kubernetes · k8s-github-robot · Feb 7, 2017 · Feb 3, 2017
diff --git a/cmd/kube-aggregator/pkg/cmd/server/start.go b/cmd/kube-aggregator/pkg/cmd/server/start.go
@@ -118,13 +118,14 @@ func (o DiscoveryServerOptions) RunDiscoveryServer() error {
 
 	genericAPIServerConfig := genericapiserver.NewConfig().
 		WithSerializer(api.Codecs)
-	if _, err := genericAPIServerConfig.ApplySecureServingOptions(o.SecureServing); err != nil {
-		return err
+
+	if err := o.SecureServing.ApplyTo(genericAPIServerConfig); err != nil {
+		return fmt.Errorf("failed to configure https: %s", err)
 	}
-	if _, err := genericAPIServerConfig.ApplyDelegatingAuthenticationOptions(o.Authentication); err != nil {
+	if err := o.Authentication.ApplyTo(genericAPIServerConfig); err != nil {
 		return err
 	}
-	if _, err := genericAPIServerConfig.ApplyDelegatingAuthorizationOptions(o.Authorization); err != nil {
+	if err := o.Authorization.ApplyTo(genericAPIServerConfig); err != nil {
 		return err
 	}
 	genericAPIServerConfig.LongRunningFunc = filters.BasicLongRunningRequestCheck(

diff --git a/cmd/kube-apiserver/app/server.go b/cmd/kube-apiserver/app/server.go
@@ -106,15 +106,19 @@ func Run(s *options.ServerRunOptions) error {
 
 	// create config from options
 	genericConfig := genericapiserver.NewConfig().
-		WithSerializer(api.Codecs).
-		ApplyOptions(s.GenericServerRunOptions).
-		ApplyInsecureServingOptions(s.InsecureServing)
+		WithSerializer(api.Codecs)
 
-	if _, err := genericConfig.ApplySecureServingOptions(s.SecureServing); err != nil {
-		return fmt.Errorf("failed to configure https: %s", err)
+	if err := s.GenericServerRunOptions.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.InsecureServing.ApplyTo(genericConfig); err != nil {
+		return err
 	}
-	if err = s.Authentication.Apply(genericConfig); err != nil {
-		return fmt.Errorf("failed to configure authentication: %s", err)
+	if err := s.SecureServing.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
+		return err
 	}
 
 	capabilities.Initialize(capabilities.Capabilities{

diff --git a/examples/apiserver/apiserver.go b/examples/apiserver/apiserver.go
@@ -104,14 +104,18 @@ func (serverOptions *ServerRunOptions) Run(stopCh <-chan struct{}) error {
 
 	// create config from options
 	config := genericapiserver.NewConfig().
-		WithSerializer(api.Codecs).
-		ApplyOptions(serverOptions.GenericServerRunOptions).
-		ApplyInsecureServingOptions(serverOptions.InsecureServing)
+		WithSerializer(api.Codecs)
 
-	if _, err := config.ApplySecureServingOptions(serverOptions.SecureServing); err != nil {
+	if err := serverOptions.GenericServerRunOptions.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := serverOptions.InsecureServing.ApplyTo(config); err != nil {
+		return err
+	}
+	if err := serverOptions.SecureServing.ApplyTo(config); err != nil {
 		return fmt.Errorf("failed to configure https: %s", err)
 	}
-	if err := serverOptions.Authentication.Apply(config); err != nil {
+	if err := serverOptions.Authentication.ApplyTo(config); err != nil {
 		return fmt.Errorf("failed to configure authentication: %s", err)
 	}
 

diff --git a/federation/cmd/federation-apiserver/app/server.go b/federation/cmd/federation-apiserver/app/server.go
@@ -89,15 +89,19 @@ func Run(s *options.ServerRunOptions) error {
 	}
 
 	genericConfig := genericapiserver.NewConfig().
-		WithSerializer(api.Codecs).
-		ApplyOptions(s.GenericServerRunOptions).
-		ApplyInsecureServingOptions(s.InsecureServing)
+		WithSerializer(api.Codecs)
 
-	if _, err := genericConfig.ApplySecureServingOptions(s.SecureServing); err != nil {
-		return fmt.Errorf("failed to configure https: %s", err)
+	if err := s.GenericServerRunOptions.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.InsecureServing.ApplyTo(genericConfig); err != nil {
+		return err
 	}
-	if err := s.Authentication.Apply(genericConfig); err != nil {
-		return fmt.Errorf("failed to configure authentication: %s", err)
+	if err := s.SecureServing.ApplyTo(genericConfig); err != nil {
+		return err
+	}
+	if err := s.Authentication.ApplyTo(genericConfig); err != nil {
+		return err
 	}
 
 	// TODO: register cluster federation resources here.

diff --git a/pkg/kubeapiserver/options/authentication.go b/pkg/kubeapiserver/options/authentication.go
@@ -297,7 +297,7 @@ func (s *BuiltInAuthenticationOptions) ToAuthenticationConfig() authenticator.Au
 	return ret
 }
 
-func (o *BuiltInAuthenticationOptions) Apply(c *genericapiserver.Config) error {
+func (o *BuiltInAuthenticationOptions) ApplyTo(c *genericapiserver.Config) error {
 	if o == nil {
 		return nil
 	}

diff --git a/staging/src/k8s.io/apiserver/pkg/server/config.go b/staging/src/k8s.io/apiserver/pkg/server/config.go
@@ -19,10 +19,8 @@ package server
 import (
 	"crypto/tls"
 	"crypto/x509"
-	"encoding/pem"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"net"
 	"net/http"
 	goruntime "runtime"
@@ -34,7 +32,6 @@ import (
 	"github.com/emicklei/go-restful/swagger"
 	"github.com/go-openapi/spec"
 	"github.com/pborman/uuid"
-	"gopkg.in/natefinch/lumberjack.v2"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	openapicommon "k8s.io/apimachinery/pkg/openapi"
@@ -56,7 +53,6 @@ import (
 	genericfilters "k8s.io/apiserver/pkg/server/filters"
 	"k8s.io/apiserver/pkg/server/healthz"
 	"k8s.io/apiserver/pkg/server/mux"
-	"k8s.io/apiserver/pkg/server/options"
 	"k8s.io/apiserver/pkg/server/routes"
 	restclient "k8s.io/client-go/rest"
 	certutil "k8s.io/client-go/util/cert"
@@ -193,25 +189,23 @@ type SecureServingInfo struct {
 
 // NewConfig returns a Config struct with the default values
 func NewConfig() *Config {
-	config := &Config{
-		ReadWritePort:          6443,
-		RequestContextMapper:   apirequest.NewRequestContextMapper(),
-		BuildHandlerChainsFunc: DefaultBuildHandlerChain,
-		LegacyAPIGroupPrefixes: sets.NewString(DefaultLegacyAPIPrefix),
-		HealthzChecks:          []healthz.HealthzChecker{healthz.PingHealthz},
-		EnableIndex:            true,
+	return &Config{
+		ReadWritePort:               6443,
+		RequestContextMapper:        apirequest.NewRequestContextMapper(),
+		BuildHandlerChainsFunc:      DefaultBuildHandlerChain,
+		LegacyAPIGroupPrefixes:      sets.NewString(DefaultLegacyAPIPrefix),
+		HealthzChecks:               []healthz.HealthzChecker{healthz.PingHealthz},
+		EnableIndex:                 true,
+		EnableGarbageCollection:     true,
+		EnableProfiling:             true,
+		MaxRequestsInFlight:         400,
+		MaxMutatingRequestsInFlight: 200,
+		MinRequestTimeout:           1800,
 
 		// Default to treating watch as a long-running operation
 		// Generic API servers have no inherent long-running subresources
 		LongRunningFunc: genericfilters.BasicLongRunningRequestCheck(sets.NewString("watch"), sets.NewString()),
 	}
-
-	// this keeps the defaults in sync
-	defaultOptions := options.NewServerRunOptions()
-	// unset fields that can be overridden to avoid setting values so that we won't end up with lingering values.
-	// TODO we probably want to run the defaults the other way.  A default here drives it in the CLI flags
-	defaultOptions.AuditLogPath = ""
-	return config.ApplyOptions(defaultOptions)
 }
 
 func (c *Config) WithSerializer(codecs serializer.CodecFactory) *Config {
@@ -257,82 +251,6 @@ func DefaultSwaggerConfig() *swagger.Config {
 	}
 }
 
-func (c *Config) ApplySecureServingOptions(secureServing *options.SecureServingOptions) (*Config, error) {
-	if secureServing == nil || secureServing.ServingOptions.BindPort <= 0 {
-		return c, nil
-	}
-
-	secureServingInfo := &SecureServingInfo{
-		ServingInfo: ServingInfo{
-			BindAddress: net.JoinHostPort(secureServing.ServingOptions.BindAddress.String(), strconv.Itoa(secureServing.ServingOptions.BindPort)),
-		},
-	}
-
-	serverCertFile, serverKeyFile := secureServing.ServerCert.CertKey.CertFile, secureServing.ServerCert.CertKey.KeyFile
-
-	// load main cert
-	if len(serverCertFile) != 0 || len(serverKeyFile) != 0 {
-		tlsCert, err := tls.LoadX509KeyPair(serverCertFile, serverKeyFile)
-		if err != nil {
-			return nil, fmt.Errorf("unable to load server certificate: %v", err)
-		}
-		secureServingInfo.Cert = &tlsCert
-	}
-
-	// optionally load CA cert
-	if len(secureServing.ServerCert.CACertFile) != 0 {
-		pemData, err := ioutil.ReadFile(secureServing.ServerCert.CACertFile)
-		if err != nil {
-			return nil, fmt.Errorf("failed to read certificate authority from %q: %v", secureServing.ServerCert.CACertFile, err)
-		}
-		block, pemData := pem.Decode(pemData)
-		if block == nil {
-			return nil, fmt.Errorf("no certificate found in certificate authority file %q", secureServing.ServerCert.CACertFile)
-		}
-		if block.Type != "CERTIFICATE" {
-			return nil, fmt.Errorf("expected CERTIFICATE block in certiticate authority file %q, found: %s", secureServing.ServerCert.CACertFile, block.Type)
-		}
-		secureServingInfo.CACert = &tls.Certificate{
-			Certificate: [][]byte{block.Bytes},
-		}
-	}
-
-	// load SNI certs
-	namedTlsCerts := make([]namedTlsCert, 0, len(secureServing.SNICertKeys))
-	for _, nck := range secureServing.SNICertKeys {
-		tlsCert, err := tls.LoadX509KeyPair(nck.CertFile, nck.KeyFile)
-		namedTlsCerts = append(namedTlsCerts, namedTlsCert{
-			tlsCert: tlsCert,
-			names:   nck.Names,
-		})
-		if err != nil {
-			return nil, fmt.Errorf("failed to load SNI cert and key: %v", err)
-		}
-	}
-	var err error
-	secureServingInfo.SNICerts, err = getNamedCertificateMap(namedTlsCerts)
-	if err != nil {
-		return nil, err
-	}
-
-	c.SecureServingInfo = secureServingInfo
-	c.ReadWritePort = secureServing.ServingOptions.BindPort
-
-	return c, nil
-}
-
-func (c *Config) ApplyInsecureServingOptions(insecureServing *options.ServingOptions) *Config {
-	if insecureServing == nil || insecureServing.BindPort <= 0 {
-		return c
-	}
-
-	c.InsecureServingInfo = &ServingInfo{
-		BindAddress: net.JoinHostPort(insecureServing.BindAddress.String(), strconv.Itoa(insecureServing.BindPort)),
-	}
-
-	return c
-}
-
 func (c *Config) ApplyClientCert(clientCAFile string) (*Config, error) {
 	if c.SecureServingInfo != nil {
 		if len(clientCAFile) > 0 {
@@ -352,83 +270,6 @@ func (c *Config) ApplyClientCert(clientCAFile string) (*Config, error) {
 	return c, nil
 }
 
-func (c *Config) ApplyDelegatingAuthenticationOptions(o *options.DelegatingAuthenticationOptions) (*Config, error) {
-	if o == nil {
-		return c, nil
-	}
-
-	var err error
-	c, err = c.ApplyClientCert(o.ClientCert.ClientCA)
-	if err != nil {
-		return nil, fmt.Errorf("unable to load client CA file: %v", err)
-	}
-	c, err = c.ApplyClientCert(o.RequestHeader.ClientCAFile)
-	if err != nil {
-		return nil, fmt.Errorf("unable to load client CA file: %v", err)
-	}
-
-	cfg, err := o.ToAuthenticationConfig()
-	if err != nil {
-		return nil, err
-	}
-	authenticator, securityDefinitions, err := cfg.New()
-	if err != nil {
-		return nil, err
-	}
-
-	c.Authenticator = authenticator
-	if c.OpenAPIConfig != nil {
-		c.OpenAPIConfig.SecurityDefinitions = securityDefinitions
-	}
-	c.SupportsBasicAuth = false
-
-	return c, nil
-}
-
-func (c *Config) ApplyDelegatingAuthorizationOptions(o *options.DelegatingAuthorizationOptions) (*Config, error) {
-	if o == nil {
-		return c, nil
-	}
-
-	cfg, err := o.ToAuthorizationConfig()
-	if err != nil {
-		return nil, err
-	}
-	authorizer, err := cfg.New()
-	if err != nil {
-		return nil, err
-	}
-
-	c.Authorizer = authorizer
-
-	return c, nil
-}
-
-// ApplyOptions applies the run options to the method receiver and returns self
-func (c *Config) ApplyOptions(options *options.ServerRunOptions) *Config {
-	if len(options.AuditLogPath) != 0 {
-		c.AuditWriter = &lumberjack.Logger{
-			Filename:   options.AuditLogPath,
-			MaxAge:     options.AuditLogMaxAge,
-			MaxBackups: options.AuditLogMaxBackups,
-			MaxSize:    options.AuditLogMaxSize,
-		}
-	}
-
-	c.CorsAllowedOriginList = options.CorsAllowedOriginList
-	c.EnableGarbageCollection = options.EnableGarbageCollection
-	c.EnableProfiling = options.EnableProfiling
-	c.EnableContentionProfiling = options.EnableContentionProfiling
-	c.EnableSwaggerUI = options.EnableSwaggerUI
-	c.ExternalAddress = options.ExternalHost
-	c.MaxRequestsInFlight = options.MaxRequestsInFlight
-	c.MaxMutatingRequestsInFlight = options.MaxMutatingRequestsInFlight
-	c.MinRequestTimeout = options.MinRequestTimeout
-	c.PublicAddress = options.AdvertiseAddress
-
-	return c
-}
-
 type completedConfig struct {
 	*Config
 }

diff --git a/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go b/staging/src/k8s.io/apiserver/pkg/server/genericapiserver.go
@@ -40,13 +40,13 @@ import (
 	utilnet "k8s.io/apimachinery/pkg/util/net"
 	"k8s.io/apimachinery/pkg/util/sets"
 	"k8s.io/apiserver/pkg/admission"
-	apirequest "k8s.io/apiserver/pkg/endpoints/request"
-	"k8s.io/apiserver/pkg/server/healthz"
-	restclient "k8s.io/client-go/rest"
 	genericapi "k8s.io/apiserver/pkg/endpoints"
+	apirequest "k8s.io/apiserver/pkg/endpoints/request"
 	"k8s.io/apiserver/pkg/registry/rest"
+	"k8s.io/apiserver/pkg/server/healthz"
 	genericmux "k8s.io/apiserver/pkg/server/mux"
 	"k8s.io/apiserver/pkg/server/routes"
+	restclient "k8s.io/client-go/rest"
 )
 
 // Info about an API group.
@@ -212,6 +212,11 @@ func (s preparedGenericAPIServer) Run(stopCh <-chan struct{}) {
 	<-stopCh
 }
 
+// EffectiveSecurePort returns the secure port we bound to.
+func (s *GenericAPIServer) EffectiveSecurePort() int {
+	return s.effectiveSecurePort
+}
+
 // installAPIResources is a private method for installing the REST storage backing each api groupversionresource
 func (s *GenericAPIServer) installAPIResources(apiPrefix string, apiGroupInfo *APIGroupInfo) error {
 	for _, groupVersion := range apiGroupInfo.GroupMeta.GroupVersions {