Skip to content

Commit

Permalink
UPSTREAM: <carry>: eliminate unnecessary closure in openshift configu…
Browse files Browse the repository at this point in the history 
…ration wiring

Origin-commit: 3b0c72dd7b9f9367dda8f8645909d9277a6c29e9
  • Loading branch information
@deads2k @soltysh
deads2k authored and soltysh committed Sep 8, 2021
1 parent 901d0bf commit 13f5eb3
Show file tree
Hide file tree
Showing 4 changed files with 54 additions and 123 deletions.
18 changes: 0 additions & 18 deletions cmd/kube-apiserver/app/patch_openshift.go
View file

This file was deleted.

12 changes: 4 additions & 8 deletions cmd/kube-apiserver/app/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -135,17 +135,15 @@ cluster's shared state through which all other components interact.`,
fs := cmd.Flags()

if len(s.OpenShiftConfig) > 0 {
// if we are running openshift, we modify the admission chain defaults accordingly
admissionenablement.InstallOpenShiftAdmissionPlugins(s)

openshiftConfig, err := enablement.GetOpenshiftConfig(s.OpenShiftConfig)
if err != nil {
klog.Fatal(err)
}
enablement.ForceOpenShift(openshiftConfig)

// this forces a patch to be called
// TODO we're going to try to remove bits of the patching.
configPatchFn := openshiftkubeapiserver.NewOpenShiftKubeAPIServerConfigPatch(openshiftConfig)
OpenShiftKubeAPIServerConfigPatch = configPatchFn

args, err := openshiftkubeapiserver.ConfigToFlags(openshiftConfig)
if err != nil {
return err
Expand All @@ -160,8 +158,6 @@ cluster's shared state through which all other components interact.`,
cliflag.PrintFlags(cmd.Flags())

enablement.ForceGlobalInitializationForOpenShift()
admissionenablement.InstallOpenShiftAdmissionPlugins(s)

} else {
// print default flags
cliflag.PrintFlags(cmd.Flags())
Expand Down Expand Up @@ -611,7 +607,7 @@ func buildGenericConfig(
return
}

if err := PatchKubeAPIServerConfig(genericConfig, versionedInformers, &pluginInitializers); err != nil {
if err := openshiftkubeapiserver.OpenShiftKubeAPIServerConfigPatch(genericConfig, versionedInformers, &pluginInitializers); err != nil {
lastErr = fmt.Errorf("failed to patch: %v", err)
return
}
Expand Down
45 changes: 0 additions & 45 deletions openshift-kube-apiserver/openshiftkubeapiserver/paramtoken/paramtoken.go
View file

This file was deleted.

102 changes: 50 additions & 52 deletions openshift-kube-apiserver/openshiftkubeapiserver/patch.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"k8s.io/client-go/tools/cache"
"k8s.io/kubernetes/pkg/quota/v1/install"

kubecontrolplanev1 "github.com/openshift/api/kubecontrolplane/v1"
"github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy"
"github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/imagereferencemutators"
"github.com/openshift/apiserver-library-go/pkg/admission/quota/clusterresourcequota"
Expand All @@ -34,60 +33,59 @@ import (
"k8s.io/kubernetes/openshift-kube-apiserver/admission/scheduler/nodeenv"
)

type KubeAPIServerConfigFunc func(config *genericapiserver.Config, versionedInformers clientgoinformers.SharedInformerFactory, pluginInitializers *[]admission.PluginInitializer) error

func NewOpenShiftKubeAPIServerConfigPatch(kubeAPIServerConfig *kubecontrolplanev1.KubeAPIServerConfig) KubeAPIServerConfigFunc {
return func(genericConfig *genericapiserver.Config, kubeInformers clientgoinformers.SharedInformerFactory, pluginInitializers *[]admission.PluginInitializer) error {
openshiftInformers, err := newInformers(genericConfig.LoopbackClientConfig)
if err != nil {
return err
}

// AUTHORIZER
genericConfig.RequestInfoResolver = apiserverconfig.OpenshiftRequestInfoResolver()
// END AUTHORIZER

// Inject OpenShift API long running endpoints (like for binary builds).
// TODO: We should disable the timeout code for aggregated endpoints as this can cause problems when upstream add additional endpoints.
genericConfig.LongRunningFunc = apiserverconfig.IsLongRunningRequest

// ADMISSION
clusterQuotaMappingController := newClusterQuotaMappingController(kubeInformers.Core().V1().Namespaces(), openshiftInformers.OpenshiftQuotaInformers.Quota().V1().ClusterResourceQuotas())
genericConfig.AddPostStartHookOrDie("quota.openshift.io-clusterquotamapping", func(context genericapiserver.PostStartHookContext) error {
go clusterQuotaMappingController.Run(5, context.StopCh)
return nil
})

*pluginInitializers = append(*pluginInitializers,
imagepolicy.NewInitializer(imagereferencemutators.KubeImageMutators{}, kubeAPIServerConfig.ImagePolicyConfig.InternalRegistryHostname),
restrictusers.NewInitializer(openshiftInformers.getOpenshiftUserInformers()),
sccadmission.NewInitializer(openshiftInformers.getOpenshiftSecurityInformers().Security().V1().SecurityContextConstraints()),
clusterresourcequota.NewInitializer(
openshiftInformers.getOpenshiftQuotaInformers().Quota().V1().ClusterResourceQuotas(),
clusterQuotaMappingController.GetClusterQuotaMapper(),
generic.NewRegistry(install.NewQuotaConfigurationForAdmission().Evaluators()),
),
nodeenv.NewInitializer(kubeAPIServerConfig.ProjectConfig.DefaultNodeSelector),
admissionrestconfig.NewInitializer(*rest.CopyConfig(genericConfig.LoopbackClientConfig)),
)
// END ADMISSION

// HANDLER CHAIN (with oauth server and web console)
genericConfig.BuildHandlerChainFunc, err = BuildHandlerChain(kubeAPIServerConfig.ConsolePublicURL, kubeAPIServerConfig.AuthConfig.OAuthMetadataFile)
if err != nil {
return err
}
// END HANDLER CHAIN

genericConfig.AddPostStartHookOrDie("openshift.io-startkubeinformers", func(context genericapiserver.PostStartHookContext) error {
go kubeInformers.Start(context.StopCh)
go openshiftInformers.Start(context.StopCh)
return nil
})
enablement.AppendPostStartHooksOrDie(genericConfig)
func OpenShiftKubeAPIServerConfigPatch(genericConfig *genericapiserver.Config, kubeInformers clientgoinformers.SharedInformerFactory, pluginInitializers *[]admission.PluginInitializer) error {
if !enablement.IsOpenShift() {
return nil
}

openshiftInformers, err := newInformers(genericConfig.LoopbackClientConfig)
if err != nil {
return err
}

// AUTHORIZER
genericConfig.RequestInfoResolver = apiserverconfig.OpenshiftRequestInfoResolver()
// END AUTHORIZER

// Inject OpenShift API long running endpoints (like for binary builds).
// TODO: We should disable the timeout code for aggregated endpoints as this can cause problems when upstream add additional endpoints.
genericConfig.LongRunningFunc = apiserverconfig.IsLongRunningRequest

// ADMISSION
clusterQuotaMappingController := newClusterQuotaMappingController(kubeInformers.Core().V1().Namespaces(), openshiftInformers.OpenshiftQuotaInformers.Quota().V1().ClusterResourceQuotas())
genericConfig.AddPostStartHookOrDie("quota.openshift.io-clusterquotamapping", func(context genericapiserver.PostStartHookContext) error {
go clusterQuotaMappingController.Run(5, context.StopCh)
return nil
})

*pluginInitializers = append(*pluginInitializers,
imagepolicy.NewInitializer(imagereferencemutators.KubeImageMutators{}, enablement.OpenshiftConfig().ImagePolicyConfig.InternalRegistryHostname),
restrictusers.NewInitializer(openshiftInformers.getOpenshiftUserInformers()),
sccadmission.NewInitializer(openshiftInformers.getOpenshiftSecurityInformers().Security().V1().SecurityContextConstraints()),
clusterresourcequota.NewInitializer(
openshiftInformers.getOpenshiftQuotaInformers().Quota().V1().ClusterResourceQuotas(),
clusterQuotaMappingController.GetClusterQuotaMapper(),
generic.NewRegistry(install.NewQuotaConfigurationForAdmission().Evaluators()),
),
nodeenv.NewInitializer(enablement.OpenshiftConfig().ProjectConfig.DefaultNodeSelector),
admissionrestconfig.NewInitializer(*rest.CopyConfig(genericConfig.LoopbackClientConfig)),
)
// END ADMISSION

// HANDLER CHAIN (with oauth server and web console)
genericConfig.BuildHandlerChainFunc, err = BuildHandlerChain(enablement.OpenshiftConfig().ConsolePublicURL, enablement.OpenshiftConfig().AuthConfig.OAuthMetadataFile)
if err != nil {
return err
}
// END HANDLER CHAIN

genericConfig.AddPostStartHookOrDie("openshift.io-startkubeinformers", func(context genericapiserver.PostStartHookContext) error {
go openshiftInformers.Start(context.StopCh)
return nil
})
enablement.AppendPostStartHooksOrDie(genericConfig)

return nil
}

// newInformers is only exposed for the build's integration testing until it can be fixed more appropriately.
Expand Down

0 comments on commit 13f5eb3

Please sign in to comment.