiplexing of APIs. |
package options is the public flags and options used by a generic api server.
|
package options is the public flags and options used by a generic api server. |
Package resourceconfig contains the resource config related helper functions.
|
Package resourceconfig contains the resource config related helper functions. |
Package routes holds a collection of optional genericapiserver http handlers.
|
Package routes holds a collection of optional genericapiserver http handlers. |
Package storage contains the plumbing to setup the etcd storage of the apiserver.
|
Package storage contains the plumbing to setup the etcd storage of the apiserver. |