Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

incluster config will be used when creating external shared informers. #47443

Merged
merged 1 commit into from
Jun 27, 2017
Merged

incluster config will be used when creating external shared informers. #47443

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
2 changes: 2 additions & 0 deletions cmd/kube-apiserver/app/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -553,6 +553,8 @@ func defaultOptions(s *options.ServerRunOptions) error {
if err != nil {
return fmt.Errorf("error determining service IP ranges: %v", err)
}
s.SecureServing.ForceLoopbackConfigUsage()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

try adding a congruent line to federation/cmd/federation-apiserver/app/server.go. The federation server can reasonably consider itself the source of truth for namespaces (it mirrors what is happening today) and if they wish to do something different in the future, they'll be able to modify it.


if err := s.SecureServing.MaybeDefaultWithSelfSignedCerts(s.GenericServerRunOptions.AdvertiseAddress.String(), []string{"kubernetes.default.svc", "kubernetes.default", "kubernetes"}, []net.IP{apiServerServiceIP}); err != nil {
return fmt.Errorf("error creating self-signed certificates: %v", err)
}
Expand Down
1 change: 1 addition & 0 deletions federation/cmd/federation-apiserver/app/server.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ func NonBlockingRun(s *options.ServerRunOptions, stopCh <-chan struct{}) error {
if err := s.CloudProvider.DefaultExternalHost(s.GenericServerRunOptions); err != nil {
return fmt.Errorf("error setting the external host value: %v", err)
}
s.SecureServing.ForceLoopbackConfigUsage()

s.Authentication.ApplyAuthorization(s.Authorization)

Expand Down
39 changes: 34 additions & 5 deletions staging/src/k8s.io/apiserver/pkg/server/options/serving.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import (
"net"
"path"
"strconv"
"time"

"github.com/golang/glog"
"github.com/pborman/uuid"
Expand All @@ -34,6 +35,7 @@ import (
utilflag "k8s.io/apiserver/pkg/util/flag"
"k8s.io/client-go/informers"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
certutil "k8s.io/client-go/util/cert"
)

Expand All @@ -45,6 +47,9 @@ type SecureServingOptions struct {
ServerCert GeneratableKeyCert
// SNICertKeys are named CertKeys for serving secure traffic with SNI support.
SNICertKeys []utilflag.NamedCertKey

// when set determines whether to use loopback configuration to create shared informers.
useLoopbackCfg bool
}

type CertKey struct {
Expand Down Expand Up @@ -136,6 +141,7 @@ func (s *SecureServingOptions) AddDeprecatedFlags(fs *pflag.FlagSet) {
fs.MarkDeprecated("public-address-override", "see --bind-address instead.")
}

// ApplyTo fills up serving information in the server configuration.
func (s *SecureServingOptions) ApplyTo(c *server.Config) error {
if s.BindPort <= 0 {
return nil
Expand Down Expand Up @@ -169,16 +175,39 @@ func (s *SecureServingOptions) ApplyTo(c *server.Config) error {
c.SecureServingInfo.SNICerts[server.LoopbackClientServerNameOverride] = &tlsCert
}

// create shared informers
clientset, err := kubernetes.NewForConfig(c.LoopbackClientConfig)
// create shared informers, if not explicitly set use in cluster config.
// do not fail on an error, this allows an external API server to startup
// outside of a kube cluster.
var clientCfg *rest.Config
err = nil
if s.useLoopbackCfg {
clientCfg = c.LoopbackClientConfig
} else {
clientCfg, err = rest.InClusterConfig()
}
if err != nil {
return err
glog.Errorf("Couldn't create in cluster config due to %v. SharedInformerFactory will not be set.", err)
return nil
}
c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, c.LoopbackClientConfig.Timeout)

clientset, err := kubernetes.NewForConfig(clientCfg)
if err != nil {
glog.Errorf("Couldn't create clientset due to %v. SharedInformerFactory will not be set.", err)
return nil
}
c.SharedInformerFactory = informers.NewSharedInformerFactory(clientset, 10*time.Minute)
return nil
}

// ForceLoopbackConfigUsage forces the usage of the loopback configuration
// to create SharedInformerFactory. The primary client of this method
// is kube API server, no other API server is the source of truth for kube APIs.
//
// Note:
// this method MUST be called prior to ApplyTo to take an effect.
func (s *SecureServingOptions) ForceLoopbackConfigUsage() {
s.useLoopbackCfg = true
}

func (s *SecureServingOptions) applyServingInfoTo(c *server.Config) error {
if s.BindPort <= 0 {
return nil
Expand Down