apiserver: k8s.io/apiserver/pkg/server Index | Files | Directories

package server

import "k8s.io/apiserver/pkg/server"

Package server contains the plumbing to create kubernetes-like API server command.

Index

Package Files

config.go config_selfclient.go deprecated_insecure_serving.go doc.go genericapiserver.go handler.go healthz.go hooks.go plugins.go secure_serving.go signal.go signal_posix.go

Constants

const (
    // DefaultLegacyAPIPrefix is where the legacy APIs will be located.
    DefaultLegacyAPIPrefix = "/api"

    // APIGroupPrefix is where non-legacy API group will be located.
    APIGroupPrefix = "/apis"
)
const LoopbackClientServerNameOverride = "apiserver-loopback-client"

LoopbackClientServerNameOverride is passed to the apiserver from the loopback client in order to select the loopback certificate via SNI if TLS is used.

func AuthorizeClientBearerToken Uses

func AuthorizeClientBearerToken(loopback *restclient.Config, authn *AuthenticationInfo, authz *AuthorizationInfo)

AuthorizeClientBearerToken wraps the authenticator and authorizer in loopback authentication logic if the loopback client config is specified AND it has a bearer token. Note that if either authn or authz is nil, this function won't add a token authenticator or authorizer.

func DefaultBuildHandlerChain Uses

func DefaultBuildHandlerChain(apiHandler http.Handler, c *Config) http.Handler

func DefaultOpenAPIConfig Uses

func DefaultOpenAPIConfig(getDefinitions openapicommon.GetOpenAPIDefinitions, defNamer *apiopenapi.DefinitionNamer) *openapicommon.Config

func LoopbackHostPort Uses

func LoopbackHostPort(bindAddress string) (string, string, error)

LoopbackHostPort returns the host and port loopback REST clients should use to contact the server.

func NewRequestInfoResolver Uses

func NewRequestInfoResolver(c *Config) *apirequest.RequestInfoFactory

func RegisterAllAdmissionPlugins Uses

func RegisterAllAdmissionPlugins(plugins *admission.Plugins)

RegisterAllAdmissionPlugins registers all admission plugins

func RequestShutdown Uses

func RequestShutdown() bool

RequestShutdown emulates a received event that is considered as shutdown signal (SIGTERM/SIGINT) This returns whether a handler was notified

func RunServer Uses

func RunServer(
    server *http.Server,
    ln net.Listener,
    shutDownTimeout time.Duration,
    stopCh <-chan struct{},
) (<-chan struct{}, error)

RunServer spawns a go-routine continuously serving until the stopCh is closed. It returns a stoppedCh that is closed when all non-hijacked active requests have been processed. This function does not block TODO: make private when insecure serving is gone from the kube-apiserver

func SetupSignalHandler Uses

func SetupSignalHandler() <-chan struct{}

SetupSignalHandler registered for SIGTERM and SIGINT. A stop channel is returned which is closed on one of these signals. If a second signal is caught, the program is terminated with exit code 1.

type APIGroupInfo Uses

type APIGroupInfo struct {
    PrioritizedVersions []schema.GroupVersion
    // Info about the resources in this group. It's a map from version to resource to the storage.
    VersionedResourcesStorageMap map[string]map[string]rest.Storage
    // OptionsExternalVersion controls the APIVersion used for common objects in the
    // schema like api.Status, api.DeleteOptions, and metav1.ListOptions. Other implementors may
    // define a version "v1beta1" but want to use the Kubernetes "v1" internal objects.
    // If nil, defaults to groupMeta.GroupVersion.
    // TODO: Remove this when https://github.com/kubernetes/kubernetes/issues/19018 is fixed.
    OptionsExternalVersion *schema.GroupVersion
    // MetaGroupVersion defaults to "meta.k8s.io/v1" and is the scheme group version used to decode
    // common API implementations like ListOptions. Future changes will allow this to vary by group
    // version (for when the inevitable meta/v2 group emerges).
    MetaGroupVersion *schema.GroupVersion

    // Scheme includes all of the types used by this group and how to convert between them (or
    // to convert objects from outside of this group that are accepted in this API).
    // TODO: replace with interfaces
    Scheme *runtime.Scheme
    // NegotiatedSerializer controls how this group encodes and decodes data
    NegotiatedSerializer runtime.NegotiatedSerializer
    // ParameterCodec performs conversions for query parameters passed to API calls
    ParameterCodec runtime.ParameterCodec

    // StaticOpenAPISpec is the spec derived from the definitions of all resources installed together.
    // It is set during InstallAPIGroups, InstallAPIGroup, and InstallLegacyAPIGroup.
    StaticOpenAPISpec *spec.Swagger
}

Info about an API group.

func NewDefaultAPIGroupInfo Uses

func NewDefaultAPIGroupInfo(group string, scheme *runtime.Scheme, parameterCodec runtime.ParameterCodec, codecs serializer.CodecFactory) APIGroupInfo

NewDefaultAPIGroupInfo returns an APIGroupInfo stubbed with "normal" values exposed for easier composition from other packages

type APIServerHandler Uses

type APIServerHandler struct {
    // FullHandlerChain is the one that is eventually served with.  It should include the full filter
    // chain and then call the Director.
    FullHandlerChain http.Handler
    // The registered APIs.  InstallAPIs uses this.  Other servers probably shouldn't access this directly.
    GoRestfulContainer *restful.Container
    // NonGoRestfulMux is the final HTTP handler in the chain.
    // It comes after all filters and the API handling
    // This is where other servers can attach handler to various parts of the chain.
    NonGoRestfulMux *mux.PathRecorderMux

    // Director is here so that we can properly handle fall through and proxy cases.
    // This looks a bit bonkers, but here's what's happening.  We need to have /apis handling registered in gorestful in order to have
    // swagger generated for compatibility.  Doing that with `/apis` as a webservice, means that it forcibly 404s (no defaulting allowed)
    // all requests which are not /apis or /apis/.  We need those calls to fall through behind goresful for proper delegation.  Trying to
    // register for a pattern which includes everything behind it doesn't work because gorestful negotiates for verbs and content encoding
    // and all those things go crazy when gorestful really just needs to pass through.  In addition, openapi enforces unique verb constraints
    // which we don't fit into and it still muddies up swagger.  Trying to switch the webservices into a route doesn't work because the
    //  containing webservice faces all the same problems listed above.
    // This leads to the crazy thing done here.  Our mux does what we need, so we'll place it in front of gorestful.  It will introspect to
    // decide if the route is likely to be handled by goresful and route there if needed.  Otherwise, it goes to PostGoRestful mux in
    // order to handle "normal" paths and delegation. Hopefully no API consumers will ever have to deal with this level of detail.  I think
    // we should consider completely removing gorestful.
    // Other servers should only use this opaquely to delegate to an API server.
    Director http.Handler
}

APIServerHandlers holds the different http.Handlers used by the API server. This includes the full handler chain, the director (which chooses between gorestful and nonGoRestful, the gorestful handler (used for the API) which falls through to the nonGoRestful handler on unregistered paths, and the nonGoRestful handler (which can contain a fallthrough of its own) FullHandlerChain -> Director -> {GoRestfulContainer,NonGoRestfulMux} based on inspection of registered web services

func NewAPIServerHandler Uses

func NewAPIServerHandler(name string, s runtime.NegotiatedSerializer, handlerChainBuilder HandlerChainBuilderFn, notFoundHandler http.Handler) *APIServerHandler

func (*APIServerHandler) ListedPaths Uses

func (a *APIServerHandler) ListedPaths() []string

ListedPaths returns the paths that should be shown under /

func (*APIServerHandler) ServeHTTP Uses

func (a *APIServerHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP makes it an http.Handler

type AuthenticationInfo Uses

type AuthenticationInfo struct {
    // APIAudiences is a list of identifier that the API identifies as. This is
    // used by some authenticators to validate audience bound credentials.
    APIAudiences authenticator.Audiences
    // Authenticator determines which subject is making the request
    Authenticator authenticator.Request
    // SupportsBasicAuth indicates that's at least one Authenticator supports basic auth
    // If this is true, a basic auth challenge is returned on authentication failure
    // TODO(roberthbailey): Remove once the server no longer supports http basic auth.
    SupportsBasicAuth bool
}

func (*AuthenticationInfo) ApplyClientCert Uses

func (c *AuthenticationInfo) ApplyClientCert(clientCA dynamiccertificates.CAContentProvider, servingInfo *SecureServingInfo) error

type AuthorizationInfo Uses

type AuthorizationInfo struct {
    // Authorizer determines whether the subject is allowed to make the request based only
    // on the RequestURI
    Authorizer authorizer.Authorizer
}

type CompletedConfig Uses

type CompletedConfig struct {
    // contains filtered or unexported fields
}

func (CompletedConfig) New Uses

func (c CompletedConfig) New(name string, delegationTarget DelegationTarget) (*GenericAPIServer, error)

New creates a new server which logically combines the handling chain with the passed server. name is used to differentiate for logging. The handler chain in particular can be difficult as it starts delgating. delegationTarget may not be nil.

type Config Uses

type Config struct {
    // SecureServing is required to serve https
    SecureServing *SecureServingInfo

    // Authentication is the configuration for authentication
    Authentication AuthenticationInfo

    // Authorization is the configuration for authorization
    Authorization AuthorizationInfo

    // LoopbackClientConfig is a config for a privileged loopback connection to the API server
    // This is required for proper functioning of the PostStartHooks on a GenericAPIServer
    // TODO: move into SecureServing(WithLoopback) as soon as insecure serving is gone
    LoopbackClientConfig *restclient.Config

    // EgressSelector provides a lookup mechanism for dialing outbound connections.
    // It does so based on a EgressSelectorConfiguration which was read at startup.
    EgressSelector *egressselector.EgressSelector

    // RuleResolver is required to get the list of rules that apply to a given user
    // in a given namespace
    RuleResolver authorizer.RuleResolver
    // AdmissionControl performs deep inspection of a given request (including content)
    // to set values and determine whether its allowed
    AdmissionControl      admission.Interface
    CorsAllowedOriginList []string

    EnableIndex     bool
    EnableProfiling bool
    EnableDiscovery bool
    // Requires generic profiling enabled
    EnableContentionProfiling bool
    EnableMetrics             bool

    DisabledPostStartHooks sets.String
    // done values in this values for this map are ignored.
    PostStartHooks map[string]PostStartHookConfigEntry

    // Version will enable the /version endpoint if non-nil
    Version *version.Info
    // AuditBackend is where audit events are sent to.
    AuditBackend audit.Backend
    // AuditPolicyChecker makes the decision of whether and how to audit log a request.
    AuditPolicyChecker auditpolicy.Checker
    // ExternalAddress is the host name to use for external (public internet) facing URLs (e.g. Swagger)
    // Will default to a value based on secure serving info and available ipv4 IPs.
    ExternalAddress string

    // BuildHandlerChainFunc allows you to build custom handler chains by decorating the apiHandler.
    BuildHandlerChainFunc func(apiHandler http.Handler, c *Config) (secure http.Handler)
    // HandlerChainWaitGroup allows you to wait for all chain handlers exit after the server shutdown.
    HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup
    // DiscoveryAddresses is used to build the IPs pass to discovery. If nil, the ExternalAddress is
    // always reported
    DiscoveryAddresses discovery.Addresses
    // The default set of healthz checks. There might be more added via AddHealthChecks dynamically.
    HealthzChecks []healthz.HealthChecker
    // The default set of livez checks. There might be more added via AddHealthChecks dynamically.
    LivezChecks []healthz.HealthChecker
    // The default set of readyz-only checks. There might be more added via AddReadyzChecks dynamically.
    ReadyzChecks []healthz.HealthChecker
    // LegacyAPIGroupPrefixes is used to set up URL parsing for authorization and for validating requests
    // to InstallLegacyAPIGroup. New API servers don't generally have legacy groups at all.
    LegacyAPIGroupPrefixes sets.String
    // RequestInfoResolver is used to assign attributes (used by admission and authorization) based on a request URL.
    // Use-cases that are like kubelets may need to customize this.
    RequestInfoResolver apirequest.RequestInfoResolver
    // Serializer is required and provides the interface for serializing and converting objects to and from the wire
    // The default (api.Codecs) usually works fine.
    Serializer runtime.NegotiatedSerializer
    // OpenAPIConfig will be used in generating OpenAPI spec. This is nil by default. Use DefaultOpenAPIConfig for "working" defaults.
    OpenAPIConfig *openapicommon.Config

    // RESTOptionsGetter is used to construct RESTStorage types via the generic registry.
    RESTOptionsGetter genericregistry.RESTOptionsGetter

    // If specified, all requests except those which match the LongRunningFunc predicate will timeout
    // after this duration.
    RequestTimeout time.Duration
    // If specified, long running requests such as watch will be allocated a random timeout between this value, and
    // twice this value.  Note that it is up to the request handlers to ignore or honor this timeout. In seconds.
    MinRequestTimeout int

    // This represents the maximum amount of time it should take for apiserver to complete its startup
    // sequence and become healthy. From apiserver's start time to when this amount of time has
    // elapsed, /livez will assume that unfinished post-start hooks will complete successfully and
    // therefore return true.
    LivezGracePeriod time.Duration
    // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server
    // have converged on all node. During this time, the API server keeps serving, /healthz will return 200,
    // but /readyz will return failure.
    ShutdownDelayDuration time.Duration

    // The limit on the total size increase all "copy" operations in a json
    // patch may cause.
    // This affects all places that applies json patch in the binary.
    JSONPatchMaxCopyBytes int64
    // The limit on the request size that would be accepted and decoded in a write request
    // 0 means no limit.
    MaxRequestBodyBytes int64
    // MaxRequestsInFlight is the maximum number of parallel non-long-running requests. Every further
    // request has to wait. Applies only to non-mutating requests.
    MaxRequestsInFlight int
    // MaxMutatingRequestsInFlight is the maximum number of parallel mutating requests. Every further
    // request has to wait.
    MaxMutatingRequestsInFlight int
    // Predicate which is true for paths of long-running http requests
    LongRunningFunc apirequest.LongRunningRequestCheck

    // MergedResourceConfig indicates which groupVersion enabled and its resources enabled/disabled.
    // This is composed of genericapiserver defaultAPIResourceConfig and those parsed from flags.
    // If not specify any in flags, then genericapiserver will only enable defaultAPIResourceConfig.
    MergedResourceConfig *serverstore.ResourceConfig

    // PublicAddress is the IP address where members of the cluster (kubelet,
    // kube-proxy, services, etc.) can reach the GenericAPIServer.
    // If nil or 0.0.0.0, the host's default interface will be used.
    PublicAddress net.IP

    // EquivalentResourceRegistry provides information about resources equivalent to a given resource,
    // and the kind associated with a given resource. As resources are installed, they are registered here.
    EquivalentResourceRegistry runtime.EquivalentResourceRegistry
}

Config is a structure used to configure a GenericAPIServer. Its members are sorted roughly in order of importance for composers.

func NewConfig Uses

func NewConfig(codecs serializer.CodecFactory) *Config

NewConfig returns a Config struct with the default values

func (*Config) AddHealthChecks Uses

func (c *Config) AddHealthChecks(healthChecks ...healthz.HealthChecker)

AddHealthChecks adds a health check to our config to be exposed by the health endpoints of our configured apiserver. We should prefer this to adding healthChecks directly to the config unless we explicitly want to add a healthcheck only to a specific health endpoint.

func (*Config) AddPostStartHook Uses

func (c *Config) AddPostStartHook(name string, hook PostStartHookFunc) error

AddPostStartHook allows you to add a PostStartHook that will later be added to the server itself in a New call. Name conflicts will cause an error.

func (*Config) AddPostStartHookOrDie Uses

func (c *Config) AddPostStartHookOrDie(name string, hook PostStartHookFunc)

AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure.

func (*Config) Complete Uses

func (c *Config) Complete(informers informers.SharedInformerFactory) CompletedConfig

Complete fills in any fields not set that are required to have valid data and can be derived from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver.

type DelegationTarget Uses

type DelegationTarget interface {
    // UnprotectedHandler returns a handler that is NOT protected by a normal chain
    UnprotectedHandler() http.Handler

    // PostStartHooks returns the post-start hooks that need to be combined
    PostStartHooks() map[string]postStartHookEntry

    // PreShutdownHooks returns the pre-stop hooks that need to be combined
    PreShutdownHooks() map[string]preShutdownHookEntry

    // HealthzChecks returns the healthz checks that need to be combined
    HealthzChecks() []healthz.HealthChecker

    // ListedPaths returns the paths for supporting an index
    ListedPaths() []string

    // NextDelegate returns the next delegationTarget in the chain of delegations
    NextDelegate() DelegationTarget

    // PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates.
    PrepareRun() preparedGenericAPIServer
}

DelegationTarget is an interface which allows for composition of API servers with top level handling that works as expected.

func NewEmptyDelegate Uses

func NewEmptyDelegate() DelegationTarget

type DeprecatedInsecureServingInfo Uses

type DeprecatedInsecureServingInfo struct {
    // Listener is the secure server network listener.
    Listener net.Listener
    // optional server name for log messages
    Name string
}

DeprecatedInsecureServingInfo is the main context object for the insecure http server. HTTP does NOT include authentication or authorization. You shouldn't be using this. It makes sig-auth sad.

func (*DeprecatedInsecureServingInfo) NewLoopbackClientConfig Uses

func (s *DeprecatedInsecureServingInfo) NewLoopbackClientConfig() (*rest.Config, error)

func (*DeprecatedInsecureServingInfo) Serve Uses

func (s *DeprecatedInsecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) error

Serve starts an insecure http server with the given handler. It fails only if the initial listen call fails. It does not block.

type GenericAPIServer Uses

type GenericAPIServer struct {

    // LoopbackClientConfig is a config for a privileged loopback connection to the API server
    LoopbackClientConfig *restclient.Config

    // ShutdownTimeout is the timeout used for server shutdown. This specifies the timeout before server
    // gracefully shutdown returns.
    ShutdownTimeout time.Duration

    // SecureServingInfo holds configuration of the TLS server.
    SecureServingInfo *SecureServingInfo

    // ExternalAddress is the address (hostname or IP and port) that should be used in
    // external (public internet) URLs for this GenericAPIServer.
    ExternalAddress string

    // Serializer controls how common API objects not in a group/version prefix are serialized for this server.
    // Individual APIGroups may define their own serializers.
    Serializer runtime.NegotiatedSerializer

    // "Outputs"
    // Handler holds the handlers being used by this API server
    Handler *APIServerHandler

    // DiscoveryGroupManager serves /apis
    DiscoveryGroupManager discovery.GroupManager

    // OpenAPIVersionedService controls the /openapi/v2 endpoint, and can be used to update the served spec.
    // It is set during PrepareRun.
    OpenAPIVersionedService *handler.OpenAPIService

    // StaticOpenAPISpec is the spec derived from the restful container endpoints.
    // It is set during PrepareRun.
    StaticOpenAPISpec *spec.Swagger

    // auditing. The backend is started after the server starts listening.
    AuditBackend audit.Backend

    // Authorizer determines whether a user is allowed to make a certain request. The Handler does a preliminary
    // authorization check using the request URI but it may be necessary to make additional checks, such as in
    // the create-on-update case
    Authorizer authorizer.Authorizer

    // EquivalentResourceRegistry provides information about resources equivalent to a given resource,
    // and the kind associated with a given resource. As resources are installed, they are registered here.
    EquivalentResourceRegistry runtime.EquivalentResourceRegistry

    // HandlerChainWaitGroup allows you to wait for all chain handlers finish after the server shutdown.
    HandlerChainWaitGroup *utilwaitgroup.SafeWaitGroup

    // ShutdownDelayDuration allows to block shutdown for some time, e.g. until endpoints pointing to this API server
    // have converged on all node. During this time, the API server keeps serving, /healthz will return 200,
    // but /readyz will return failure.
    ShutdownDelayDuration time.Duration
    // contains filtered or unexported fields
}

GenericAPIServer contains state for a Kubernetes cluster api server.

func (*GenericAPIServer) AddBootSequenceHealthChecks Uses

func (s *GenericAPIServer) AddBootSequenceHealthChecks(checks ...healthz.HealthChecker) error

AddBootSequenceHealthChecks adds health checks to the old healthz endpoint (for backwards compatibility reasons) as well as livez and readyz. The livez grace period is defined by the value of the command-line flag --livez-grace-period; before the grace period elapses, the livez health checks will default to healthy. One may want to set a grace period in order to prevent the kubelet from restarting the kube-apiserver due to long-ish boot sequences. Readyz health checks, on the other hand, have no grace period, since readyz should fail until boot fully completes.

func (*GenericAPIServer) AddHealthChecks Uses

func (s *GenericAPIServer) AddHealthChecks(checks ...healthz.HealthChecker) error

AddHealthChecks adds HealthCheck(s) to health endpoints (healthz, livez, readyz) but configures the liveness grace period to be zero, which means we expect this health check to immediately indicate that the apiserver is unhealthy.

func (*GenericAPIServer) AddPostStartHook Uses

func (s *GenericAPIServer) AddPostStartHook(name string, hook PostStartHookFunc) error

AddPostStartHook allows you to add a PostStartHook.

func (*GenericAPIServer) AddPostStartHookOrDie Uses

func (s *GenericAPIServer) AddPostStartHookOrDie(name string, hook PostStartHookFunc)

AddPostStartHookOrDie allows you to add a PostStartHook, but dies on failure

func (*GenericAPIServer) AddPreShutdownHook Uses

func (s *GenericAPIServer) AddPreShutdownHook(name string, hook PreShutdownHookFunc) error

AddPreShutdownHook allows you to add a PreShutdownHook.

func (*GenericAPIServer) AddPreShutdownHookOrDie Uses

func (s *GenericAPIServer) AddPreShutdownHookOrDie(name string, hook PreShutdownHookFunc)

AddPreShutdownHookOrDie allows you to add a PostStartHook, but dies on failure

func (*GenericAPIServer) HealthzChecks Uses

func (s *GenericAPIServer) HealthzChecks() []healthz.HealthChecker

func (*GenericAPIServer) InstallAPIGroup Uses

func (s *GenericAPIServer) InstallAPIGroup(apiGroupInfo *APIGroupInfo) error

Exposes the given api group in the API.

func (*GenericAPIServer) InstallAPIGroups Uses

func (s *GenericAPIServer) InstallAPIGroups(apiGroupInfos ...*APIGroupInfo) error

Exposes given api groups in the API.

func (*GenericAPIServer) InstallLegacyAPIGroup Uses

func (s *GenericAPIServer) InstallLegacyAPIGroup(apiPrefix string, apiGroupInfo *APIGroupInfo) error

func (*GenericAPIServer) ListedPaths Uses

func (s *GenericAPIServer) ListedPaths() []string

func (*GenericAPIServer) NextDelegate Uses

func (s *GenericAPIServer) NextDelegate() DelegationTarget

func (*GenericAPIServer) PostStartHooks Uses

func (s *GenericAPIServer) PostStartHooks() map[string]postStartHookEntry

func (*GenericAPIServer) PreShutdownHooks Uses

func (s *GenericAPIServer) PreShutdownHooks() map[string]preShutdownHookEntry

func (*GenericAPIServer) PrepareRun Uses

func (s *GenericAPIServer) PrepareRun() preparedGenericAPIServer

PrepareRun does post API installation setup steps. It calls recursively the same function of the delegates.

func (*GenericAPIServer) RunPostStartHooks Uses

func (s *GenericAPIServer) RunPostStartHooks(stopCh <-chan struct{})

RunPostStartHooks runs the PostStartHooks for the server

func (*GenericAPIServer) RunPreShutdownHooks Uses

func (s *GenericAPIServer) RunPreShutdownHooks() error

RunPreShutdownHooks runs the PreShutdownHooks for the server

func (*GenericAPIServer) UnprotectedHandler Uses

func (s *GenericAPIServer) UnprotectedHandler() http.Handler

type HandlerChainBuilderFn Uses

type HandlerChainBuilderFn func(apiHandler http.Handler) http.Handler

HandlerChainBuilderFn is used to wrap the GoRestfulContainer handler using the provided handler chain. It is normally used to apply filtering like authentication and authorization

type InsecureSuperuser Uses

type InsecureSuperuser struct{}

InsecureSuperuser implements authenticator.Request to always return a superuser. This is functionally equivalent to skipping authentication and authorization, but allows apiserver code to stop special-casing a nil user to skip authorization checks.

func (InsecureSuperuser) AuthenticateRequest Uses

func (InsecureSuperuser) AuthenticateRequest(req *http.Request) (*authenticator.Response, bool, error)

type PostStartHookConfigEntry Uses

type PostStartHookConfigEntry struct {
    // contains filtered or unexported fields
}

type PostStartHookContext Uses

type PostStartHookContext struct {
    // LoopbackClientConfig is a config for a privileged loopback connection to the API server
    LoopbackClientConfig *restclient.Config
    // StopCh is the channel that will be closed when the server stops
    StopCh <-chan struct{}
}

PostStartHookContext provides information about this API server to a PostStartHookFunc

type PostStartHookFunc Uses

type PostStartHookFunc func(context PostStartHookContext) error

PostStartHookFunc is a function that is called after the server has started. It must properly handle cases like:

1. asynchronous start in multiple API server processes
2. conflicts between the different processes all trying to perform the same action
3. partially complete work (API server crashes while running your hook)
4. API server access **BEFORE** your hook has completed

Think of it like a mini-controller that is super privileged and gets to run in-process If you use this feature, tag @deads2k on github who has promised to review code for anyone's PostStartHook until it becomes easier to use.

type PostStartHookProvider Uses

type PostStartHookProvider interface {
    PostStartHook() (string, PostStartHookFunc, error)
}

PostStartHookProvider is an interface in addition to provide a post start hook for the api server

type PreShutdownHookFunc Uses

type PreShutdownHookFunc func() error

PreShutdownHookFunc is a function that can be added to the shutdown logic.

type RecommendedConfig Uses

type RecommendedConfig struct {
    Config

    // SharedInformerFactory provides shared informers for Kubernetes resources. This value is set by
    // RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo. It uses an in-cluster client config
    // by default, or the kubeconfig given with kubeconfig command line flag.
    SharedInformerFactory informers.SharedInformerFactory

    // ClientConfig holds the kubernetes client configuration.
    // This value is set by RecommendedOptions.CoreAPI.ApplyTo called by RecommendedOptions.ApplyTo.
    // By default in-cluster client config is used.
    ClientConfig *restclient.Config
}

func NewRecommendedConfig Uses

func NewRecommendedConfig(codecs serializer.CodecFactory) *RecommendedConfig

NewRecommendedConfig returns a RecommendedConfig struct with the default values

func (*RecommendedConfig) Complete Uses

func (c *RecommendedConfig) Complete() CompletedConfig

Complete fills in any fields not set that are required to have valid data and can be derived from other fields. If you're going to `ApplyOptions`, do that first. It's mutating the receiver.

type SecureServingInfo Uses

type SecureServingInfo struct {
    // Listener is the secure server network listener.
    Listener net.Listener

    // Cert is the main server cert which is used if SNI does not match. Cert must be non-nil and is
    // allowed to be in SNICerts.
    Cert dynamiccertificates.CertKeyContentProvider

    // SNICerts are the TLS certificates used for SNI.
    SNICerts []dynamiccertificates.SNICertKeyContentProvider

    // ClientCA is the certificate bundle for all the signers that you'll recognize for incoming client certificates
    ClientCA dynamiccertificates.CAContentProvider

    // MinTLSVersion optionally overrides the minimum TLS version supported.
    // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
    MinTLSVersion uint16

    // CipherSuites optionally overrides the list of allowed cipher suites for the server.
    // Values are from tls package constants (https://golang.org/pkg/crypto/tls/#pkg-constants).
    CipherSuites []uint16

    // HTTP2MaxStreamsPerConnection is the limit that the api server imposes on each client.
    // A value of zero means to use the default provided by golang's HTTP/2 support.
    HTTP2MaxStreamsPerConnection int

    // DisableHTTP2 indicates that http2 should not be enabled.
    DisableHTTP2 bool
}

func (*SecureServingInfo) HostPort Uses

func (s *SecureServingInfo) HostPort() (string, int, error)

func (*SecureServingInfo) NewClientConfig Uses

func (s *SecureServingInfo) NewClientConfig(caCert []byte) (*restclient.Config, error)

func (*SecureServingInfo) NewLoopbackClientConfig Uses

func (s *SecureServingInfo) NewLoopbackClientConfig(token string, loopbackCert []byte) (*restclient.Config, error)

func (*SecureServingInfo) Serve Uses

func (s *SecureServingInfo) Serve(handler http.Handler, shutdownTimeout time.Duration, stopCh <-chan struct{}) (<-chan struct{}, error)

Serve runs the secure http server. It fails only if certificates cannot be loaded or the initial listen call fails. The actual server loop (stoppable by closing stopCh) runs in a go routine, i.e. Serve does not block. It returns a stoppedCh that is closed when all non-hijacked active requests have been processed.

Directories

PathSynopsis
dynamiccertificates
egressselector
filtersPackage filters contains all the http handler chain filters which are not api related.
healthzPackage healthz implements basic http server health checking.
httplogPackage httplog contains a helper object and functions to maintain a log along with an http response.
muxPackage mux contains abstractions for http multiplexing of APIs.
optionspackage options is the public flags and options used by a generic api server.
options/encryptionconfig
resourceconfigPackage resourceconfig contains the resource config related helper functions.
routesPackage routes holds a collection of optional genericapiserver http handlers.
storagePackage storage contains the plumbing to setup the etcd storage of the apiserver.

Package server imports 77 packages (graph) and is imported by 657 packages. Updated 2019-12-05. Refresh now. Tools for package owners.