Skip to content

Commit

Permalink
UPSTREAM: <carry>: kube-apiserver: allow rewiring
Browse files Browse the repository at this point in the history
  • Loading branch information
deads2k authored and soltysh committed Sep 7, 2021
1 parent aca3de9 commit f7069c2
Show file tree
Hide file tree
Showing 6 changed files with 43 additions and 16 deletions.
6 changes: 6 additions & 0 deletions cmd/kube-apiserver/app/options/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,6 +92,8 @@ type ServerRunOptions struct {
ServiceAccountTokenMaxExpiration time.Duration

ShowHiddenMetricsForVersion string

OpenShiftConfig string
}

// NewServerRunOptions creates a new ServerRunOptions object with default parameters
Expand Down Expand Up @@ -283,5 +285,9 @@ func (s *ServerRunOptions) Flags() (fss cliflag.NamedFlagSets) {
fs.StringVar(&s.ServiceAccountSigningKeyFile, "service-account-signing-key-file", s.ServiceAccountSigningKeyFile, ""+
"Path to the file that contains the current private key of the service account token issuer. The issuer will sign issued ID tokens with this private key.")

fs.StringVar(&s.OpenShiftConfig, "openshift-config", s.OpenShiftConfig, "config for openshift")
fs.MarkDeprecated("openshift-config", "to be removed")
fs.MarkHidden("openshift-config")

return fss
}
5 changes: 2 additions & 3 deletions cmd/kube-apiserver/app/patch_openshift.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,11 @@ import (
"k8s.io/apiserver/pkg/admission"
genericapiserver "k8s.io/apiserver/pkg/server"
clientgoinformers "k8s.io/client-go/informers"
"k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver"
"k8s.io/kubernetes/pkg/master"
)

type KubeAPIServerConfigFunc func(config *genericapiserver.Config, versionedInformers clientgoinformers.SharedInformerFactory, pluginInitializers *[]admission.PluginInitializer) (genericapiserver.DelegationTarget, error)

var OpenShiftKubeAPIServerConfigPatch KubeAPIServerConfigFunc = nil
var OpenShiftKubeAPIServerConfigPatch openshiftkubeapiserver.KubeAPIServerConfigFunc = nil

type KubeAPIServerServerFunc func(server *master.Master) error

Expand Down
33 changes: 33 additions & 0 deletions cmd/kube-apiserver/app/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ import (
"strings"
"time"

"k8s.io/kubernetes/openshift-kube-apiserver/configdefault"
"k8s.io/kubernetes/openshift-kube-apiserver/enablement"
"k8s.io/kubernetes/openshift-kube-apiserver/openshiftkubeapiserver"

"github.com/go-openapi/spec"
"github.com/spf13/cobra"
"github.com/spf13/pflag"

Expand Down Expand Up @@ -125,6 +130,31 @@ cluster's shared state through which all other components interact.`,
fs := cmd.Flags()
cliflag.PrintFlags(fs)

if len(s.OpenShiftConfig) > 0 {
enablement.ForceOpenShift()
openshiftConfig, err := enablement.GetOpenshiftConfig(s.OpenShiftConfig)
if err != nil {
klog.Fatal(err)
}

// this forces a patch to be called
// TODO we're going to try to remove bits of the patching.
configPatchFn, serverPatchContext := openshiftkubeapiserver.NewOpenShiftKubeAPIServerConfigPatch(genericapiserver.NewEmptyDelegate(), openshiftConfig)
OpenShiftKubeAPIServerConfigPatch = configPatchFn
OpenShiftKubeAPIServerServerPatch = serverPatchContext.PatchServer

args, err := openshiftkubeapiserver.ConfigToFlags(openshiftConfig)
if err != nil {
return err
}
// hopefully this resets the flags?
if err := cmd.ParseFlags(args); err != nil {
return err
}

enablement.ForceGlobalInitializationForOpenShift(s)
}

err := checkNonZeroInsecurePort(fs)
if err != nil {
return err
Expand Down Expand Up @@ -561,6 +591,9 @@ func buildGenericConfig(
return
}

if enablement.IsOpenShift() {
configdefault.SetAdmissionDefaults(s, versionedInformers, clientgoExternalClient)
}
err = s.Admission.ApplyTo(
genericConfig,
versionedInformers,
Expand Down
2 changes: 0 additions & 2 deletions pkg/kubeapiserver/options/admission.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,8 +115,6 @@ func (a *AdmissionOptions) ApplyTo(
return nil
}

a.GenericAdmission.Decorators = append(a.GenericAdmission.Decorators, Decorators...)

if a.PluginNames != nil {
// pass PluginNames to generic AdmissionOptions
a.GenericAdmission.EnablePlugins, a.GenericAdmission.DisablePlugins = computePluginNames(a.PluginNames, a.GenericAdmission.RecommendedPluginOrder)
Expand Down
9 changes: 0 additions & 9 deletions pkg/kubeapiserver/options/patch.go

This file was deleted.

4 changes: 2 additions & 2 deletions pkg/kubeapiserver/options/plugins.go
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ var AllOrderedPlugins = []string{

// RegisterAllAdmissionPlugins registers all admission plugins and
// sets the recommended plugins order.
func registerAllAdmissionPlugins(plugins *admission.Plugins) {
func RegisterAllAdmissionPlugins(plugins *admission.Plugins) {
admit.Register(plugins) // DEPRECATED as no real meaning
alwayspullimages.Register(plugins)
antiaffinity.Register(plugins)
Expand Down Expand Up @@ -140,7 +140,7 @@ func registerAllAdmissionPlugins(plugins *admission.Plugins) {
}

// DefaultOffAdmissionPlugins get admission plugins off by default for kube-apiserver.
func defaultOffAdmissionPlugins() sets.String {
func DefaultOffAdmissionPlugins() sets.String {
defaultOnPlugins := sets.NewString(
lifecycle.PluginName, //NamespaceLifecycle
limitranger.PluginName, //LimitRanger
Expand Down

0 comments on commit f7069c2

Please sign in to comment.