v1.0.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 18, 2015 License: Apache-2.0 Imports: 173 Imported by: 0



Package origin provides objects for creating an OpenShift Origin server



View Source
const (
	OpenShiftOAuthAPIPrefix      = "/oauth"
	OpenShiftLoginPrefix         = "/login"
	OpenShiftApprovePrefix       = "/oauth/approve"
	OpenShiftOAuthCallbackPrefix = "/oauth2callback"
	OpenShiftWebConsoleClientID  = "openshift-web-console"
View Source
const (
	LegacyOpenShiftAPIPrefix  = "/osapi" // TODO: make configurable
	OpenShiftAPIPrefix        = "/oapi"  // TODO: make configurable
	KubernetesAPIPrefix       = "/api"   // TODO: make configurable
	OpenShiftAPIV1Beta3       = "v1beta3"
	OpenShiftAPIV1            = "v1"
	OpenShiftAPIPrefixV1Beta3 = LegacyOpenShiftAPIPrefix + "/" + OpenShiftAPIV1Beta3
	OpenShiftAPIPrefixV1      = OpenShiftAPIPrefix + "/" + OpenShiftAPIV1


View Source
var (
	OSWebConsoleClientBase = oauthapi.OAuthClient{
		ObjectMeta: kapi.ObjectMeta{
			Name: OpenShiftWebConsoleClientID,
		Secret: uuid.New(),
	// OSBrowserClientBase is used as a skeleton for building a Client.  We can't set the allowed redirecturis because we don't yet know the host:port of the auth server
	OSBrowserClientBase = oauthapi.OAuthClient{
		ObjectMeta: kapi.ObjectMeta{
			Name: "openshift-browser-client",
		Secret: uuid.New(),
	OSCliClientBase = oauthapi.OAuthClient{
		ObjectMeta: kapi.ObjectMeta{
			Name: "openshift-challenging-client",
		Secret:                uuid.New(),
		RespondWithChallenges: true,


func BuildSessionAuth added in v0.4.3

func BuildSessionAuth(secure bool, config *configapi.SessionConfig) (*session.Authenticator, error)

func CreateOrUpdateDefaultOAuthClients added in v0.2.1

func CreateOrUpdateDefaultOAuthClients(masterPublicAddr string, assetPublicAddresses []string, clientRegistry clientregistry.Registry)

func NewEtcdHelper

func NewEtcdHelper(client *etcdclient.Client, version, prefix string) (oshelper tools.EtcdHelper, err error)

NewEtcdHelper returns an EtcdHelper for the provided storage version.

func OpenShiftOAuthAuthorizeURL added in v0.2.2

func OpenShiftOAuthAuthorizeURL(masterAddr string) string

func OpenShiftOAuthTokenRequestURL added in v0.4.4

func OpenShiftOAuthTokenRequestURL(masterAddr string) string

func OpenShiftOAuthTokenURL added in v0.2.2

func OpenShiftOAuthTokenURL(masterAddr string) string


type APIInstallFunc added in v0.2.2

type APIInstallFunc func(*restful.Container) []string

APIInstallFunc is a function for installing APIs

func (APIInstallFunc) InstallAPI added in v0.2.2

func (fn APIInstallFunc) InstallAPI(container *restful.Container) []string

InstallAPI implements APIInstaller

type APIInstaller

type APIInstaller interface {
	// InstallAPI returns an array of strings describing what was installed
	InstallAPI(*restful.Container) []string

APIInstaller installs additional API components into this server

type AssetConfig added in v0.4.2

type AssetConfig struct {
	Options configapi.AssetConfig

AssetConfig defines the required parameters for starting the OpenShift master

func BuildAssetConfig added in v0.4.2

func BuildAssetConfig(options configapi.AssetConfig) (*AssetConfig, error)

BuildAssetConfig returns a new AssetConfig

func (*AssetConfig) InstallAPI added in v0.4.2

func (c *AssetConfig) InstallAPI(container *restful.Container) []string

InstallAPI adds handlers for serving static assets into the provided mux, then returns an array of strings indicating what endpoints were started (these are format strings that will expect to be sent a single string value).

func (*AssetConfig) Run added in v0.4.2

func (c *AssetConfig) Run()

Run starts an http server for the static assets listening on the configured bind address

type AuthConfig

type AuthConfig struct {
	Options configapi.OAuthConfig

	// AssetPublicAddresses contains valid redirectURI prefixes to direct browsers to the web console
	AssetPublicAddresses []string
	MasterRoots          *x509.CertPool
	EtcdHelper           tools.EtcdHelper

	UserRegistry     userregistry.Registry
	IdentityRegistry identityregistry.Registry

	SessionAuth *session.Authenticator

func BuildAuthConfig added in v0.4.2

func BuildAuthConfig(options configapi.MasterConfig) (*AuthConfig, error)

func (*AuthConfig) InstallAPI

func (c *AuthConfig) InstallAPI(container *restful.Container) []string

InstallAPI registers endpoints for an OAuth2 server into the provided mux, then returns an array of strings indicating what endpoints were started (these are format strings that will expect to be sent a single string value).

func (*AuthConfig) NewOpenShiftOAuthClientConfig added in v0.2.1

func (c *AuthConfig) NewOpenShiftOAuthClientConfig(client *oauthapi.OAuthClient) *osincli.ClientConfig

NewOpenShiftOAuthClientConfig provides config for OpenShift OAuth client

type MasterConfig

type MasterConfig struct {
	Options configapi.MasterConfig

	Authenticator                 authenticator.Request
	Authorizer                    authorizer.Authorizer
	AuthorizationAttributeBuilder authorizer.AuthorizationAttributeBuilder

	PolicyCache               policycache.ReadOnlyCache
	ProjectAuthorizationCache *projectauth.AuthorizationCache

	// RequestContextMapper maps requests to contexts
	RequestContextMapper kapi.RequestContextMapper

	AdmissionControl admission.Interface

	TLS bool

	ControllerPlug plug.Plug

	// a function that returns the appropriate image to use for a named component
	ImageFor func(component string) string

	EtcdHelper          tools.EtcdHelper
	KubeletClientConfig *kclient.KubeletConfig

	// ClientCAs will be used to request client certificates in connections to the API.
	// This CertPool should contain all the CAs that will be used for client certificate verification.
	ClientCAs *x509.CertPool
	// APIClientCAs is used to verify client certificates presented for API auth
	APIClientCAs *x509.CertPool

	// PrivilegedLoopbackClientConfig is the client configuration used to call OpenShift APIs from system components
	// To apply different access control to a system component, create a client config specifically for that component.
	PrivilegedLoopbackClientConfig kclient.Config

	// PrivilegedLoopbackKubernetesClient is the client used to call Kubernetes APIs from system components,
	// built from KubeClientConfig. It should only be accessed via the *Client() helper methods. To apply
	// different access control to a system component, create a separate client/config specifically for
	// that component.
	PrivilegedLoopbackKubernetesClient *kclient.Client
	// PrivilegedLoopbackOpenShiftClient is the client used to call OpenShift APIs from system components,
	// built from PrivilegedLoopbackClientConfig. It should only be accessed via the *Client() helper methods.
	// To apply different access control to a system component, create a separate client/config specifically
	// for that component.
	PrivilegedLoopbackOpenShiftClient *osclient.Client

	// BuildControllerServiceAccount is the name of the service account in the infra namespace to use to run the build controller
	BuildControllerServiceAccount string
	// DeploymentControllerServiceAccount is the name of the service account in the infra namespace to use to run the deployment controller
	DeploymentControllerServiceAccount string
	// ReplicationControllerServiceAccount is the name of the service account in the infra namespace to use to run the replication controller
	ReplicationControllerServiceAccount string

MasterConfig defines the required parameters for starting the OpenShift master

func BuildMasterConfig added in v0.3.3

func BuildMasterConfig(options configapi.MasterConfig) (*MasterConfig, error)

func (*MasterConfig) BuildConfigWebHookClient added in v0.6.1

func (c *MasterConfig) BuildConfigWebHookClient() *osclient.Client

BuildConfigWebHookClient returns the webhook client object

func (*MasterConfig) BuildControllerClients added in v0.2.1

func (c *MasterConfig) BuildControllerClients() (*osclient.Client, *kclient.Client)

BuildControllerClients returns the build controller client objects

func (*MasterConfig) BuildImageChangeTriggerControllerClients added in v0.6.1

func (c *MasterConfig) BuildImageChangeTriggerControllerClients() (*osclient.Client, *kclient.Client)

BuildImageChangeTriggerControllerClients returns the build image change trigger controller client objects

func (*MasterConfig) BuildLogClient added in v0.2.1

func (c *MasterConfig) BuildLogClient() *kclient.Client

BuildLogClient returns the build log client object

func (*MasterConfig) BuildPodControllerClients added in v0.6.1

func (c *MasterConfig) BuildPodControllerClients() (*osclient.Client, *kclient.Client)

BuildPodControllerClients returns the build pod controller client objects

func (*MasterConfig) DNSServerClient added in v0.4.2

func (c *MasterConfig) DNSServerClient() *kclient.Client

DNSServerClient returns the DNS server client object It must have the following capabilities:

list, watch all services in all namespaces

func (*MasterConfig) DeployerPodControllerClients added in v0.6.1

func (c *MasterConfig) DeployerPodControllerClients() (*osclient.Client, *kclient.Client)

func (*MasterConfig) DeploymentClient added in v0.2.1

func (c *MasterConfig) DeploymentClient() *kclient.Client

DeploymentClient returns the deployment client object

func (*MasterConfig) DeploymentConfigChangeControllerClients added in v0.2.1

func (c *MasterConfig) DeploymentConfigChangeControllerClients() (*osclient.Client, *kclient.Client)

func (*MasterConfig) DeploymentConfigControllerClients added in v0.2.1

func (c *MasterConfig) DeploymentConfigControllerClients() (*osclient.Client, *kclient.Client)

func (*MasterConfig) DeploymentControllerClients added in v0.2.1

func (c *MasterConfig) DeploymentControllerClients() (*osclient.Client, *kclient.Client)

DeploymentControllerClients returns the deployment controller client object

func (*MasterConfig) DeploymentImageChangeTriggerControllerClient added in v0.6.1

func (c *MasterConfig) DeploymentImageChangeTriggerControllerClient() *osclient.Client

func (*MasterConfig) GetRestStorage added in v0.6.1

func (c *MasterConfig) GetRestStorage() map[string]rest.Storage

func (*MasterConfig) GetServiceAccountClients added in v0.6.1

func (c *MasterConfig) GetServiceAccountClients(name string) (*osclient.Client, *kclient.Client, error)

GetServiceAccountClients returns an OpenShift and Kubernetes client with the credentials of the named service account in the infra namespace

func (*MasterConfig) ImageChangeControllerClient added in v0.2.1

func (c *MasterConfig) ImageChangeControllerClient() *osclient.Client

ImageChangeControllerClient returns the openshift client object

func (*MasterConfig) ImageImportControllerClient added in v0.4.2

func (c *MasterConfig) ImageImportControllerClient() *osclient.Client

ImageImportControllerClient returns the deployment client object

func (*MasterConfig) InstallProtectedAPI added in v0.2.2

func (c *MasterConfig) InstallProtectedAPI(container *restful.Container) []string

func (*MasterConfig) InstallUnprotectedAPI added in v0.2.2

func (c *MasterConfig) InstallUnprotectedAPI(container *restful.Container) []string

func (*MasterConfig) KubeClient

func (c *MasterConfig) KubeClient() *kclient.Client

KubeClient returns the kubernetes client object

func (*MasterConfig) OriginNamespaceControllerClients added in v0.4.2

func (c *MasterConfig) OriginNamespaceControllerClients() (*osclient.Client, *kclient.Client)

OriginNamespaceControllerClients returns a client for openshift and kubernetes. The openshift client object must have authority to delete openshift content in any namespace The kubernetes client object must have authority to execute a finalize request on a namespace

func (*MasterConfig) PolicyClient added in v0.3.2

func (c *MasterConfig) PolicyClient() *osclient.Client

PolicyClient returns the policy client object It must have the following capabilities:

list, watch all policyBindings in all namespaces
list, watch all policies in all namespaces
create resourceAccessReviews in all namespaces

func (*MasterConfig) RouteAllocator added in v0.4.2

RouteAllocator returns a route allocation controller.

func (*MasterConfig) RouteAllocatorClients added in v0.6.1

func (c *MasterConfig) RouteAllocatorClients() (*osclient.Client, *kclient.Client)

func (*MasterConfig) Run added in v0.2.1

func (c *MasterConfig) Run(protected []APIInstaller, unprotected []APIInstaller)

Run launches the OpenShift master. It takes optional installers that may install additional endpoints into the server. All endpoints get configured CORS behavior Protected installers' endpoints are protected by API authentication and authorization. Unprotected installers' endpoints do not have any additional protection added.

func (*MasterConfig) RunAssetServer

func (c *MasterConfig) RunAssetServer()

RunAssetServer starts the asset server for the OpenShift UI.

func (*MasterConfig) RunBuildController

func (c *MasterConfig) RunBuildController()

RunBuildController starts the build sync loop for builds and buildConfig processing.

func (*MasterConfig) RunBuildImageChangeTriggerController added in v0.2.1

func (c *MasterConfig) RunBuildImageChangeTriggerController()

RunBuildImageChangeTriggerController starts the build image change trigger controller process.

func (*MasterConfig) RunBuildPodController added in v0.4.1

func (c *MasterConfig) RunBuildPodController()

RunBuildPodController starts the build/pod status sync loop for build status

func (*MasterConfig) RunDNSServer added in v0.4.2

func (c *MasterConfig) RunDNSServer()

RunDNSServer starts the DNS server

func (*MasterConfig) RunDeployerPodController added in v0.3.4

func (c *MasterConfig) RunDeployerPodController()

RunDeployerPodController starts the deployer pod controller process.

func (*MasterConfig) RunDeploymentConfigChangeController

func (c *MasterConfig) RunDeploymentConfigChangeController()

RunDeploymentConfigChangeController starts the deployment config change controller process.

func (*MasterConfig) RunDeploymentConfigController

func (c *MasterConfig) RunDeploymentConfigController()

RunDeploymentConfigController starts the deployment config controller process.

func (*MasterConfig) RunDeploymentController added in v0.2.1

func (c *MasterConfig) RunDeploymentController()

RunDeploymentController starts the deployment controller process.

func (*MasterConfig) RunDeploymentImageChangeTriggerController

func (c *MasterConfig) RunDeploymentImageChangeTriggerController()

RunDeploymentImageChangeTriggerController starts the image change trigger controller process.

func (*MasterConfig) RunImageImportController added in v0.4.2

func (c *MasterConfig) RunImageImportController()

RunImageImportController starts the image import trigger controller process.

func (*MasterConfig) RunOriginNamespaceController added in v0.4.2

func (c *MasterConfig) RunOriginNamespaceController()

RunOriginNamespaceController starts the controller that takes part in namespace termination of openshift content

func (*MasterConfig) RunPolicyCache added in v0.3.3

func (c *MasterConfig) RunPolicyCache()

RunPolicyCache starts the policy cache

func (*MasterConfig) RunProjectAuthorizationCache added in v0.3.2

func (c *MasterConfig) RunProjectAuthorizationCache()

RunProjectAuthorizationCache starts the project authorization cache

func (*MasterConfig) RunProjectCache added in v0.5.1

func (c *MasterConfig) RunProjectCache()

RunProjectCache populates project cache, used by scheduler and project admission controller.

func (*MasterConfig) RunSDNController added in v0.5.2

func (c *MasterConfig) RunSDNController()

RunSDNController runs openshift-sdn if the said network plugin is provided

func (*MasterConfig) RunSecurityAllocationController added in v0.5.4

func (c *MasterConfig) RunSecurityAllocationController()

RunSecurityAllocationController starts the security allocation controller process.

func (*MasterConfig) RunServiceAccountPullSecretsControllers added in v0.5.4

func (c *MasterConfig) RunServiceAccountPullSecretsControllers()

RunServiceAccountPullSecretsControllers starts the service account pull secret controllers

func (*MasterConfig) RunServiceAccountTokensController added in v0.5.3

func (c *MasterConfig) RunServiceAccountTokensController()

RunServiceAccountTokensController starts the service account token controller

func (*MasterConfig) RunServiceAccountsController added in v0.5.3

func (c *MasterConfig) RunServiceAccountsController()

RunServiceAccountsController starts the service account controller

func (*MasterConfig) SDNControllerClients added in v0.6.1

func (c *MasterConfig) SDNControllerClients() (*osclient.Client, *kclient.Client)

func (*MasterConfig) SdnClient added in v0.5.2

func (c *MasterConfig) SdnClient() *osclient.Client

SdnClient returns the sdn client object It must have the capability to get/list/watch/create/delete HostSubnets. And have the capability to get ClusterNetwork.

func (*MasterConfig) SecurityAllocationControllerClient added in v0.6.1

func (c *MasterConfig) SecurityAllocationControllerClient() *kclient.Client

func (*MasterConfig) ServiceAccountRoleBindingClient added in v0.5.4

func (c *MasterConfig) ServiceAccountRoleBindingClient() *osclient.Client

ServiceAccountRoleBindingClient returns the client object used to bind roles to service accounts It must have the following capabilities:

get, list, update, create policyBindings and clusterPolicyBindings in all namespaces

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL